Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
There is a wrong conditional check in NumberUtils.createNumber method, that could result in StringIndexOutOfBoundsException with specially crafted invalid string.
public static Number createNumber(final String str) { ... final int decPos = str.indexOf('.'); final int expPos = str.indexOf('e') + str.indexOf('E') + 1; // assumes both not present // if both e and E are present, this is caught by the checks on expPos (which prevent IOOBE) if (decPos > -1) { // there is a decimal point if (expPos > -1) { // there is an exponent if (expPos < decPos || expPos > length) { // prevents double exponent causing IOOBE throw new NumberFormatException(str + " is not a valid number."); } dec = str.substring(decPos + 1, expPos);
Although checking is implied for the case of both e and E are present, there is an exceptional case which are not taken care of. If we provide the String E123e.3, both decPos and expPos will be 5. Then it get pass the expPos < decPos check and the substring will throw a StringIndexOutOfBoundsException because decPos + 1 > expPos.
To fix this issue, the condition should be expPos <= decPst.
Attachments
Issue Links
- links to