科技回声

What I think is amazing is the fact that there's a bug from November of 2009 (<a href="http://bugs.openjdk.java.net/show_bug.cgi?id=100119" rel="nofollow">http://bugs.openjdk.java.net/show_bug.cgi?id=100119</a>) that's first reporting the issue.<p>So there was a known denial of service vulnerability in Java for more than a year before people recognized it as that and actually started bothering to fix it.

Fix is available. See: <a href="http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" rel="nofollow">http://blogs.oracle.com/security/2011/02/security_alert_for_...</a> and <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater" rel="nofollow">http://www.oracle.com/technetwork/java/javase/downloads/inde...</a>

I thought this was a side effect from a GCC bug when it affected PHP. So does Java use the same algorithm for generating machine code at it's lowest level?

Good analysis. I sure hope a unit test will be added to the Java code base to cover this boundary case.

so when/how would the fix get into some java update?

I thought this was a side effect from a GCC bug when it affected PHP. So does Java use the same algorithm for generating machine code at it's lowest level?

Good analysis. I sure hope a unit test will be added to the Java code base to cover this boundary case.

so when/how would the fix get into some java update?

A Closer Look at the Java 2.2250738585072012e-308 Bug

5 条评论

A Closer Look at the Java 2.2250738585072012e-308 Bug

5 条评论