[jdk11u-dev] RFR: 8299677: Formatter.format might take a long time to format an integer or floating-point
Paul Hohensee
phh at openjdk.org
Tue Jan 17 18:26:14 UTC 2023
Simple almost clean backport of a potential DOS attack vector fix. Backport from JDK 17 (see https://github.com/openjdk/jdk17u-dev/pull/1077) is clean.
Changed
Flags.contains(f, Flags.ZERO_PAD)
to
f.contains(Flags.ZERO_PAD)
Passes new and old Formatter tests.
-------------
Commit messages:
- Backport 33412c102ce799ff2de3512df77e6e07d76acd36
Changes: https://git.openjdk.org/jdk11u-dev/pull/1667/files
Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1667&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8299677
Stats: 318 lines in 2 files changed: 313 ins; 1 del; 4 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/1667.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev pull/1667/head:pull/1667
PR: https://git.openjdk.org/jdk11u-dev/pull/1667
More information about the jdk-updates-dev
mailing list