修复NumberUtil.toBigDecimal方法报StackOverflowError(CVE-2023-51080)

2025-07-21 15:09:48 +08:00 · 2024-01-11 12:08:46 +08:00
parent 037d53794d
commit f341b9ed7a
5 changed files with 36 additions and 4 deletions
--- a/hutool-core/src/test/java/org/dromara/hutool/core/math/Issue3423Test.java
+++ b/hutool-core/src/test/java/org/dromara/hutool/core/math/Issue3423Test.java
@@ -0,0 +1,28 @@
+package org.dromara.hutool.core.math;
+
+import org.dromara.hutool.core.lang.Console;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+
+import java.math.BigDecimal;
+import java.text.DecimalFormat;
+import java.text.NumberFormat;
+import java.text.ParseException;
+
+public class Issue3423Test {
+	@Test
+	public void toBigDecimalOfNaNTest() {
+		final BigDecimal naN = NumberUtil.toBigDecimal("NaN");
+		Assertions.assertEquals(BigDecimal.ZERO, naN);
+	}
+
+	@Test
+	@Disabled
+	public void toBigDecimalOfNaNTest2() throws ParseException {
+		final NumberFormat format = NumberFormat.getInstance();
+		((DecimalFormat) format).setParseBigDecimal(true);
+		final Number naN = format.parse("NaN");
+		Console.log(naN.getClass());
+	}
+}