- 1
- 1
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with backslashes. Also, the ProcessBuilder may add quotes to arguments without doubling the number of preceding backslashes which gives funny results if one passes a path to a folder like c:\program files\ including the trailing backslash.
Microsoft's documentation of their command line tokenizer is available here: http://msdn.microsoft.com/en-us/library/a1y7w461.aspx
The issues I described are documented here: http://bugs.sun.com/view_bug.do?bug_id=6468220 https://bugs.java.com/bugdatabase/view_bug?bug_id=6468220 and http://bugs.sun.com/view_bug.do?bug_id=6518827 https://bugs.java.com/bugdatabase/view_bug?bug_id=6518827
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with backslashes. Also, the ProcessBuilder may add quotes to arguments without doubling the number of preceding backslashes which gives funny results if one passes a path to a folder like c:\program files\ including the trailing backslash.
Microsoft's documentation of their command line tokenizer is available here: http://msdn.microsoft.com/en-us/library/a1y7w461.aspx
The issues I described are documented here: http://bugs.sun.com/view_bug.do?bug_id=6468220 and http://bugs.sun.com/view_bug.do?bug_id=6518827
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with backslashes. Also, the ProcessBuilder may add quotes to arguments without doubling the number of preceding backslashes which gives funny results if one passes a path to a folder like c:\program files\ including the trailing backslash.
Microsoft's documentation of their command line tokenizer is available here: http://msdn.microsoft.com/en-us/library/a1y7w461.aspx
The issues I described are documented here: https://bugs.java.com/bugdatabase/view_bug?bug_id=6468220 and https://bugs.java.com/bugdatabase/view_bug?bug_id=6518827
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with a backslash as suggested bybackslashes. Also, the CommandLineToArgvW andProcessBuilder may add quotes to arguments without doubling the number of preceding backslashes themselves are also not prefixed bywhich gives funny results if one passes a path to a folder like c:\program files\ including the trailing backslash.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb776391%28v=vs.85%29.aspx Microsoft's documentation of their command line tokenizer is available here: http://msdn.microsoft.com/en-us/library/a1y7w461.aspx
The issues I described are documented here: http://bugs.sun.com/view_bug.do?bug_id=6468220 and http://bugs.sun.com/view_bug.do?bug_id=6518827
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with a backslash as suggested by the CommandLineToArgvW and backslashes themselves are also not prefixed by a backslash.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb776391%28v=vs.85%29.aspx
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with backslashes. Also, the ProcessBuilder may add quotes to arguments without doubling the number of preceding backslashes which gives funny results if one passes a path to a folder like c:\program files\ including the trailing backslash.
Microsoft's documentation of their command line tokenizer is available here: http://msdn.microsoft.com/en-us/library/a1y7w461.aspx
The issues I described are documented here: http://bugs.sun.com/view_bug.do?bug_id=6468220 and http://bugs.sun.com/view_bug.do?bug_id=6518827
On Windows, Runtime.exec(String[]) is unsafe as well. If the argument array contains the empty string, the empty argument is basically omitted which may lead to an invalid command line. Also, quotes within any of the arguments are not prefixed with a backslash as suggested by the CommandLineToArgvW and backslashes themselves are also not prefixed by a backslash.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb776391%28v=vs.85%29.aspx