On Wed, 23 Jun 2021 19:32:11 GMT, Alexander Zuev <kiz...@openjdk.org> wrote:
>> src/java.desktop/share/classes/javax/swing/JPasswordField.java line 514:
>>
>>> 512: public String getAtIndex(int part, int index) {
>>> 513: if (part == AccessibleText.CHARACTER) {
>>> 514: return getEchoString(super.getAtIndex(part, index));
>>
>> I don't see how removing the local variable changes anything. Explanation ??
>
> Here it is just a slight code cleanup. We do not need additional variable for
> passing value from one method to another. It serves no other purpose at all.
> It was used before on the second leg of the if but the usage was removed so
> it became useless.
If this is about security, I don’t see how it might help. There is a chance
that the heap dump might capture the content of the local variable. If you
submit your heap dump to someone, whom you do not trust, I have bad news for
you.
The probability of the heap dump to capture a local variable is more than zero.
True, but less than probable.
I don’t know if calling same methods in a single line makes this control more
secure (if we take the situation that the heap dump pauses an execution of the
thread exactly at our „moment of time“). I am not a member of the project JDK,
but I doubt that this PR solves something.
To me, an additional local variable adds better supportability (debugging) to
this code. Otherwise everything should be put into a single fat method.
-------------
PR: https://git.openjdk.java.net/jdk17/pull/127
