There are also few array clonings like the following:
@@ -485,7 +485,7 @@
* @return java.net.URL[]
*/
public URL[] getURLs() {
- return orgUrls;
+ return orgUrls.clone();
}
This will definitely increase the code stability but could cause
performance degradation.
AFAIU this particular fix concerns j.l.URLClassLoader, so this might
be security hole as well. Anyway, let's first get code right, then
tune if needed.
Should we accept or decline all such cases or should discuss them one by one.
I would accept such changes.
Thoughts?
BTW the patch passes all the unit tests.
SY, Alexey
P.S. I'll apply the patch without first mentioned hunk to not to loose
the code compatibility with the huge patch.
