You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Dmitri Blinov (Jira)" <ji...@apache.org> on 2020/01/28 08:29:00 UTC
[jira] [Created] (JEXL-325) Potential race-condition in
NumberParser.toString()
Dmitri Blinov created JEXL-325:
----------------------------------
Summary: Potential race-condition in NumberParser.toString()
Key: JEXL-325
URL: https://issues.apache.org/jira/browse/JEXL-325
Project: Commons JEXL
Issue Type: Bug
Affects Versions: 3.1
Reporter: Dmitri Blinov
To format {{BigDecimal}} values the current implementation uses *static* instance of {{DecimalFormat}} class without synchronization, whereas according to Java doc Decimal formats are not synchronized and must be synchronized externally. There is also a dead branch on BigDecimal check. The suggestion is to change NumberParser.to String() to something as follows:
{code}
@Override
public String toString() {
if (literal == null || clazz == null || Double.isNaN(literal.doubleValue())) {
return "NaN";
}
if (BigDecimal.class.equals(clazz)) {
synchronized (BIGDF) {
return BIGDF.format(literal);
}
}
StringBuilder strb = new StringBuilder(literal.toString());
if (Float.class.equals(clazz)) {
strb.append('f');
} else if (Double.class.equals(clazz)) {
strb.append('d');
} else if (BigInteger.class.equals(clazz)) {
strb.append('h');
} else if (Long.class.equals(clazz)) {
strb.append('l');
}
return strb.toString();
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)