Closed cowtowncoder closed 3 years ago
Hmmmh. Looks like comparing scale
to any static limit will not solve the issue since number of trailing zeroes can vary.
Catching exception seems ugly but might be the only way...
I think catching and not stripping zeros in that case could be sufficiently backwards compatible. It would have the advantage that this would never throw for any representable BigDecimal, which people may rightfully expect given that a default of stripping zeros is a bit arbitrary.
New fix done in jackson-databind
to just catch the exception: since this is continuation of
(note: discovered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32579)
Looks like there is an unhandled Overflow for certain types of
BigDecimal
values fuzzer creates. Would be nice to cleanly handle; but at very least catch exception and rethrow, if need be. Does not immediately appear to be a security related as JDK code reports it based on checks.