Code review request: 8021789: jarsigner parses alias as command line option (depending on locale)

Vincent Ryan vincent.x.ryan at oracle.com
Thu Aug 1 11:05:44 UTC 2013


Your fix looks fine.

On 31 Jul 2013, at 08:04, Weijun Wang wrote:

> Hi All
> 
> Please review the fix at
> 
>  http://cr.openjdk.java.net/~weijun/8021789/webrev.00/
> 
> The problem is that jarsigner uses Collator::compare to check for command line options, and if that Collator uses Collator.PRIMARY as strength it treats "-debug" and "debug" the same (in some locales?). I have no idea how people depend on other features of Collator.PRIMARY, so I move the filename/alias check to the beginning of the long if block.
> 
> Also I fixed a small bug on empty argument. Of course, an empty argument is always useless but StringIndexOutOfBoundsException is not a friendly response.
> 
> Thanks
> Max




More information about the security-dev mailing list