On 29/08/2022 14:06, Christopher Schultz wrote:
Mark,
On 8/29/22 02:39, ma...@apache.org wrote:
<snip/>
public static String get(final String key, final Object... args) {
String value = get(key);
+ // Convert all Number arguments to String else MessageFormat
may try to
+ // format them in unexpected ways.
+ if (args != null) {
+ for (int i = 0; i < args.length; i++) {
+ if (args[i] instanceof Number) {
+ args[i] = args[i].toString();
+ }
+ }
+ }
+
This might represent a big change in behavior, especially with
floating-point numbers. I'm not sure what role MessageFormat plays in
the whole EL ecosystem... is it any part of the spec, or only for like
error messages and things like that?
It is only for error messages and the like.
oss-fuzz found an edge case where MessageFormat would output a number
with hundreds of thousands of digits as an integer rather than using
exponential form.
Any such instances would be application bugs (the issue is in parsing
the EL expression so there is no way for users to trigger this). It
seems unlikely that this would occur in practice.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
