You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2011/03/11 20:13:59 UTC
[jira] Created: (DERBY-5126) Add Derby test case for CVE-2010-4476
- Java Runtime Environment hangs when converting "2.2250738585072012e-308"
to a binary floating-point number
Add Derby test case for CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number
--------------------------------------------------------------------------------------------------------------------------------------------------
Key: DERBY-5126
URL: https://issues.apache.org/jira/browse/DERBY-5126
Project: Derby
Issue Type: Improvement
Components: Test
Reporter: Kathey Marsden
There is a known serious JVM issue with both Sun and IBM JVM's that can cause a hang with the following code and perhaps other cases:
public class ReproCVE20104476 {
private static final String PROBLEM_NUMBER_STRING="2.2250738585072012e-308" ;
public static void main(String[] args) throws Exception {
Class.forName("org.apache.derby.jdbc.EmbeddedDriver");
Connection conn = DriverManager.getConnection("jdbc:derby:wombat;create=true");
// clean up from a previous run
Statement s = conn.createStatement();
try {
s.executeUpdate("DROP TABLE T");
} catch (SQLException se) {
if (!se.getSQLState().equals("42Y55"))
throw se;
}
s.executeUpdate("CREATE TABLE T (d1 VARCHAR(30))");
PreparedStatement ps = conn.prepareStatement("INSERT INTO T VALUES (?)");
ps.setString(1, PROBLEM_NUMBER_STRING);
ps.executeUpdate();
ResultSet rs = s.executeQuery("SELECT * from T");
rs.next();
double d = rs.getDouble(1);
System.out.println("double value = " + d);
}
}
The IBM announcement and fix is here:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
There is a link from that page to the Oracle announcement.
I am not sure yet if Mac or other JVM's are affected.
I would like to check a regression test into trunk at some point soon, but this will require that all people running Derby tests upgrade their JVM's, so want to set a reasonable deadline. Does April 15 sound reasonable? Also are there any JVM's/platforms that should be excluded because there is not a fix available yet?
Thanks
Kathey
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-5126) ResultSet.getDouble() on a character
or varchar column with some values will hang on JVM's impacted by
CVE-2010-4476 - Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number
Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kathey Marsden updated DERBY-5126:
----------------------------------
Issue Type: Bug (was: Improvement)
Summary: ResultSet.getDouble() on a character or varchar column with some values will hang on JVM's impacted by CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number (was: Add Derby test case for CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number)
I changed the description to better describe the Derby impact. I will close this issue invalid as soon as I add the test.
> ResultSet.getDouble() on a character or varchar column with some values will hang on JVM's impacted by CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5126
> URL: https://issues.apache.org/jira/browse/DERBY-5126
> Project: Derby
> Issue Type: Bug
> Components: Test
> Reporter: Kathey Marsden
> Attachments: ReproCVE20104476.java
>
>
> There is a known serious JVM issue with both Sun and IBM JVM's that can cause a hang with the following code and perhaps other cases:
> public class ReproCVE20104476 {
> private static final String PROBLEM_NUMBER_STRING="2.2250738585072012e-308" ;
> public static void main(String[] args) throws Exception {
> Class.forName("org.apache.derby.jdbc.EmbeddedDriver");
> Connection conn = DriverManager.getConnection("jdbc:derby:wombat;create=true");
> // clean up from a previous run
> Statement s = conn.createStatement();
> try {
> s.executeUpdate("DROP TABLE T");
> } catch (SQLException se) {
> if (!se.getSQLState().equals("42Y55"))
> throw se;
> }
> s.executeUpdate("CREATE TABLE T (d1 VARCHAR(30))");
> PreparedStatement ps = conn.prepareStatement("INSERT INTO T VALUES (?)");
> ps.setString(1, PROBLEM_NUMBER_STRING);
> ps.executeUpdate();
> ResultSet rs = s.executeQuery("SELECT * from T");
> rs.next();
> double d = rs.getDouble(1);
> System.out.println("double value = " + d);
> }
> }
> The IBM announcement and fix is here:
> http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
> There is a link from that page to the Oracle announcement.
> I am not sure yet if Mac or other JVM's are affected.
> I would like to check a regression test into trunk at some point soon, but this will require that all people running Derby tests upgrade their JVM's, so want to set a reasonable deadline. Does April 15 sound reasonable? Also are there any JVM's/platforms that should be excluded because there is not a fix available yet?
> Thanks
> Kathey
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (DERBY-5126) ResultSet.getDouble() on a character
or varchar column with some values will hang on JVM's impacted by
CVE-2010-4476 - Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number
Posted by "Kathey Marsden (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kathey Marsden resolved DERBY-5126.
-----------------------------------
Resolution: Invalid
Closing Invalid as this was a JVM issue
> ResultSet.getDouble() on a character or varchar column with some values will hang on JVM's impacted by CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5126
> URL: https://issues.apache.org/jira/browse/DERBY-5126
> Project: Derby
> Issue Type: Bug
> Components: Test
> Reporter: Kathey Marsden
> Attachments: ReproCVE20104476.java
>
>
> There is a known serious JVM issue with both Sun and IBM JVM's that can cause a hang with the following code and perhaps other cases:
> public class ReproCVE20104476 {
> private static final String PROBLEM_NUMBER_STRING="2.2250738585072012e-308" ;
> public static void main(String[] args) throws Exception {
> Class.forName("org.apache.derby.jdbc.EmbeddedDriver");
> Connection conn = DriverManager.getConnection("jdbc:derby:wombat;create=true");
> // clean up from a previous run
> Statement s = conn.createStatement();
> try {
> s.executeUpdate("DROP TABLE T");
> } catch (SQLException se) {
> if (!se.getSQLState().equals("42Y55"))
> throw se;
> }
> s.executeUpdate("CREATE TABLE T (d1 VARCHAR(30))");
> PreparedStatement ps = conn.prepareStatement("INSERT INTO T VALUES (?)");
> ps.setString(1, PROBLEM_NUMBER_STRING);
> ps.executeUpdate();
> ResultSet rs = s.executeQuery("SELECT * from T");
> rs.next();
> double d = rs.getDouble(1);
> System.out.println("double value = " + d);
> }
> }
> The IBM announcement and fix is here:
> http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
> There is a link from that page to the Oracle announcement.
> I am not sure yet if Mac or other JVM's are affected.
> I would like to check a regression test into trunk at some point soon, but this will require that all people running Derby tests upgrade their JVM's, so want to set a reasonable deadline. Does April 15 sound reasonable? Also are there any JVM's/platforms that should be excluded because there is not a fix available yet?
> Thanks
> Kathey
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-5126) Add Derby test case for
CVE-2010-4476 - Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number
Posted by "Dag H. Wanvik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13008418#comment-13008418 ]
Dag H. Wanvik commented on DERBY-5126:
--------------------------------------
I am not sure I understand why we need to add a test case for this to Derby. In my view, this is a JDK error, not a Derby error.
Do we propose to make Derby refuse to run on the vulnerable JDKs? If not, I think the tests should be able to run on such JDKs as well. A proper notice in the release notes would suffice, IMHO.
> Add Derby test case for CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5126
> URL: https://issues.apache.org/jira/browse/DERBY-5126
> Project: Derby
> Issue Type: Improvement
> Components: Test
> Reporter: Kathey Marsden
> Attachments: ReproCVE20104476.java
>
>
> There is a known serious JVM issue with both Sun and IBM JVM's that can cause a hang with the following code and perhaps other cases:
> public class ReproCVE20104476 {
> private static final String PROBLEM_NUMBER_STRING="2.2250738585072012e-308" ;
> public static void main(String[] args) throws Exception {
> Class.forName("org.apache.derby.jdbc.EmbeddedDriver");
> Connection conn = DriverManager.getConnection("jdbc:derby:wombat;create=true");
> // clean up from a previous run
> Statement s = conn.createStatement();
> try {
> s.executeUpdate("DROP TABLE T");
> } catch (SQLException se) {
> if (!se.getSQLState().equals("42Y55"))
> throw se;
> }
> s.executeUpdate("CREATE TABLE T (d1 VARCHAR(30))");
> PreparedStatement ps = conn.prepareStatement("INSERT INTO T VALUES (?)");
> ps.setString(1, PROBLEM_NUMBER_STRING);
> ps.executeUpdate();
> ResultSet rs = s.executeQuery("SELECT * from T");
> rs.next();
> double d = rs.getDouble(1);
> System.out.println("double value = " + d);
> }
> }
> The IBM announcement and fix is here:
> http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
> There is a link from that page to the Oracle announcement.
> I am not sure yet if Mac or other JVM's are affected.
> I would like to check a regression test into trunk at some point soon, but this will require that all people running Derby tests upgrade their JVM's, so want to set a reasonable deadline. Does April 15 sound reasonable? Also are there any JVM's/platforms that should be excluded because there is not a fix available yet?
> Thanks
> Kathey
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-5126) Add Derby test case for CVE-2010-4476
- Java Runtime Environment hangs when converting "2.2250738585072012e-308"
to a binary floating-point number
Posted by "Rick Hillegas (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Hillegas updated DERBY-5126:
---------------------------------
Attachment: ReproCVE20104476.java
Thanks for posting the repro, Kathey. Attaching a revised version of the repro. This version imports the java.sql classes so that it will compile cleanly. This version also uses an in-memory database and prints out a diagnostic line just before the hang. This may be helpful to others who want to test the problem on their platforms.
I can verify that the hang occurs on the Mac version of Java 5 and Java 6. Apple produces updates very slowly so I would not count on this being patched soon. Please disable this test for Macs. Thanks.
> Add Derby test case for CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5126
> URL: https://issues.apache.org/jira/browse/DERBY-5126
> Project: Derby
> Issue Type: Improvement
> Components: Test
> Reporter: Kathey Marsden
> Attachments: ReproCVE20104476.java
>
>
> There is a known serious JVM issue with both Sun and IBM JVM's that can cause a hang with the following code and perhaps other cases:
> public class ReproCVE20104476 {
> private static final String PROBLEM_NUMBER_STRING="2.2250738585072012e-308" ;
> public static void main(String[] args) throws Exception {
> Class.forName("org.apache.derby.jdbc.EmbeddedDriver");
> Connection conn = DriverManager.getConnection("jdbc:derby:wombat;create=true");
> // clean up from a previous run
> Statement s = conn.createStatement();
> try {
> s.executeUpdate("DROP TABLE T");
> } catch (SQLException se) {
> if (!se.getSQLState().equals("42Y55"))
> throw se;
> }
> s.executeUpdate("CREATE TABLE T (d1 VARCHAR(30))");
> PreparedStatement ps = conn.prepareStatement("INSERT INTO T VALUES (?)");
> ps.setString(1, PROBLEM_NUMBER_STRING);
> ps.executeUpdate();
> ResultSet rs = s.executeQuery("SELECT * from T");
> rs.next();
> double d = rs.getDouble(1);
> System.out.println("double value = " + d);
> }
> }
> The IBM announcement and fix is here:
> http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
> There is a link from that page to the Oracle announcement.
> I am not sure yet if Mac or other JVM's are affected.
> I would like to check a regression test into trunk at some point soon, but this will require that all people running Derby tests upgrade their JVM's, so want to set a reasonable deadline. Does April 15 sound reasonable? Also are there any JVM's/platforms that should be excluded because there is not a fix available yet?
> Thanks
> Kathey
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DERBY-5126) Add Derby test case for
CVE-2010-4476 - Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number
Posted by "Kathey Marsden (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DERBY-5126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13008478#comment-13008478 ]
Kathey Marsden commented on DERBY-5126:
---------------------------------------
Whenever I come across a derby usage case that doesn't work, whether a derby or jvm issue, I always try to add a regression test to make sure it doesn't regress sometime in the future and also to provide Derby users hitting the symptom (in this case a hang) a hit when they search. When I add the case I will launch a separate thread so that the suite does not hang but will just have a failing test and will exclude jvms for which is known not to be fixed yet.
I think though perhaps I should change the title to be ResultSet.getDouble() on a character column with some values like "2.225073858072012e-308" will hang with JVM's that do not have the fix for CVE-2010-4476 and then close it invalid after I add the test case.
> Add Derby test case for CVE-2010-4476 - Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5126
> URL: https://issues.apache.org/jira/browse/DERBY-5126
> Project: Derby
> Issue Type: Improvement
> Components: Test
> Reporter: Kathey Marsden
> Attachments: ReproCVE20104476.java
>
>
> There is a known serious JVM issue with both Sun and IBM JVM's that can cause a hang with the following code and perhaps other cases:
> public class ReproCVE20104476 {
> private static final String PROBLEM_NUMBER_STRING="2.2250738585072012e-308" ;
> public static void main(String[] args) throws Exception {
> Class.forName("org.apache.derby.jdbc.EmbeddedDriver");
> Connection conn = DriverManager.getConnection("jdbc:derby:wombat;create=true");
> // clean up from a previous run
> Statement s = conn.createStatement();
> try {
> s.executeUpdate("DROP TABLE T");
> } catch (SQLException se) {
> if (!se.getSQLState().equals("42Y55"))
> throw se;
> }
> s.executeUpdate("CREATE TABLE T (d1 VARCHAR(30))");
> PreparedStatement ps = conn.prepareStatement("INSERT INTO T VALUES (?)");
> ps.setString(1, PROBLEM_NUMBER_STRING);
> ps.executeUpdate();
> ResultSet rs = s.executeQuery("SELECT * from T");
> rs.next();
> double d = rs.getDouble(1);
> System.out.println("double value = " + d);
> }
> }
> The IBM announcement and fix is here:
> http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
> There is a link from that page to the Oracle announcement.
> I am not sure yet if Mac or other JVM's are affected.
> I would like to check a regression test into trunk at some point soon, but this will require that all people running Derby tests upgrade their JVM's, so want to set a reasonable deadline. Does April 15 sound reasonable? Also are there any JVM's/platforms that should be excluded because there is not a fix available yet?
> Thanks
> Kathey
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira