On Thu, 15 Aug 2024 16:23:18 GMT, Dhamoder Nalla <dhana...@openjdk.org> wrote:
> Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code > across the OpenJDK repository to retrieve the temporary directory path, as > GetTempPath2 provides enhanced security. While GetTempPath may still function > without errors, using GetTempPath2 reduces the risk of potential exploits for > users. > > > The code to dynamically load GetTempPath2 is duplicated due to the following > reasons. I would appreciate any suggestions to remove the duplication where > possible: > > 1. The changes span across four different folders—java.base, jdk.package, > jdk.attach, and hotspot—with no shared code between them. > 2. Some parts of the code use version A, while others use version W (ANSI vs. > Unicode). > 3. Some parts of the code are written in C others in C++. src/hotspot/os/windows/os_windows.cpp line 1522: > 1520: const char* os::get_temp_directory() { > 1521: static char path_buf[MAX_PATH]; > 1522: if (_GetTempPath2A != nullptr) { Where does _GetTempPath2A get initialized? src/hotspot/os/windows/os_windows.cpp line 1525: > 1523: if (_GetTempPath2A(MAX_PATH, path_buf) > 0) { > 1524: return path_buf; > 1525: } Need to indent line 1524. src/hotspot/os/windows/os_windows.cpp line 1527: > 1525: } > 1526: } > 1527: else if (GetTempPath(MAX_PATH, path_buf) > 0) { Suggestion: } else if (GetTempPath(MAX_PATH, path_buf) > 0) { ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718830564 PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718831669 PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718832664