On Sat, 4 Jun 2022 13:46:10 GMT, Alexander Zuev <kiz...@openjdk.org> wrote:
> No, because determining the correct length of the message will require > basically to parse it all, the correct length could be a 2 bytes or hundreds > of bytes - in order to determine we have to process the message completely. There are 64 usages of `data` in that method most of them use constants like 1/2/3 and other usages are in the loops, both can be easily checked. There is also code like ` int[] destinations = new int[(data.length - 7) / 2];` which could cause the NegativeArrayException, or probably some others. It s better to check the out of bands access before access than to have a try/catch block for 300 lines of code. ------------- PR: https://git.openjdk.java.net/jdk/pull/9016
