Uploaded image for project: 'Spring Framework'
  1. Spring Framework
  2. SPR-7950

Workaround for Java bug in parsing specific decimal value

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web
    • Labels:
      None
    • Last commented by a User:
      false

      Description

      Current Java versions suffer from a nasty bug that will pretty much stall the entire VM when trying to parse the value into a BigDecimal or Double. So in case somebody pipes this into a Spring MVC form for example, the CustomNumberEditor will suffer from this vulnerability.

      Although Oracle seems to approach the issue now that it's publicly discussed, but users not able to upgrade to a very current version of Java will be affected.

      http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              olivergierke Oliver Gierke
              Last updater:
              Sam Brannen
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 18 weeks, 4 days ago