From 4b975496460873b40e67a388e07d7e47db1ddbe4 Mon Sep 17 00:00:00 2001
From: Greg Lewis <glewis@FreeBSD.org>
Date: Wed, 9 Feb 2011 17:13:40 +0000
Subject: . Fix infinite loop in parsing certain doubles.  See  CVE-2010-4476.

---
 java/jdk15/files/patch-FloatingDecimal.java | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 java/jdk15/files/patch-FloatingDecimal.java

(limited to 'java/jdk15/files')

diff --git a/java/jdk15/files/patch-FloatingDecimal.java b/java/jdk15/files/patch-FloatingDecimal.java
new file mode 100644
index 000000000000..6141b18cb7eb
--- /dev/null
+++ b/java/jdk15/files/patch-FloatingDecimal.java
@@ -0,0 +1,11 @@
+--- ../../j2se/src/share/classes/sun/misc/FloatingDecimal.java.orig	2011-02-08 21:47:56.000000000 -0800
++++ ../../j2se/src/share/classes/sun/misc/FloatingDecimal.java	2011-02-08 21:48:18.000000000 -0800
+@@ -1529,7 +1529,7 @@
+ 		if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+ 		    overvalue = true; // our candidate is too big.
+ 		    diff = bigB.sub( bigD );
+-		    if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
++		    if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+ 			// candidate is a normalized exact power of 2 and
+ 			// is too big. We will be subtracting.
+ 			// For our purposes, ulp is the ulp of the
-- 
cgit v1.2.3