You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by st...@apache.org on 2011/02/05 19:31:44 UTC

svn commit: r1067478 - in /myfaces/core/trunk/api/src: main/java/javax/faces/convert/DoubleConverter.java test/java/javax/faces/convert/DoubleConverterTest.java

Author: struberg
Date: Sat Feb  5 18:31:44 2011
New Revision: 1067478

URL: http://svn.apache.org/viewvc?rev=1067478&view=rev
Log:
MYFACES-3024 fix a possible DOS issue with special double values

We might remove this hack once the problem got fixed in 
widely available jvms.

Modified:
    myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java
    myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java?rev=1067478&r1=1067477&r2=1067478&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java Sat Feb  5 18:31:44 2011
@@ -128,7 +128,33 @@ public class DoubleConverter
         return value;
     }
 
-    private Double stringToDouble(String value) {
+    private Double stringToDouble(String value)
+    {
+        // this is a special hack for a jvm vulnerability with
+        // converting some special double values.
+        // e.g. "2.225073858507201200000e-308"
+        // see MYFACES-3024 for further information
+        // TODO we can remove this hack, once this got fixed in the jvm!
+        if (value.length() >= 23)
+        {
+            StringBuffer normalized = new StringBuffer();
+            for (int i=0; i< value.length(); i++)
+            {
+                char c = value.charAt(i);
+                if ( c != '.')
+                {
+                    normalized.append(c);
+                }
+            }
+            if (normalized.toString().contains("22250738585072012"))
+            {
+                // oops, baaad value!
+                // this is so low, that we just return zero instead...
+                return 0.0d;
+            }
+        }
+
+
         return Double.valueOf(value);
     }
 

Modified: myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java?rev=1067478&r1=1067477&r2=1067478&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java (original)
+++ myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java Sat Feb  5 18:31:44 2011
@@ -56,7 +56,7 @@ public class DoubleConverterTest extends
     /**
      * the focus here is on the comma separator ',' in germany.
      */
-    @Test(timeout = 2000L)
+    @Test
     public void testDoubleParsingGermany()
     {
         FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.GERMANY);
@@ -86,7 +86,7 @@ public class DoubleConverterTest extends
     /**
      * the focus here is on the comma separator '.' in the US.
      */
-    @Test(timeout = 2000L)
+    @Test
     public void testDoubleParsingUS()
     {
         FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.US);
@@ -111,8 +111,40 @@ public class DoubleConverterTest extends
             }
 
         }
+    }
+
 
+    /**
+     * This tests a workaround which got introduced for the jvm bug
+     * described in MYFACES-3024. This is necessary as long as the jvm
+     * contains this bug resulting in the whole thread basically stalling
+     * at 100% CPU conumption and never return from the
+     * @link http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
+     *
+     *
+     */
+    @Test
+    public void testDoubleParsingJvmBugWorkaround()
+    {
+        String[] baaadValues = new String[] {
+                "0.00022250738585072012e-304",
+                "2.225073858507201200000e-308",
+                "2.225073858507201200000e-308",
+                "2.2250738585072012e-00308",
+                "2.2250738585072012997800001e-308"
+        };
+
+        FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.US);
+        UIInput input = new UIInput();
+        Double d;
+
+        for (String badVal : baaadValues)
+        {
+            d = (Double) mock.getAsObject(FacesContext.getCurrentInstance(), input, badVal);
+            assertNotNull(d);
+        }
     }
 
 
+
 }