Author: markt
Date: Tue Apr 28 21:28:26 2015
New Revision: 1676634
URL: http://svn.apache.org/r1676634
Log:
Use a new object every time for security. Review by schultz.
Modified:
tomcat/trunk/java/org/apache/el/parser/AstValue.java
Modified: tomcat/trunk/java/org/apache/el/parser/AstValue.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/el/parser/AstValue.java?rev=1676634&r1=1676633&r2=1676634&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/el/parser/AstValue.java (original)
+++ tomcat/trunk/java/org/apache/el/parser/AstValue.java Tue Apr 28 21:28:26
2015
@@ -42,7 +42,6 @@ import org.apache.el.util.ReflectionUtil
public final class AstValue extends SimpleNode {
private static final Object[] EMPTY_ARRAY = new Object[0];
- private static final Object[] ARRAY_OF_SINGLE_NULL = new Object[1];
protected static class Target {
protected Object base;
@@ -292,7 +291,9 @@ public final class AstValue extends Simp
if (src == null) {
// Must be a varargs method with a single parameter.
- return ARRAY_OF_SINGLE_NULL;
+ // Use a new array every time since the called code could modify
the
+ // contents of the array
+ return new Object[1];
}
Object[] dest = new Object[paramCount];
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
