isJson() java.lang.NumberFormatException

I came across this bug from a production error.

What I’ve found is that if you have an exponent in the string passed to isJson() it will generate a java.lang.NumberFormatException: Too many nonzero exponent digits. Instead of expected behaviour of false.

Where this will succeed

<cfscript>
isJson("blah-0E361118307");
</cfscript>

This will fail by just appending “2” (or any other digit) and generating the exception

<cfscript>
isJson("blah-0E3611183072");
</cfscript>

I have experienced this with the lucee 5.3.9+141 and 5.3.9+133 it worked correctly in 5.3.8+206

Stack trace

lucee.runtime.exp.NativeException: Too many nonzero exponent digits.
  at java.base/java.math.BigDecimal.parseExp(BigDecimal.java:666)
  at java.base/java.math.BigDecimal.<init>(BigDecimal.java:512)
  at java.base/java.math.BigDecimal.<init>(BigDecimal.java:401)
  at java.base/java.math.BigDecimal.<init>(BigDecimal.java:834)
  at lucee.runtime.interpreter.ref.literal.LNumber.<init>(LNumber.java:58)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.number(CFMLExpressionInterpreter.java:1147)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.checker(CFMLExpressionInterpreter.java:956)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.clip(CFMLExpressionInterpreter.java:933)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.negateMinusOp(CFMLExpressionInterpreter.java:921)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.unaryOp(CFMLExpressionInterpreter.java:876)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.expoOp(CFMLExpressionInterpreter.java:866)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.divMultiOp(CFMLExpressionInterpreter.java:832)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.modOp(CFMLExpressionInterpreter.java:815)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter._minus(CFMLExpressionInterpreter.java:725)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.plusMinusOp(CFMLExpressionInterpreter.java:691)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.concatOp(CFMLExpressionInterpreter.java:664)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.decsionOp(CFMLExpressionInterpreter.java:464)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.notOp(CFMLExpressionInterpreter.java:449)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.andOp(CFMLExpressionInterpreter.java:420)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.orOp(CFMLExpressionInterpreter.java:402)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.xorOp(CFMLExpressionInterpreter.java:384)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.eqvOp(CFMLExpressionInterpreter.java:367)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.impOp(CFMLExpressionInterpreter.java:350)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.contOp(CFMLExpressionInterpreter.java:321)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.assignOp(CFMLExpressionInterpreter.java:306)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:208)
  at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:193)
  at lucee.runtime.functions.conversion.IsJSON.call(IsJSON.java:32)
  at index_cfm$cf.call(/index.cfm:2)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1043)
  at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:935)
  at lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:65)
  at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:45)
  at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2475)
  at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2465)
  at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2436)
  at lucee.runtime.engine.Request.exe(Request.java:45)
  at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1198)
  at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1144)
  at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
  at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
  at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
  at org.cfmlprojects.regexpathinfofilter.RegexPathInfoFilter.doFilter(RegexPathInfoFilter.java:47)
  at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:134)
  at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doNext(FusionReactorRequestHandler.java:772)
  at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doHttpServletRequest(FusionReactorRequestHandler.java:344)
  at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doFusionRequest(FusionReactorRequestHandler.java:207)
  at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.handle(FusionReactorRequestHandler.java:809)
  at com.intergral.fusionreactor.j2ee.filter.FusionReactorCoreFilter.doFilter(FusionReactorCoreFilter.java:36)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:71)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at com.intergral.fusionreactor.agent.filter.FusionReactorStaticFilter.doFilter(FusionReactorStaticFilter.java:54)
  at com.intergral.fusionreactor.agent.pointcuts.NewFilterChainPointCut$1.invoke(NewFilterChainPointCut.java:42)
  at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java)
  at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
  at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
  at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
  at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
  at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
  at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
  at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
  at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
  at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
  at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
  at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
  at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
  at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
  at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
  at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
  at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
  at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
  at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
  at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
  at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
  at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
  at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
  at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
  at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)
  at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)
  at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1423)
  at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
  at java.base/java.lang.Thread.run(Thread.java:829)
 Caused by: java.lang.NumberFormatException: Too many nonzero exponent digits.
  ... 103 more
1 Like

I’ve checked this issue and confirmed regression.
Filed a bug: LDEV-4006 - Regression - isJson() throws java.lang.NumberFormatException

1 Like