JDK 9 RFR of 8148023: File.createTempFile is not adhering to the contract regarding file name lengths
Roger.Riggs at Oracle.com
Mon Dec 19 19:04:31 UTC 2016
- 1906: shortenSubName might reasonably return the new length without
creating the intermediate string and save on the allocation.
- generateFile() line 1922 + -- I assume this slow path is
Otherwise, the computations involving excess could be done
arithmetically without actually creating the string
and only create the name when the final length(s) are decided.
- line 1952: appending the generated name to the exception is ok but
it should omit the directory name;
its not salient to the error and might expose a sensitive directory
- getNameMax; the length could reasonably be just an int. Long seems
a bit excessive
and raises suspicion that something clever is going on when its just
a normal value.
(Though I see the native code uses jlong)
On 12/16/2016 4:31 PM, Brian Burkhalter wrote:
> Please review at your convenience.
> Issue: https://bugs.openjdk.java.net/browse/JDK-8148023
> Patch: http://cr.openjdk.java.net/~bpb/8148023/webrev.00/index.html
> The method was not adhering to the specification  and was creating long file names which caused failures on all platforms. The pertinent portion of the specification is:
> "To create the new file, the prefix and the suffix may first be adjusted to fit the limitations of the underlying platform. If the prefix is too long then it will be truncated, but its first three characters will always be preserved. If the suffix is too long then it too will be truncated, but if it begins with a period character ('.') then the period and the first three characters following it will always be preserved. Once these adjustments have been made the name of the new file will be generated by concatenating the prefix, five or more internally-generated characters, and the suffix."
> The code was updated to truncate the filename (leaf) portion of the path name to meet the platform file name component length constraints. The IO regression tests passed with this change on all platforms.
>  http://download.java.net/java/jdk9/docs/api/java/io/File.html#createTempFile-java.lang.String-java.lang.String-java.io.File-
More information about the core-libs-dev