On Fri, 22 Nov 2024 14:09:34 GMT, Volkan Yazıcı <d...@openjdk.org> wrote:
>> Some further cleaning in the legacy HTTP implementation.
>> Usual removal of doPrivileged, GetPropertyAction, checkPermission, etc...
>>
>> I also took the opportunity to also remove some constructors that were never
>> called in the legacy HttpClient, and to fix some throws signatures.
>
> src/java.base/share/classes/sun/net/www/http/KeepAliveStreamCleaner.java line
> 65:
>
>> 63: static {
>> 64: final String maxDataKey = "http.KeepAlive.remainingData";
>> 65: MAX_DATA_REMAINING = NetProperties.getInteger(maxDataKey, 512) *
>> 1024;
>
> I don't know the context, but `Math.multiplyExact()` can be a safer
> alternative.
What happens if we overflow is that we will not try to discard any data from
the keep alive stream, exactly as if a negative or zero value had been
provided. That said, the KeepAliveStream compares that with `expected`, which
is a long, so `MAX_DATA_REMAINING` should really be a long, not an int, and
given that the property value is an int, that would prevent any overflow. I
might just do that.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22321#discussion_r1854044210
