A bug in Oracle's Java programming framework causes computers to freeze when they encounter certain numerical values with large numbers of decimal places, a flaw that makes websites susceptible to highly efficient denial-of-service attacks. The vulnerability in the latest version of Java is similar to a flaw discovered last …
Reported 10 years ago
The issue was reported 10 years ago in 2001:
(The bug report also contains a suggested fix.)
There is a test for this issue in the Free Software Jacks mauve testsuite:
So none of the free software java implementations had this bug since they
ran this testsuite. But apparently the Sun java implementation was never tested
Luckily now that OpenJDK is available under the GPL someone already posted
a fix to the core-libs mailinglist last week:
"This bug is not available"
not to worry oracle are helping
since update 23 the html delegator freezes up on reload making anything with a html content (JTextPane, JEditorPane et al.) break with a null pointer exception. This obviously breaks a lot of web applets - I've read reports of banks applets being completely useless. Bug was in the last update (23?) from October and no fix is coming. Did Oracle fire the Java team?
Talk about a game breaker. We've had to code around it but txt vs rtf vs html... html wins, rtf is a pain and txt is just not fluffable enough for the designers. *le sigh*
or parse input via BigDecimal...
BeanShell 2.0b4 - by Pat Niemeyer (firstname.lastname@example.org)
bsh % import java.math.*;
bsh % bd = new BigDecimal("2.225073858507201E-208");
bsh % print (bd);
bsh % print (bd.doubleValue());
bsh % double d = bd.doubleValue();
bsh % print (d);
Ironically a few days before this broke, I was asked if we could optimise out the use of BigDecimals to hold and move typical price values in a legacy product we needed to make faster. Luckily it wasn't going to be easy enough to do immediately...
I'll remember this.
The next time someone suggests that writing OSs in Java would help security and stability I'll be sure to point them here.
OK, I know it's more complicated than one bug -- but this goes to show that no language is without flaws.
@ Cameron "point them here"
Next time someone suggests that writing OSs in Java would help ANYTHING, or that Java is without flaws, you should point them to the nearest asylum, not here.
is this why i've had problems with opening hotmail emails in my inbox the last couple days through firefox /ubuntu ? having to use seamonkey to read and delete anything.
No. It isn't.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
- Feast your PUNY eyes on highest resolution phone display EVER
- AMD demos 'Berlin' Opteron, world's first heterogeneous system architecture server chip