Mercurial > hg > release > icedtea7-forest-2.2 > jdk

changeset 2392:c80b6350de63

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6910590: Application can modify command array, in ProcessBuilder Summary: clone array returned by List.toArray() Reviewed-by: chegar, alanb
author michaelm
date Tue, 12 Jan 2010 12:13:48 +0000
parents 3dabb7d5be98
children 0667ab707c48
files src/share/classes/java/lang/ProcessBuilder.java
diffstat 1 files changed, 2 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/java/lang/ProcessBuilder.java	Tue Dec 22 17:56:58 2009 +0300
+++ b/src/share/classes/java/lang/ProcessBuilder.java	Tue Jan 12 12:13:48 2010 +0000
@@ -994,6 +994,8 @@
         // Must convert to array first -- a malicious user-supplied
         // list might try to circumvent the security check.
         String[] cmdarray = command.toArray(new String[command.size()]);
+        cmdarray = cmdarray.clone();
+
         for (String arg : cmdarray)
             if (arg == null)
                 throw new NullPointerException();