Fix potential infinity exploit.

2016-10-02 12:06:04 -04:00 · 2016-10-02 12:06:04 -04:00 · 230d50d81b
parent f9b53695d6
commit 230d50d81b
2 changed files with 10 additions and 4 deletions
--- a/SaneEconomyCore/src/main/java/org/appledash/saneeconomy/utils/NumberUtils.java
+++ b/SaneEconomyCore/src/main/java/org/appledash/saneeconomy/utils/NumberUtils.java
@ -36,6 +36,10 @@ public class NumberUtils {
            return INVALID_DOUBLE;
        }

+        if (Double.isInfinite(doub) || Double.isNaN(doub)) {
+            return INVALID_DOUBLE;
+        }
+
        return doub;
    }

--- a/SaneEconomyCore/src/test/java/org/appledash/saneeconomy/test/NumberUtilsTest.java
+++ b/SaneEconomyCore/src/test/java/org/appledash/saneeconomy/test/NumberUtilsTest.java
@ -16,12 +16,14 @@ public class NumberUtilsTest {
    @Test
    public void testParsePositive() {
        // Valid input
-        Assert.assertEquals(NumberUtils.parsePositiveDouble("69.0"), 69.0, 0.0);
+        Assert.assertEquals(69.0, NumberUtils.parsePositiveDouble("69.0"), 0.0);
        // Valid but not positive
-        Assert.assertEquals(NumberUtils.parsePositiveDouble("-10.0"), -1.0, 0.0);
+        Assert.assertEquals(-1.0, NumberUtils.parsePositiveDouble("-10.0"), 0.0);
        // Invalid
-        Assert.assertEquals(NumberUtils.parsePositiveDouble("nan"), -1.0, 0.0);
-        Assert.assertEquals(NumberUtils.parsePositiveDouble("ponies"), -1.0, 0.0);
+        Assert.assertEquals(-1.0, NumberUtils.parsePositiveDouble("nan"), 0.0);
+        Assert.assertEquals(-1.0, NumberUtils.parsePositiveDouble("ponies"), 0.0);
+        // Infinite
+        Assert.assertEquals(-1.0, NumberUtils.parsePositiveDouble("1E1000000000"), 0.0);
    }

    @Test