I came across this bug from a production error.
What I’ve found is that if you have an exponent in the string passed to isJson() it will generate a java.lang.NumberFormatException: Too many nonzero exponent digits. Instead of expected behaviour of false.
Where this will succeed
<cfscript>
isJson("blah-0E361118307");
</cfscript>
This will fail by just appending “2” (or any other digit) and generating the exception
<cfscript>
isJson("blah-0E3611183072");
</cfscript>
I have experienced this with the lucee 5.3.9+141 and 5.3.9+133 it worked correctly in 5.3.8+206
Stack trace
lucee.runtime.exp.NativeException: Too many nonzero exponent digits.
at java.base/java.math.BigDecimal.parseExp(BigDecimal.java:666)
at java.base/java.math.BigDecimal.<init>(BigDecimal.java:512)
at java.base/java.math.BigDecimal.<init>(BigDecimal.java:401)
at java.base/java.math.BigDecimal.<init>(BigDecimal.java:834)
at lucee.runtime.interpreter.ref.literal.LNumber.<init>(LNumber.java:58)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.number(CFMLExpressionInterpreter.java:1147)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.checker(CFMLExpressionInterpreter.java:956)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.clip(CFMLExpressionInterpreter.java:933)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.negateMinusOp(CFMLExpressionInterpreter.java:921)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.unaryOp(CFMLExpressionInterpreter.java:876)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.expoOp(CFMLExpressionInterpreter.java:866)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.divMultiOp(CFMLExpressionInterpreter.java:832)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.modOp(CFMLExpressionInterpreter.java:815)
at lucee.runtime.interpreter.CFMLExpressionInterpreter._minus(CFMLExpressionInterpreter.java:725)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.plusMinusOp(CFMLExpressionInterpreter.java:691)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.concatOp(CFMLExpressionInterpreter.java:664)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.decsionOp(CFMLExpressionInterpreter.java:464)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.notOp(CFMLExpressionInterpreter.java:449)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.andOp(CFMLExpressionInterpreter.java:420)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.orOp(CFMLExpressionInterpreter.java:402)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.xorOp(CFMLExpressionInterpreter.java:384)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.eqvOp(CFMLExpressionInterpreter.java:367)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.impOp(CFMLExpressionInterpreter.java:350)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.contOp(CFMLExpressionInterpreter.java:321)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.assignOp(CFMLExpressionInterpreter.java:306)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:208)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpret(CFMLExpressionInterpreter.java:193)
at lucee.runtime.functions.conversion.IsJSON.call(IsJSON.java:32)
at index_cfm$cf.call(/index.cfm:2)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1043)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:935)
at lucee.runtime.listener.ClassicAppListener._onRequest(ClassicAppListener.java:65)
at lucee.runtime.listener.MixedAppListener.onRequest(MixedAppListener.java:45)
at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2475)
at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2465)
at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2436)
at lucee.runtime.engine.Request.exe(Request.java:45)
at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1198)
at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1144)
at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.cfmlprojects.regexpathinfofilter.RegexPathInfoFilter.doFilter(RegexPathInfoFilter.java:47)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:134)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doNext(FusionReactorRequestHandler.java:772)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doHttpServletRequest(FusionReactorRequestHandler.java:344)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.doFusionRequest(FusionReactorRequestHandler.java:207)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorRequestHandler.handle(FusionReactorRequestHandler.java:809)
at com.intergral.fusionreactor.j2ee.filter.FusionReactorCoreFilter.doFilter(FusionReactorCoreFilter.java:36)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.intergral.fusionreactor.j2ee.filterchain.WrappedFilterChain.doFilter(WrappedFilterChain.java:71)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.intergral.fusionreactor.agent.filter.FusionReactorStaticFilter.doFilter(FusionReactorStaticFilter.java:54)
at com.intergral.fusionreactor.agent.pointcuts.NewFilterChainPointCut$1.invoke(NewFilterChainPointCut.java:42)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1423)
at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.NumberFormatException: Too many nonzero exponent digits.
... 103 more