You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by st...@apache.org on 2011/02/05 19:31:44 UTC
svn commit: r1067478 - in /myfaces/core/trunk/api/src:
main/java/javax/faces/convert/DoubleConverter.java
test/java/javax/faces/convert/DoubleConverterTest.java
Author: struberg
Date: Sat Feb 5 18:31:44 2011
New Revision: 1067478
URL: http://svn.apache.org/viewvc?rev=1067478&view=rev
Log:
MYFACES-3024 fix a possible DOS issue with special double values
We might remove this hack once the problem got fixed in
widely available jvms.
Modified:
myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java
myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java
Modified: myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java?rev=1067478&r1=1067477&r2=1067478&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/convert/DoubleConverter.java Sat Feb 5 18:31:44 2011
@@ -128,7 +128,33 @@ public class DoubleConverter
return value;
}
- private Double stringToDouble(String value) {
+ private Double stringToDouble(String value)
+ {
+ // this is a special hack for a jvm vulnerability with
+ // converting some special double values.
+ // e.g. "2.225073858507201200000e-308"
+ // see MYFACES-3024 for further information
+ // TODO we can remove this hack, once this got fixed in the jvm!
+ if (value.length() >= 23)
+ {
+ StringBuffer normalized = new StringBuffer();
+ for (int i=0; i< value.length(); i++)
+ {
+ char c = value.charAt(i);
+ if ( c != '.')
+ {
+ normalized.append(c);
+ }
+ }
+ if (normalized.toString().contains("22250738585072012"))
+ {
+ // oops, baaad value!
+ // this is so low, that we just return zero instead...
+ return 0.0d;
+ }
+ }
+
+
return Double.valueOf(value);
}
Modified: myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java?rev=1067478&r1=1067477&r2=1067478&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java (original)
+++ myfaces/core/trunk/api/src/test/java/javax/faces/convert/DoubleConverterTest.java Sat Feb 5 18:31:44 2011
@@ -56,7 +56,7 @@ public class DoubleConverterTest extends
/**
* the focus here is on the comma separator ',' in germany.
*/
- @Test(timeout = 2000L)
+ @Test
public void testDoubleParsingGermany()
{
FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.GERMANY);
@@ -86,7 +86,7 @@ public class DoubleConverterTest extends
/**
* the focus here is on the comma separator '.' in the US.
*/
- @Test(timeout = 2000L)
+ @Test
public void testDoubleParsingUS()
{
FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.US);
@@ -111,8 +111,40 @@ public class DoubleConverterTest extends
}
}
+ }
+
+ /**
+ * This tests a workaround which got introduced for the jvm bug
+ * described in MYFACES-3024. This is necessary as long as the jvm
+ * contains this bug resulting in the whole thread basically stalling
+ * at 100% CPU conumption and never return from the
+ * @link http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
+ *
+ *
+ */
+ @Test
+ public void testDoubleParsingJvmBugWorkaround()
+ {
+ String[] baaadValues = new String[] {
+ "0.00022250738585072012e-304",
+ "2.225073858507201200000e-308",
+ "2.225073858507201200000e-308",
+ "2.2250738585072012e-00308",
+ "2.2250738585072012997800001e-308"
+ };
+
+ FacesContext.getCurrentInstance().getViewRoot().setLocale(Locale.US);
+ UIInput input = new UIInput();
+ Double d;
+
+ for (String badVal : baaadValues)
+ {
+ d = (Double) mock.getAsObject(FacesContext.getCurrentInstance(), input, badVal);
+ assertNotNull(d);
+ }
}
+
}