On Fri, 16 Apr 2021 23:02:33 GMT, Peter Levart <plev...@openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/String.java line 3254: >> >>> 3252: >>> 3253: byte[] value = StringConcatHelper.newArray(((long) icoder << >>> 32) | llen); >>> 3254: int off = 0; >> >> StringConcatHelper.newArray() can double the length (based on the coder) and >> it is then truncated to 32 bits when passed to >> UNSAFE.allocatlUnitializedArray. >> The test of length above only ensures llen can be truncated to 32 bits >> without loss of data. > > I thought about that, yes. And I think we have to do the check for the > doubled length before calling the newArray. I checked the StringJoinerTest > and it only deals with ascii strings unfortunately. Will have to add a test > for that too... I do the checks before calling `StringConcatHelper.newArray()` now and pass a long value to it that already holds the number of bytes needed and where the upper 32 bits (coder) is always 0. ------------- PR: https://git.openjdk.java.net/jdk/pull/3501