Summary

ProcessBuilder, on Windows, may incorrectly encode arguments that start with double-quote (") and end with backslash followed by double-quote (\").

Problem

Previous changes made for issue JDK-8250568 unintentionally changed the behavior of ProcessBuilder.

Prior to 8250568, an argument that started and ended with a double-quote was identified as a quoted string and additional checks and encoding are based on that identification. With JDK-8250568, it additionally required that the character before the ending double-quote was not a backslash.

Arguments that are NOT identified as quoted but contain a quote anywhere in the string are encoded into the command line by adding additional first and last quotes and encoding embedded quotes as literal quotes by inserting an appropriate number of backslashes before the quote. The launched application parses the malformed command line and does not extract the argument originally passed.

ProcessBuilder has a lenient mode and a safe mode of encoding based on the system property jdk.lang.process.allowAmbiguousCommands. The change affected both modes.

The problem is present in supported releases 18, 17, 11, 8, and 7.

Solution

The identification of a quoted string is reverted to prior to JDK-8250568 and the encoding of arguments of quoted strings when allowAmbiguousCommands == false is modified to ensure the final quote can be parsed as matching the opening quote. Details below.

Specification

The behavior of ProcessBuilder.start() is modified with respect to the encoding of arguments into the command line passed to the created process.

In the default lenient handling of arguments, the check for what is quoted is reverted to prior to 8255068. First and last quotes are sufficient to identify a quoted string. The check, added by JDK-8250568, for a backslash ("\") before the final quote is removed.

When jdk.lang.Process.allowAmbiguousCommands == true, and the argument has first and last quotes, the argument is passed as is including the quotes.

When jdk.lang.Process.allowAmbiguousCommands == false and the argument has first and last quotes, and the executable program filename ends in ".exe" or does not contain a ".", an odd number of backslashes ("\") before the final quote must not allow the quote to be interpreted as a literal quote and be joined with the following argument. The argument is passed, including the quotes, by doubling the number of final backslashes, as per Microsoft Windows main function and command line arguments to prevent the interpretation of the quote as a literal. If there are no backslashes or an even number of backslashes, the argument is passed as is, including the quotes.