Hello
JDK-22 has modified ByteArrayInputStream.transferTo(OutputStream)
implementation for performing a defensive copy of the byte array when
the destination is not trusted (JDK-8321053). However, I was using the
previous implementation as a trick for reading the array without copy.
The reason is because we have millions of ByteArrayInputStream instances
when reading BLOBs from a database (e.g., geometries from a spatial
database), and some popular JDBC drivers implement
ResultSet.getBinaryStream(int) by reading all data in a byte[] array and
wrapping the array in a ByteArrayInputStream. As a cleaner replacement
for my old trick, would it be possible to add something like the
following method in ByteArrayInputStream?
/** * Returns the remaining content of this input stream as a
read-only buffer. * The sequence of remaining bytes in the buffer is
the same as the sequence * of bytes that would be returned by {@link
#readAllBytes()}. * * @return the remaining content of this input
stream, as a read-only buffer */ public synchronized ByteBuffer
asByteBuffer() { return ByteBuffer.wrap(buf, pos, count -
pos).slice().asReadOnlyBuffer(); }
The call to slice() is for blocking callers from accessing the bytes
before the current stream position. I assumed that it could be a
security issue. If this proposal is acceptable, I can create a pull request.
Thanks,
Martin
