rootvector2 opened a new pull request, #405:
URL: https://github.com/apache/commons-beanutils/pull/405

   Port of #404 to the 1.X branch. @garydgregory asked to verify whether the 
fix applies there, and it does, identically.
   
   `NumberConverter.toNumber(Class, Number)` range-checks the 
`byte`/`short`/`int` branches, but the `Long` branch has no bounds check and 
the `Float` branch only checks the upper bound, so an out-of-range value is 
silently clamped instead of rejected: a `Double`/`BigInteger`/`BigDecimal` 
beyond `long` range is truncated/clamped to `Long.MAX_VALUE`, a locale-parsed 
String past `long` range comes back from `DecimalFormat` as a `Double` and gets 
clamped the same way, and a `Number` below `-Float.MAX_VALUE` becomes 
`-Infinity`. Fix adds the missing bounds checks to the `Long` branch and the 
lower bound to the `Float` branch, mirroring the existing branches, so 
out-of-range input throws `ConversionException`.
   
   Regression tests added to `LongConverterTest` (`testInvalidAmount`, 
`testLocaleStringOutOfRange`) and `FloatConverterTest` (negative overflow); 
they fail without the runtime change. Both converter test classes pass. The 
full `mvn` run is green except for 
`LocaleBeanificationTest.testContextClassloaderIndependence`, which already 
fails on an unmodified 1.X checkout in my environment (it passes in isolation) 
and is unrelated to this change.
   
   - [x] Read the [contribution guidelines](CONTRIBUTING.md) for this project.
   - [ ] Read the [ASF Generative Tooling 
Guidance](https://www.apache.org/legal/generative-tooling.html) if you use 
Artificial Intelligence (AI).
   - [ ] I used AI to create any part of, or all of, this pull request. Which 
AI tool was used to create this pull request, and to what extent did it 
contribute?
   - [x] Run a successful build using the default 
[Maven](https://maven.apache.org/) goal with `mvn`; that's `mvn` on the command 
line by itself.
   - [x] Write unit tests that match behavioral changes, where the tests fail 
if the changes to the runtime are not applied. This may not always be possible, 
but it is a best practice.
   - [x] Write a pull request description that is detailed enough to understand 
what the pull request does, how, and why.
   - [x] Each commit in the pull request should have a meaningful subject line 
and body. Note that a maintainer may squash commits during the merge process.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to