[
https://issues.apache.org/jira/browse/JEXL-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Henri Biestro updated JEXL-325:
-------------------------------
Fix Version/s: 3.2
Assignee: Henri Biestro
Priority: Minor (was: Major)
Low potentiality of occurence but needs to be fixed.
> Potential race-condition in NumberParser.toString()
> ---------------------------------------------------
>
> Key: JEXL-325
> URL: https://issues.apache.org/jira/browse/JEXL-325
> Project: Commons JEXL
> Issue Type: Bug
> Affects Versions: 3.1
> Reporter: Dmitri Blinov
> Assignee: Henri Biestro
> Priority: Minor
> Fix For: 3.2
>
>
> To format {{BigDecimal}} values the current implementation uses *static*
> instance of {{DecimalFormat}} class without synchronization, whereas
> according to Java doc Decimal formats are not synchronized and must be
> synchronized externally. There is also a dead branch on BigDecimal check. The
> suggestion is to change NumberParser.to String() to something as follows:
> {code}
> @Override
> public String toString() {
> if (literal == null || clazz == null ||
> Double.isNaN(literal.doubleValue())) {
> return "NaN";
> }
> if (BigDecimal.class.equals(clazz)) {
> synchronized (BIGDF) {
> return BIGDF.format(literal);
> }
> }
> StringBuilder strb = new StringBuilder(literal.toString());
> if (Float.class.equals(clazz)) {
> strb.append('f');
> } else if (Double.class.equals(clazz)) {
> strb.append('d');
> } else if (BigInteger.class.equals(clazz)) {
> strb.append('h');
> } else if (Long.class.equals(clazz)) {
> strb.append('l');
> }
> return strb.toString();
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
