zhouxy108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-07-21 15:09:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复NumberUtil.toBigDecimal方法报StackOverflowError(CVE-2023-51080)

Browse Source
This commit is contained in:
Looly
2024-01-11 10:42:20 +08:00
parent 1aae080195
commit 4d6684e9ab
3 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
hutool-core/src/test/java/cn/hutool/core/util/Issue3423Test.java Normal file
View File

@@ -0,0 +1,24 @@
package cn.hutool.core.util;
import cn.hutool.core.lang.Console;
import org.junit.Test;
import java.text.DecimalFormat;
import java.text.NumberFormat;
import java.text.ParseException;
public class Issue3423Test {
@Test(expected = IllegalArgumentException.class)
public void toBigDecimalOfNaNTest() {
NumberUtil.toBigDecimal("NaN");
}
@Test
public void toBigDecimalOfNaNTest2() throws ParseException {
final NumberFormat format = NumberFormat.getInstance();
((DecimalFormat) format).setParseBigDecimal(true);
final Number naN = format.parse("NaN");
Console.log(naN.getClass());
}
}