[ https://issues.apache.org/jira/browse/CASSANDRA-14925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16714659#comment-16714659 ]
ZhaoYang commented on CASSANDRA-14925: -------------------------------------- {quote}Can't we just use BigDecimal.toString() all the time as save ourselves the trouble of adding yet one more runtime parameter that no user will probably ever modify?{quote} Make sense.. updated the patch to use `toString()` only. |patch|circle-ci| |[3.0|https://github.com/jasonstack/cassandra/commits/decimal-tostring-3.0]|[unit|https://circleci.com/gh/jasonstack/cassandra/747?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link]| |[3.11|https://github.com/jasonstack/cassandra/commits/decimal-tostring-3.11]|[unit|https://circleci.com/gh/jasonstack/cassandra/752?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link]| |[trunk|https://github.com/jasonstack/cassandra/commits/decimal-tostring-trunk]|[unit|https://circleci.com/gh/jasonstack/cassandra/751?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link]| > DecimalSerializer.toString() can be used as OOM attack > ------------------------------------------------------- > > Key: CASSANDRA-14925 > URL: https://issues.apache.org/jira/browse/CASSANDRA-14925 > Project: Cassandra > Issue Type: Bug > Components: Core > Reporter: ZhaoYang > Assignee: ZhaoYang > Priority: Minor > > Currently, in {{DecimalSerializer.toString(value)}}, it uses > {{BigDecimal.toPlainString()}} which generates huge string for large scale > values. > > {code:java} > BigDecimal d = new BigDecimal("1e-" + (Integer.MAX_VALUE - 6)); > d.toPlainString(); // oom{code} > > Propose to use {{BigDecimal.toString()}} when scale is larger than 100 which > is configurable via {{-Dcassandra.decimal.maxscaleforstring}} > > | patch | circle-ci | > | [3.0|https://github.com/jasonstack/cassandra/commits/decimal-tostring-3.0] > | > [unit|https://circleci.com/gh/jasonstack/cassandra/747?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link] > | > The code should apply cleanly to 3.0+. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org