Java Floating Point Bug Can Lock Up Servers

An anonymous reader writes "Here we go again: Just like the recently-reported PHP Floating Point Bug causes servers to go into infinite loops when parsing certain double-precision floating-point numbers, Sun/Oracle's JVM does it, too. It gets better: you can lock up a thread on most servers just by sending a particular header value. Sun/Oracle has known about the bug for something like 10 years, but it's still not fixed. Java Servlet containers are patching to avoid the problem, but application code will still be vulnerable to user input."

Bullshit!

Java is a secure virtual machine environment. Programs never crash and low level errors like pointer or memory problems are impossible. There is no way this floating point thing is real.

Java is the future and you are retarded. Java is the fastest programming language ever invented, that's why it's the primary language we learn and teach in school.

I have been a HTML programmer for many years, I know what I'm talking about.

Re:Bullshit!

[the+Atomic+Rabbit]

There is no way this floating point thing is real.

It has to be real. Java lacks built-in support for complex numbers.

Shocked! Shocked!

[curmudgeon99]

As a more than decade-long Java programmer, I must say that I am shocked! Shocked! that Sun would do something like that.
Why, I'd go so far as to predict that a company that behaved that way would find itself out of business.

Hey, wait a second...

Fixed available

[Wookie+Monster]

Oracle has posted a fix for the bug, in the form of a patch. Official releases will be available next week. http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html

It is not the JVM ....

[Chrisq]

The article makes it clear that the problem is in FloatingDecimal.java. It is converting decimal strings to floating point numbers - fp arithmetic is fine!