From 4b975496460873b40e67a388e07d7e47db1ddbe4 Mon Sep 17 00:00:00 2001
From: Greg Lewis <glewis@FreeBSD.org>
Date: Wed, 9 Feb 2011 17:13:40 +0000
Subject: . Fix infinite loop in parsing certain doubles.  See  CVE-2010-4476.

---
 java/openjdk7/files/patch-FloatingDecimal.java | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 java/openjdk7/files/patch-FloatingDecimal.java

(limited to 'java/openjdk7/files/patch-FloatingDecimal.java')

diff --git a/java/openjdk7/files/patch-FloatingDecimal.java b/java/openjdk7/files/patch-FloatingDecimal.java
new file mode 100644
index 000000000000..23656900f75c
--- /dev/null
+++ b/java/openjdk7/files/patch-FloatingDecimal.java
@@ -0,0 +1,11 @@
+--- jdk/src/share/classes/sun/misc/FloatingDecimal.java.orig	2010-06-21 14:15:30.000000000 -0700
++++ jdk/src/share/classes/sun/misc/FloatingDecimal.java	2011-02-08 22:30:49.000000000 -0800
+@@ -1547,7 +1547,7 @@
+                 if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){
+                     overvalue = true; // our candidate is too big.
+                     diff = bigB.sub( bigD );
+-                    if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){
++                    if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){
+                         // candidate is a normalized exact power of 2 and
+                         // is too big. We will be subtracting.
+                         // For our purposes, ulp is the ulp of the
-- 
cgit v1.2.3