Name: nt126004 Date: 11/06/2001


java version "1.4.0-beta3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta3-b84)
Java HotSpot(TM) Client VM (build 1.4.0-beta3-b84, mixed mode)

JDK 1.4b3 introduced the new methods "array" and "arrayOffset" to the class
java.nio.ByteBuffer. These methods are at odds with the existing method in
ByteBuffer called "asReadOnly" which is intended to allow the owner of a
ByteBuffer to create a read only view on the storage that backs the buffer.

In JDK 1.4b2, it was possible to allocate a ByteBuffer, push content into the
buffer, create a read only view of the buffer, and then send that read only
version of the buffer out to other packages or client code with a guarantee
that the client could not modify the contents of the buffer. Note that the
following code, which is now possible in JDK 1.4b3, enables modification of the
backing buffer of a read only ByteBuffer:

import java.nio.ByteBuffer;

public Class ByteExample {
public static void main(String[] args) {
// allocate a 1 byte buffer
ByteBuffer bb = ByteBuffer.allocate(1);

// push the bytes 'a'
bb.put((char) 'a');

// rewind the buffer
bb.rewind();

// create a read only view of the byte buffer
ByteBuffer bbRO = bb.asReadOnlyBuffer();

// !Here's the problem. It is now possible to get the backing
// array from the read only buffer, and change its contents.
// Note that the same byte array backs both bb and bbRO in
// this example!
byte[] ab = bbRO.array();

// Change the contents of the buffer from 'a' to 'b'
ab[0] = 'b'; // Ooops! Shouldn't be able to do this!
}
}
(Review ID: 134797)
======================================================================