Dmitri Blinov created JEXL-325:
----------------------------------
Summary: Potential race-condition in NumberParser.toString()
Key: JEXL-325
URL: https://issues.apache.org/jira/browse/JEXL-325
Project: Commons JEXL
Issue Type: Bug
Affects Versions: 3.1
Reporter: Dmitri Blinov
To format {{BigDecimal}} values the current implementation uses *static*
instance of {{DecimalFormat}} class without synchronization, whereas according
to Java doc Decimal formats are not synchronized and must be synchronized
externally. There is also a dead branch on BigDecimal check. The suggestion is
to change NumberParser.to String() to something as follows:
{code}
@Override
public String toString() {
if (literal == null || clazz == null ||
Double.isNaN(literal.doubleValue())) {
return "NaN";
}
if (BigDecimal.class.equals(clazz)) {
synchronized (BIGDF) {
return BIGDF.format(literal);
}
}
StringBuilder strb = new StringBuilder(literal.toString());
if (Float.class.equals(clazz)) {
strb.append('f');
} else if (Double.class.equals(clazz)) {
strb.append('d');
} else if (BigInteger.class.equals(clazz)) {
strb.append('h');
} else if (Long.class.equals(clazz)) {
strb.append('l');
}
return strb.toString();
}
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
