Dmitri Blinov created JEXL-325: ---------------------------------- Summary: Potential race-condition in NumberParser.toString() Key: JEXL-325 URL: https://issues.apache.org/jira/browse/JEXL-325 Project: Commons JEXL Issue Type: Bug Affects Versions: 3.1 Reporter: Dmitri Blinov
To format {{BigDecimal}} values the current implementation uses *static* instance of {{DecimalFormat}} class without synchronization, whereas according to Java doc Decimal formats are not synchronized and must be synchronized externally. There is also a dead branch on BigDecimal check. The suggestion is to change NumberParser.to String() to something as follows: {code} @Override public String toString() { if (literal == null || clazz == null || Double.isNaN(literal.doubleValue())) { return "NaN"; } if (BigDecimal.class.equals(clazz)) { synchronized (BIGDF) { return BIGDF.format(literal); } } StringBuilder strb = new StringBuilder(literal.toString()); if (Float.class.equals(clazz)) { strb.append('f'); } else if (Double.class.equals(clazz)) { strb.append('d'); } else if (BigInteger.class.equals(clazz)) { strb.append('h'); } else if (Long.class.equals(clazz)) { strb.append('l'); } return strb.toString(); } {code} -- This message was sent by Atlassian Jira (v8.3.4#803005)