Java Hangs When Converting 2.2250738585072012e-308

I remember when everyone was bashing PHP (<a href="http://news.ycombinator.com/item?id=2066084" rel="nofollow">http://news.ycombinator.com/item?id=2066084</a>) when they were bitten by the same issue. Then there were articles about this being maybe a GCC bug or at least design issue but people were still saying that it's PHP's duty to take care of this.<p>I was always afraid that this might bite other environments too as the code that caused the issue in PHP was apparently taken from elsewhere (see <a href="http://blog.andreas.org/display?id=9" rel="nofollow">http://blog.andreas.org/display?id=9</a> for a detailed analysis of the problem). Now this is turning out to be true.

Ouch.<p>This affects JRuby, and potentially anyone with a JSON-based API running on the JVM with a JSON parser using the java stdlib to parse JSON floats:<p><pre><code> jruby-1.5.2 &#62; JSON.parse('{"float": 2.2250738585072012e-308}') ^C^C^C^C^C^C ^C^C^C </code></pre> (not the most recent JRuby I know, but seems this is a JVM problem...)

I have a feeling we will see this come up in more places. When we fixed the code for PHP we saw very similar code in a lot of other projects.

<i>"Konstantin reported this problem to Oracle three weeks ago, but is still waiting for a reply."</i><p>This speaks volumes about Oracle as the Java's steward.

If I'm not mistaken, this is <i>bad</i>: it enables a trivial DOS attack against any web service that accepts floating-point input. (For instance, one of the commenters on the OP noted that Google Spreadsheets backends are vulnerable.) This includes, as a special case, any service that accepts JSON input.<p>I expect a lot of teams will have to rush out a patch. I feel for them...<p>Incidentally, I haven't seen a simple workaround posted anywhere. Has anyone seen a regexp or code snippet that can identify strings which would trigger this bug?

The compiler one is pretty neat. Hung IntelliJ. Didn't hang VS.NET. Had both open, had to try.

The compile-time version will hang a Clojure REPL, too:<p>user=&#62; (def d 2.2250738585072012e-308)

FWIW the Oracle/BEA jrockit compiler does not hang. It does hang on execution, however.<p><pre><code> Java(TM) SE Runtime Environment (build 1.6.0_20-b02) Oracle JRockit(R) (build R28.0.1-21-133393-1.6.0_20-20100512-2126-linux-ia32, compiled mode)</code></pre>

Link to actual code: <a href="http://google.com/codesearch/p?hl=en#lM3pwaU8RUc/src/share/classes/sun/misc/FloatingDecimal.java&#38;q=parseDouble&#38;l=1476" rel="nofollow">http://google.com/codesearch/p?hl=en#lM3pwaU8RUc/src/share/c...</a>

I assume this hits Clojure, JRuby, etc. harder because it affects all values which are converted to Strings, but only affects Java when one explicitly converts to Double?<p>So when a (Java) website expects an Int as input, it's not affected, but Clojure,JRuby etc would be?<p>Am I right, what am I missing?<p>(see the comment with<p>user=&#62; (def d 2.2250738585072012e-308)<p>)

Doesnt hang Ruby 1.9 (MRI) and python 2.7 and python 3.1

So, in summary, we've made counting on computers so complex that we're still failing to get it right. Similarly to how we've made the alphabet (unicode) on computers so complex that most programs are still trying to get that right.

This seems to be a not rare occurrence around the phase boundaries of functions. I had a similar problem with the atan2 function in the PL/I - Fortran library on the CDC 6600. One of my testers was stepping across the boundary between valid and invalid arguments and there was a single binary value that blew up. I was the compiler lead so it got fixed. Any of you remember the 486 floating point problem?

What about android?

Obvious question --- are there any java web services running at Oracle that take a string input from a form or a URL, and tries to convert said stirng to a floating point variable?

I cannot recreate this using Spring TC (<a href="http://www.springsource.com/products/tcserver" rel="nofollow">http://www.springsource.com/products/tcserver</a>) server.

In that case, this still applies: <a href="http://zenebo.com/cmc/1/" rel="nofollow">http://zenebo.com/cmc/1/</a>