From e7224c8f052abe15dc01613a52c35f8106e306e9 Mon Sep 17 00:00:00 2001
From: Anthony Whitford <anthony@whitford.com>
Date: Thu, 31 Dec 2015 09:25:44 -0800
Subject: [PATCH] StringBuilder allocation more precise.

---
 .../dependencycheck/data/update/nvd/NvdCve12Handler.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve12Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve12Handler.java
index 3375d3c7c..c47d5ddde 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve12Handler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve12Handler.java
@@ -111,7 +111,10 @@ public class NvdCve12Handler extends DefaultHandler {
                 /*yes yes, this may not actually be an "a" - it could be an OS, etc. but for our
                  purposes this is good enough as we won't use this if we don't find a corresponding "a"
                  in the nvd cve 2.0. */
-                final StringBuilder cpe = new StringBuilder();
+                final int cpeLen = 8 + vendor.length() + product.length()
+                    + (null != num ? (1 + num.length()) : 0)
+                    + (null != edition ? (1 + edition.length()) : 0);
+                final StringBuilder cpe = new StringBuilder(cpeLen);
                 cpe.append("cpe:/a:").append(vendor).append(':').append(product);
                 if (num != null) {
                     cpe.append(':').append(num);