On Tue, 30 Sep 2025 17:47:12 GMT, Alan Bateman <[email protected]> wrote:
>> src/java.base/share/classes/java/lang/ClassLoader.java line 1075:
>>
>>> 1073: }
>>> 1074:
>>> 1075: private Class<?> defineClass(String name, ByteBuffer b, int len,
>>> ProtectionDomain pb) {
>>
>> Is an additional method really needed?
>> Couldn't we just add a new local `ByteBuffer` reference, point it to either
>> `b` (if trusted) or the newly allocated BB if not, and continue as before,
>> passing the new reference to `defineClass2()`?
>
> The separate method keeps it easier to audit (and review) so I'd prefer to
> keep it as proposed. It is very possible that we will have additional cases
> to trust in the future and it would complicated the conditions in the caller
> if everything is in one method.
Why is the ProtectionDomain named `pb` instead of `pd`? What does `b` stand for?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27569#discussion_r2392695851
