FULL PRODUCT VERSION : java version " 1.7.0_07 " Java(TM) SE Runtime Environment (build 1.7.0_07-b11) Java HotSpot(TM) 64-Bit Server VM (build 23.3-b01, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7601] A DESCRIPTION OF THE PROBLEM : java.io.File.createTempFile() can enter into an infinite loop if passed bad arguments. Rather than entering an infinite loop, it should throw an Exception to indicate that bad arguments had been passed. This potentially could result in a denial of service - suppose some program provides a way to vary the arguments passed to createTempFile() - admittedly not good practice, and possibly a securtiy issue in itself - but suppose such a program existed, one could cause it to enter an infinite loop by providing bad arguments. createTempFile() should check its arguments for directory separators (i.e. / or \) STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : 1) Compile the program provided below with javac 2) Run the program with java EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - createTempFile() should throw an exception to indicate bad arguments were passed ACTUAL - Enters an infinite loop and never returns ERROR MESSAGES/STACK TRACES THAT OCCUR : No error message REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- public class BugRepo { public static void main(String[] args) throws Exception { java.io.File.createTempFile( " ///../// " , " ///..///.. " ); } } ---------- END SOURCE ---------- CUSTOMER SUBMITTED WORKAROUND : If one is concerned about this, wrap File.createTempFile() in a wrapper which checks the validity of its arguments.