diff --git a/core/src/com/google/zxing/oned/Code93Reader.java b/core/src/com/google/zxing/oned/Code93Reader.java
index a9529ea01..8f49d3352 100644
--- a/core/src/com/google/zxing/oned/Code93Reader.java
+++ b/core/src/com/google/zxing/oned/Code93Reader.java
@@ -186,6 +186,9 @@ public final class Code93Reader extends OneDReader {
     for (int i = 0; i < length; i++) {
       char c = encoded.charAt(i);
       if (c >= 'a' && c <= 'd') {
+        if (i >= length - 1) {
+          throw FormatException.getFormatInstance();
+        }
         char next = encoded.charAt(i + 1);
         char decodedChar = '\0';
         switch (c) {
diff --git a/zxingorg/src/com/google/zxing/web/DecodeServlet.java b/zxingorg/src/com/google/zxing/web/DecodeServlet.java
index 198ffbb4f..ba96c4e38 100644
--- a/zxingorg/src/com/google/zxing/web/DecodeServlet.java
+++ b/zxingorg/src/com/google/zxing/web/DecodeServlet.java
@@ -45,8 +45,10 @@ import java.io.InputStream;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -129,18 +131,34 @@ public final class DecodeServlet extends HttpServlet {
       imageURIString = "http://" + imageURIString;
     }
 
-    URI imageURI;
+    URL imageURL;
     try {
-      imageURI = new URI(imageURIString);
+      imageURL = new URI(imageURIString).toURL();
     } catch (URISyntaxException urise) {
       if (log.isLoggable(Level.FINE)) {
         log.fine("URI was not valid: " + imageURIString);
       }
       response.sendRedirect("badurl.jspx");
       return;
+    } catch (MalformedURLException mue) {
+      if (log.isLoggable(Level.FINE)) {
+        log.fine("URI was not valid: " + imageURIString);
+      }
+      response.sendRedirect("badurl.jspx");
+      return;
+    }
+
+    HttpURLConnection connection;
+    try {
+      connection = (HttpURLConnection) imageURL.openConnection();
+    } catch (IllegalArgumentException iae) {
+      if (log.isLoggable(Level.FINE)) {
+        log.fine("URI could not be opened: " + imageURL);
+      }
+      response.sendRedirect("badurl.jspx");
+      return;
     }
 
-    HttpURLConnection connection = (HttpURLConnection) imageURI.toURL().openConnection();
     connection.setAllowUserInteraction(false);
     connection.setReadTimeout(5000);
     connection.setConnectTimeout(5000);
@@ -182,7 +200,7 @@ public final class DecodeServlet extends HttpServlet {
           return;
         }
 
-        log.info("Decoding " + imageURI);
+        log.info("Decoding " + imageURL);
         processStream(is, request, response);
 
       } catch (IOException ioe) {