[e-lang] Fwd: @RISK: Sun Java Floating-Point Value Denial of Service
Mark S. Miller
erights at google.com
Thu Feb 3 16:49:32 PST 2011
Has anyone figured out which strings will trigger the bug?
Or better, a predicate that will test whether a given string will trigger
the bug?
On Thu, Feb 3, 2011 at 4:37 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> FYI -
>
> ====== Forwarded Message ======
> Date: 2/3/11 11:58 PM
> Received: 2/3/11 4:03 PM -0800
> From: ConsensusSecurityVulnerabilityAlert at sans.org (The SANS Institute)
> To: frantz at pwpconsult.com
>
>
> 11.6.25 CVE: Not Available
> Platform: Cross Platform
> Title: Sun Java Floating-Point Value Denial of Service
> Description: Sun Java is a web programming language. Java is exposed
> to a denial of service issue when processing certain double precision
> floating-point values. The problem occurs in applications that convert
> a user-supplied decimal input to a double-precision binary
> floating-point.
> Ref:
>
> http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
> ====== End Forwarded Message ======
>
> The problem occurs when a specific floating point value is
> converted to float64. It appears to occur with E on Java (on Mac):
>
> Bill-Frantzs-MacBook-Pro:EHome frantz$ ./rune.txt
> ? 5 + 4
> # value: 9
>
> ? def f := 2.2250738585072012e-308
>
> I expect it will be fixed automagically when Java is fixed.
>
> Cheers - Bill
>
> -------------------------------------------------------------------------
> Bill Frantz | Airline peanut bag: "Produced | Periwinkle
> (408)356-8506 <tel:+14083568506> | in a facility that processes |
> 16345
> Englewood Ave
> www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos,
> CA 95032
>
>
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>
--
Cheers,
--MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/e-lang/attachments/20110203/f3343927/attachment.html
More information about the e-lang
mailing list