On Wed, 29 Nov 2023 19:55:09 GMT, Alan Bateman <al...@openjdk.org> wrote:
>> src/java.base/share/classes/java/io/BufferedInputStream.java line 653: >> >>> 651: byte[] buffer = Arrays.copyOfRange(getBufIfOpen(), >>> pos, count); >>> 652: out.write(buffer); >>> 653: } >> >> Suggestion: >> >> out.write(getBufIfOpen(), pos, count); >> >> >> What do you think of passing the buffer as is? >> `ByteArrayInputStream` passes the buffer without extra copies anyway: >> https://github.com/openjdk/jdk/blob/9a6ca233c7e91ffa2ce9451568b3be88ccd04504/src/java.base/share/classes/java/io/ByteArrayInputStream.java#L207-L213 > >> What do you think of passing the buffer as is? > > No, it should only do for trusted targets. BAIS has an issue in that area > that should be fixed. The buffer in question is protected, so any subclass can directly access it. In other words, untrusted code can easily acoess the buffer, and it does not sound fair to add extra overhead to the method which was created for the performance reasons. Does copyOfRange do any good here? Do you mean JDK should copy every buffer it passes to non-JDK code? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/16879#discussion_r1409810571
