On Tue, 4 Feb 2025 06:37:48 GMT, Claes Redestad <redes...@openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/AbstractStringBuilder.java line 845:
>>
>>> 843: int spaceNeeded = count + DecimalDigits.stringSize(i);
>>> 844: byte[] value = ensureCapacityInternal(spaceNeeded);
>>> 845: if (isLatin1()) {
>>
>> This is not safe. The ensureCapacityInternal can read coder == LATIN1 and
>> allocate a small array, but this `isLatin1` can read coder == UTF16 and
>> write a UTF16 number out of bounds.
>
> A check that `spaceNeeded <= (value.length >> 1)` in the `else` branch would
> be needed and might be a sufficient safeguard here.
I made further improvements to improve the thread safety of the coder by
passing the newCapacity method into the coder. I think this should be safe
enough.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23427#discussion_r1941221475
