On Fri, 27 May 2022 14:38:27 GMT, Claes Redestad <[email protected]> wrote:
>> src/java.base/share/classes/java/lang/invoke/MethodHandles.java line 5266:
>>
>>> 5264: */
>>> 5265: public static MethodHandle dropArguments(MethodHandle target, int
>>> pos, List<Class<?>> valueTypes) {
>>> 5266: return dropArguments(target, pos, valueTypes.toArray(new
>>> Class<?>[0]).clone(), true);
>>
>> Isn't this call to `clone()` unnecessary, as `valueTypes.toArray` should
>> either return the passed empty array, or a newly created array?
>
> It might be a bit too paranoid in this instance (since we don't keep the
> array around for long), but not cloning the result of calling `toArray` on an
> arbitrary and possibly adversary `List` could open up for TOCTOU race bugs /
> attacks. The existing code was being paranoid and copying and I don't want to
> weaken something that could have security implications without double- and
> triple-checking that it's safe to do so.
You can probably call the `dropArguments` with `false` for `trusted` instead.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8923
