Spring Framework
  1. Spring Framework
  2. SPR-7950

Workaround for Java bug in parsing specific decimal value

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web
    • Labels:
      None
    • Last commented by a User:
      false

      Description

      Current Java versions suffer from a nasty bug that will pretty much stall the entire VM when trying to parse the value into a BigDecimal or Double. So in case somebody pipes this into a Spring MVC form for example, the CustomNumberEditor will suffer from this vulnerability.

      Although Oracle seems to approach the issue now that it's publicly discussed, but users not able to upgrade to a very current version of Java will be affected.

      http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/

        Activity

        Oliver Gierke created issue -
        Chris Beams made changes -
        Field Original Value New Value
        Labels waiting-for-triage
        Trevor Marshall made changes -
        Workflow SPR Workflow [ 45440 ] New SPR Workflow [ 65154 ]
        Trevor Marshall made changes -
        Workflow New SPR Workflow [ 65154 ] SPR Workflow [ 74586 ]
        Juergen Hoeller made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]
        Sam Brannen made changes -
        Labels waiting-for-triage

          People

          • Assignee:
            Unassigned
            Reporter:
            Oliver Gierke
            Last updater:
            Sam Brannen
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 14 weeks, 1 day ago