From be74b1374d22b90f5a57aeb87e3a2131c4c87e93 Mon Sep 17 00:00:00 2001
From: michaelm <unknown>
Date: Tue, 12 Jan 2010 12:13:48 +0000
Subject: [PATCH] 6910590: Application can modify command array, in
 ProcessBuilder Summary: clone array returned by List.toArray() Reviewed-by:
 chegar, alanb

---
 src/share/classes/java/lang/ProcessBuilder.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/share/classes/java/lang/ProcessBuilder.java b/src/share/classes/java/lang/ProcessBuilder.java
index be24e8d82..228c75d8c 100644
--- a/src/share/classes/java/lang/ProcessBuilder.java
+++ b/src/share/classes/java/lang/ProcessBuilder.java
@@ -994,6 +994,8 @@ public final class ProcessBuilder
         // Must convert to array first -- a malicious user-supplied
         // list might try to circumvent the security check.
         String[] cmdarray = command.toArray(new String[command.size()]);
+        cmdarray = cmdarray.clone();
+
         for (String arg : cmdarray)
             if (arg == null)
                 throw new NullPointerException();
-- 
GitLab