[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#68333: Time bomb in icedtea/openjdk
From: |
Rostislav Svoboda |
Subject: |
bug#68333: Time bomb in icedtea/openjdk |
Date: |
Tue, 9 Jan 2024 12:55:20 +0100 |
> I couldn’t find ‘GenerateCurrencyData.java’ though, not sure where it lives.
bost@ecke /tmp/guix-build-icedtea-2.6.13.drv-0$ fd GenerateCurrencyData.java
icedtea-2.6.13/openjdk/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
icedtea-2.6.13/openjdk-boot/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
icedtea-2.6.13/openjdk.src/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
bost@ecke /tmp/guix-build-icedtea-2.6.13.drv-0$ fd
GenerateCurrencyData.java | xargs sha1sum
e819f2a934acca80a8eee42434459c70ad1bbf76
icedtea-2.6.13/openjdk/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
e819f2a934acca80a8eee42434459c70ad1bbf76
icedtea-2.6.13/openjdk-boot/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
e819f2a934acca80a8eee42434459c70ad1bbf76
icedtea-2.6.13/openjdk.src/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
bost@ecke /tmp/guix-build-icedtea-2.6.13.drv-0$ rg -N -B 30 -A 12
'time is more than 10 years from present'
icedtea-2.6.13/openjdk.src/jdk/make/tools/src/build/tools/generatecurrencydata/GenerateCurrencyData.java
private static int makeSpecialCaseEntry(String currencyInfo)
throws Exception {
Integer oldEntry = specialCaseMap.get(currencyInfo);
if (oldEntry != null) {
return oldEntry.intValue();
}
if (specialCaseCount == maxSpecialCases) {
throw new RuntimeException("too many special cases");
}
if (currencyInfo.length() == 3) {
checkCurrencyCode(currencyInfo);
specialCaseCutOverTimes[specialCaseCount] = Long.MAX_VALUE;
specialCaseOldCurrencies[specialCaseCount] = currencyInfo;
specialCaseOldCurrenciesDefaultFractionDigits[specialCaseCount]
= getDefaultFractionDigits(currencyInfo);
specialCaseOldCurrenciesNumericCode[specialCaseCount] =
getNumericCode(currencyInfo);
specialCaseNewCurrencies[specialCaseCount] = null;
specialCaseNewCurrenciesDefaultFractionDigits[specialCaseCount] = 0;
specialCaseNewCurrenciesNumericCode[specialCaseCount] = 0;
} else {
int length = currencyInfo.length();
if (currencyInfo.charAt(3) != ';' ||
currencyInfo.charAt(length - 4) != ';') {
throw new RuntimeException("invalid currency info: " +
currencyInfo);
}
String oldCurrency = currencyInfo.substring(0, 3);
String newCurrency = currencyInfo.substring(length - 3, length);
checkCurrencyCode(oldCurrency);
checkCurrencyCode(newCurrency);
String timeString = currencyInfo.substring(4, length - 4);
long time = format.parse(timeString).getTime();
if (Math.abs(time - System.currentTimeMillis()) > ((long)
10) * 365 * 24 * 60 * 60 * 1000) {
throw new RuntimeException("time is more than 10 years
from present: " + time);
}
specialCaseCutOverTimes[specialCaseCount] = time;
specialCaseOldCurrencies[specialCaseCount] = oldCurrency;
specialCaseOldCurrenciesDefaultFractionDigits[specialCaseCount]
= getDefaultFractionDigits(oldCurrency);
specialCaseOldCurrenciesNumericCode[specialCaseCount] =
getNumericCode(oldCurrency);
specialCaseNewCurrencies[specialCaseCount] = newCurrency;
specialCaseNewCurrenciesDefaultFractionDigits[specialCaseCount]
= getDefaultFractionDigits(newCurrency);
specialCaseNewCurrenciesNumericCode[specialCaseCount] =
getNumericCode(newCurrency);
}
specialCaseMap.put(currencyInfo, new Integer(specialCaseCount));
return specialCaseCount++;
}