Details

    • Number of attachments :
      0

      Description

      Ruby announced a security vulnerability in BigDecimal. See http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ for details.

      JRuby seems to be affected as well. It doesn't crash, but appears to be stuck in an infinite loop. See the following output: http://gist.github.com/126922

        Activity

        Hide
        Charles Oliver Nutter added a comment -

        I have a fix for the to_f behavior which just defaults to +-Infinity or zero if the exponent is outside the representable float exponents. There's still an issue with to_i running forever, but matz has not decided how to handle it yet.

        Show
        Charles Oliver Nutter added a comment - I have a fix for the to_f behavior which just defaults to +-Infinity or zero if the exponent is outside the representable float exponents. There's still an issue with to_i running forever, but matz has not decided how to handle it yet.
        Hide
        Charles Oliver Nutter added a comment -

        Fixed in a8ae0da.

        Show
        Charles Oliver Nutter added a comment - Fixed in a8ae0da.

          People

          • Assignee:
            Charles Oliver Nutter
            Reporter:
            Nick Sieger
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: