On Sat, May 9, 2015 at 10:07 AM, Ivan Gerasimov <ivan.gerasi...@oracle.com> wrote:
> Thank you Alan for the pointer! > > I marked my bug as yet another duplicate of JDK-6813523. > It's not clear, why Martin's fix hadn't been pushed then. > Martin can you recollect if there were any concerns? > It's absolutely true that I dropped the ball on this in jdk8, discouraged by David's message here: http://mail.openjdk.java.net/pipermail/core-libs-dev/2013-May/017174.html No one seemed to want to tackle the issue that caling getChars with an evil charsequence could result in the char[] being retained with possible nefarious consequences. David (or others), do you have an opinion on what we *should* do, if anything? Should we be writing ugliferous code of the form if (charSequence.getClass().getClassLoader() == null) /* trusted */ use getChars() (High level: I feel that trying to have untrusted code coexist safely in the same process with trusted code hasn't really worked out for Java) > Sincerely yours, > Ivan > > > On 09.05.2015 19:14, Alan Bateman wrote: > >> On 09/05/2015 17:03, Ivan Gerasimov wrote: >> >>> Hi everyone! >>> >>> The String class has getChars(int srcBegin, int srcEnd, char[] dst, int >>> dstBegin) which is used to efficiently extract substrings, avoiding >>> unnecessary copying. >>> >> >> This has come up a few times, here's the last thread (and patch) that I >> could find: >> >> >> http://mail.openjdk.java.net/pipermail/core-libs-dev/2013-April/015889.html >> >> >> >
