alhudz opened a new pull request, #1702:
URL: https://github.com/apache/commons-lang/pull/1702
`NumberUtils.createBigInteger` peels off one optional leading `+`/`-` (into
a `negate` flag) and an optional `0x`/`#`/`0` radix prefix, then passes the
rest to `new BigInteger(String)`, which parses a sign of its own. A doubled
sign slips through and is silently mis-valued: `createBigInteger("--1")`
returns `1`, `"-+1"` and `"+-1"` return `-1`, `"+-10"` returns `-10`, `"--010"`
returns `10`. Since `createNumber` falls back to `createBigInteger` for plain
integer tokens, `createNumber("--1")` returns `1` and `isCreatable("--1")`
reports `true`, even though `isParsable("--1")` is `false` and the sibling
`createInteger`/`createLong` reject the input via
`Integer.decode`/`Long.decode`.
`Integer.decode`/`Long.decode` already throw `Sign character in wrong
position` when a sign is not at the start, so the same check goes into
`createBigInteger` once the leading sign and radix prefix are consumed. Putting
it in the parser lets `createNumber`, `isCreatable` and the deprecated
`isNumber` agree without each adding its own guard; `createBigDecimal` already
rejects these through `new BigDecimal`. The added assertions cover the
`createBigInteger` failures and the `isCreatable`/`createNumber` chain, and
they fail on the current code. The `math` unit tests pass with the patch
applied.
- [x] Read the [contribution guidelines](CONTRIBUTING.md) for this project.
- [ ] Read the [ASF Generative Tooling
Guidance](https://www.apache.org/legal/generative-tooling.html) if you use
Artificial Intelligence (AI).
- [ ] I used AI to create any part of, or all of, this pull request. Which
AI tool was used to create this pull request, and to what extent did it
contribute?
- [ ] Run a successful build using the default
[Maven](https://maven.apache.org/) goal with `mvn`; that's `mvn` on the command
line by itself.
- [x] Write unit tests that match behavioral changes, where the tests fail
if the changes to the runtime are not applied. This may not always be possible,
but it is a best practice.
- [x] Write a pull request description that is detailed enough to understand
what the pull request does, how, and why.
- [x] Each commit in the pull request should have a meaningful subject line
and body. Note that a maintainer may squash commits during the merge process.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
