From 4b975496460873b40e67a388e07d7e47db1ddbe4 Mon Sep 17 00:00:00 2001 From: Greg Lewis Date: Wed, 9 Feb 2011 17:13:40 +0000 Subject: . Fix infinite loop in parsing certain doubles. See CVE-2010-4476. --- java/openjdk7/Makefile | 1 + java/openjdk7/files/patch-FloatingDecimal.java | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 java/openjdk7/files/patch-FloatingDecimal.java (limited to 'java/openjdk7') diff --git a/java/openjdk7/Makefile b/java/openjdk7/Makefile index e1a94d12d704..d02311e64509 100644 --- a/java/openjdk7/Makefile +++ b/java/openjdk7/Makefile @@ -7,6 +7,7 @@ PORTNAME= openjdk PORTVERSION= ${JDK_MAJOR_VERSION}.${JDK_MINOR_VERSION}.${JDK_BUILD_NUMBER} +PORTREVISION= 1 CATEGORIES= java devel MASTER_SITES= http://download.java.net/openjdk/jdk7/promoted/b${JDK_BUILD_NUMBER}/ \ https://jaxp.dev.java.net/files/documents/913/152561/:jaxp \ diff --git a/java/openjdk7/files/patch-FloatingDecimal.java b/java/openjdk7/files/patch-FloatingDecimal.java new file mode 100644 index 000000000000..23656900f75c --- /dev/null +++ b/java/openjdk7/files/patch-FloatingDecimal.java @@ -0,0 +1,11 @@ +--- jdk/src/share/classes/sun/misc/FloatingDecimal.java.orig 2010-06-21 14:15:30.000000000 -0700 ++++ jdk/src/share/classes/sun/misc/FloatingDecimal.java 2011-02-08 22:30:49.000000000 -0800 +@@ -1547,7 +1547,7 @@ + if ( (cmpResult = bigB.cmp( bigD ) ) > 0 ){ + overvalue = true; // our candidate is too big. + diff = bigB.sub( bigD ); +- if ( (bigIntNBits == 1) && (bigIntExp > -expBias) ){ ++ if ( (bigIntNBits == 1) && (bigIntExp > -expBias+1) ){ + // candidate is a normalized exact power of 2 and + // is too big. We will be subtracting. + // For our purposes, ulp is the ulp of the -- cgit v1.2.3