On Fri, 27 May 2022 14:38:27 GMT, Claes Redestad <redes...@openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/invoke/MethodHandles.java line 5266: >> >>> 5264: */ >>> 5265: public static MethodHandle dropArguments(MethodHandle target, int >>> pos, List<Class<?>> valueTypes) { >>> 5266: return dropArguments(target, pos, valueTypes.toArray(new >>> Class<?>[0]).clone(), true); >> >> Isn't this call to `clone()` unnecessary, as `valueTypes.toArray` should >> either return the passed empty array, or a newly created array? > > It might be a bit too paranoid in this instance (since we don't keep the > array around for long), but not cloning the result of calling `toArray` on an > arbitrary and possibly adversary `List` could open up for TOCTOU race bugs / > attacks. The existing code was being paranoid and copying and I don't want to > weaken something that could have security implications without double- and > triple-checking that it's safe to do so. You can probably call the `dropArguments` with `false` for `trusted` instead. ------------- PR: https://git.openjdk.java.net/jdk/pull/8923