On Thu, 15 Aug 2024 16:23:18 GMT, Dhamoder Nalla <[email protected]> wrote:
> Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code
> across the OpenJDK repository to retrieve the temporary directory path, as
> GetTempPath2 provides enhanced security. While GetTempPath may still function
> without errors, using GetTempPath2 reduces the risk of potential exploits for
> users.
>
>
> The code to dynamically load GetTempPath2 is duplicated due to the following
> reasons. I would appreciate any suggestions to remove the duplication where
> possible:
>
> 1. The changes span across four different folders—java.base, jdk.package,
> jdk.attach, and hotspot—with no shared code between them.
> 2. Some parts of the code use version A, while others use version W (ANSI vs.
> Unicode).
> 3. Some parts of the code are written in C others in C++.
src/hotspot/os/windows/os_windows.cpp line 1522:
> 1520: const char* os::get_temp_directory() {
> 1521: static char path_buf[MAX_PATH];
> 1522: if (_GetTempPath2A != nullptr) {
Where does _GetTempPath2A get initialized?
src/hotspot/os/windows/os_windows.cpp line 1525:
> 1523: if (_GetTempPath2A(MAX_PATH, path_buf) > 0) {
> 1524: return path_buf;
> 1525: }
Need to indent line 1524.
src/hotspot/os/windows/os_windows.cpp line 1527:
> 1525: }
> 1526: }
> 1527: else if (GetTempPath(MAX_PATH, path_buf) > 0) {
Suggestion:
} else if (GetTempPath(MAX_PATH, path_buf) > 0) {
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718830564
PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718831669
PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718832664
