WingNews logo WingNews GitHub [2]
top | item 2164863

Java Hangs When Converting 2.2250738585072012e-308

180 points| pietrofmaggi | 15 years ago |exploringbinary.com | reply

66 comments

order
[+] pilif|15 years ago|reply
I remember when everyone was bashing PHP (http://news.ycombinator.com/item?id=2066084) when they were bitten by the same issue. Then there were articles about this being maybe a GCC bug or at least design issue but people were still saying that it's PHP's duty to take care of this.

I was always afraid that this might bite other environments too as the code that caused the issue in PHP was apparently taken from elsewhere (see http://blog.andreas.org/display?id=9 for a detailed analysis of the problem). Now this is turning out to be true.

[+] Uchikoma|15 years ago|reply
Yes, astonishing how Oracle (and others) didn't check their code when this surfaced in PHP to determine if they are affected too.
[+] mjw|15 years ago|reply
Ouch.

This affects JRuby, and potentially anyone with a JSON-based API running on the JVM with a JSON parser using the java stdlib to parse JSON floats:

    jruby-1.5.2 > JSON.parse('{"float": 2.2250738585072012e-308}')  
    ^C^C^C^C^C^C
    ^C^C^C
(not the most recent JRuby I know, but seems this is a JVM problem...)
[+] rll|15 years ago|reply
I have a feeling we will see this come up in more places. When we fixed the code for PHP we saw very similar code in a lot of other projects.
[+] wladimir|15 years ago|reply
Yes, every project should check its strtod function. If it has a potentially infinite loop, be very worried :)
[+] praptak|15 years ago|reply
"Konstantin reported this problem to Oracle three weeks ago, but is still waiting for a reply."

This speaks volumes about Oracle as the Java's steward.

[+] nikster|15 years ago|reply
I just reported a problem last week and got a response inside 12 hours. I was amazed. Certainly faster than I've ever gotten a response from Sun.

Average over the last 3 issues is about 48 hours - if accepted as a bug. But if you provide source code that demonstrates the problem turnaround is usually very fast, and that seems to be the case here.

[+] andrew1|15 years ago|reply
So they're not falling over themselves to fix a bug which no one has noticed for 10+ years, and which hardly anyone is going to hit in actual use. Maybe they're spending their time fixing problems which are actually affecting developers.
[+] snewman|15 years ago|reply
If I'm not mistaken, this is bad: it enables a trivial DOS attack against any web service that accepts floating-point input. (For instance, one of the commenters on the OP noted that Google Spreadsheets backends are vulnerable.) This includes, as a special case, any service that accepts JSON input.

I expect a lot of teams will have to rush out a patch. I feel for them...

Incidentally, I haven't seen a simple workaround posted anywhere. Has anyone seen a regexp or code snippet that can identify strings which would trigger this bug?

[+] djacobs|15 years ago|reply
Maybe I'm dense, but why does this affect apps that use JSON?
[+] latch|15 years ago|reply
The compiler one is pretty neat. Hung IntelliJ. Didn't hang VS.NET. Had both open, had to try.
[+] leppie|15 years ago|reply
Just to confirm .NET/C# handles this and correctly. So does IronScheme.
[+] lukesandberg|15 years ago|reply
This hangs eclipse 3.5.2 when saving the code :)
[+] abscondment|15 years ago|reply
The compile-time version will hang a Clojure REPL, too:

user=> (def d 2.2250738585072012e-308)

[+] paulitex|15 years ago|reply
makes sense, same thing in scala:

Welcome to Scala version 2.8.1.final (Java HotSpot(TM) 64-Bit Server VM, Java 1.6.0_22). Type in expressions to have them evaluated. Type :help for more information.

scala> 2.2250738585072012e-308

(infinite loop)

[+] Jach|15 years ago|reply
Tried it in Jython too, of course it fails. I'd have been more surprised if it worked, but it's still amusing and had to see it.
[+] ibejoeb|15 years ago|reply
FWIW the Oracle/BEA jrockit compiler does not hang. It does hang on execution, however.

   Java(TM) SE Runtime Environment (build 1.6.0_20-b02)
   Oracle JRockit(R) (build R28.0.1-21-133393-1.6.0_20-20100512-2126-linux-ia32, compiled mode)
[+] Uchikoma|15 years ago|reply
I assume this hits Clojure, JRuby, etc. harder because it affects all values which are converted to Strings, but only affects Java when one explicitly converts to Double?

So when a (Java) website expects an Int as input, it's not affected, but Clojure,JRuby etc would be?

Am I right, what am I missing?

(see the comment with

user=> (def d 2.2250738585072012e-308)

)

[+] r0h4n|15 years ago|reply
Doesnt hang Ruby 1.9 (MRI) and python 2.7 and python 3.1
[+] speleding|15 years ago|reply
Ruby 1.8.7 appears to be fine too
[+] cygwin98|15 years ago|reply
Ruby 1.9.2 handled it well here
[+] joeyh|15 years ago|reply
So, in summary, we've made counting on computers so complex that we're still failing to get it right. Similarly to how we've made the alphabet (unicode) on computers so complex that most programs are still trying to get that right.
[+] russell|15 years ago|reply
This seems to be a not rare occurrence around the phase boundaries of functions. I had a similar problem with the atan2 function in the PL/I - Fortran library on the CDC 6600. One of my testers was stepping across the boundary between valid and invalid arguments and there was a single binary value that blew up. I was the compiler lead so it got fixed. Any of you remember the 486 floating point problem?
[+] VMG|15 years ago|reply
What about android?
[+] dfox|15 years ago|reply
Android is not i386 based and this is x87 FPU and gcc specific bug in commonly used atod() implementation, so I assume that this does not happen on Android.
[+] tytso|15 years ago|reply
Obvious question --- are there any java web services running at Oracle that take a string input from a form or a URL, and tries to convert said stirng to a floating point variable?