Thank you for your review.
My apologies for sending an inappropriate request.
Cipher should not throw the ShortBufferException because the buffer is
enlarged before update() or doFinal(). The enlarged size is based on the
result of getOutputSize().
Even if I use the destination buffer, CipherInputStream allocates the new array.
Dai
On Tue, 17 Feb 2015 14:21:50 +0100
Florian Weimer <fwei...@redhat.com> wrote:
> On 02/17/2015 01:53 PM, Dai Nakanishi wrote:
> > + } catch (ShortBufferException e) {
> > + obuffer = null;
> > + throw new IOException(e);
> > }
>
> This doesn't look right to me. You need to enlarge the buffer and retry.
>
> If you really want to avoid allocations, you should use the destination
> buffer passed to the read() function if the slice end is equal to the
> array end. I expect that this is the usual case.
>
> By the way, I think such review requests should be sent to security-dev,
> not core-libs-dev.
>
> --
> Florian Weimer / Red Hat Product Security
