Friday, March 25, 2011

Fixing the parseDouble Bug in Java via Oracle Patch

To fix this bug assuming you have one of the JVMs that the patch will fix, do the following at your own risk:

1. Download fpupdater.zip from http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater

2. Unzip it and copy the fpupdater.jar file contained within the zipped directory to a location on server in a directory you have access to (e.g. /tmp).

3. Determine the user that owns the Java install, and sudo to that user or have your admin do that.

4. Change to the directory that you copied the file to (e.g. /tmp).

5. Test for the bug. (Note: Wherever I just have "java" listed, you may need to call as "/path/to/java/bin/java" if it isn't already in your command path.)

java -jar fpupdater.jar -t -v
If your JVM has the bug, this will likely produce the result: "Verification test failed; timed out."

If your JVM does not have the bug, this will likely produce the result: "Verification test passed." If it says this, there is no need to continue- in fact, you probably shouldn't.

If the command fails with something like:

Warning: -jar not understood. Ignoring.
Exception in thread "main" java.lang.NoClassDefFoundError: fpupdater.jar
   at _ZN4java4lang11VMThrowable16fillInStackTraceEPNS0_9ThrowableE (/usr/lib64/libgcj.so.5.0.0)
   at _ZN4java4lang9Throwable16fillInStackTraceEv (/usr/lib64/libgcj.so.5.0.0)
   at _ZN4java4lang9ThrowableC1EPNS0_6StringE (/usr/lib64/libgcj.so.5.0.0)
   at _ZN4java4lang5ErrorC1EPNS0_6StringE (/usr/lib64/libgcj.so.5.0.0)
   at _ZN4java4lang12LinkageErrorC1EPNS0_6StringE (/usr/lib64/libgcj.so.5.0.0)
   at _ZN4java4lang20NoClassDefFoundErrorC1EPNS0_6StringE (/usr/lib64/libgcj.so.5.0.0)
   at _ZN3gnu3gcj7runtime11FirstThread3runEv (/usr/lib64/libgcj.so.5.0.0)
   at _Z13_Jv_ThreadRunPN4java4lang6ThreadE (/usr/lib64/libgcj.so.5.0.0)
   at _Z11_Jv_RunMainPN4java4lang5ClassEPKciPS4_b (/usr/lib64/libgcj.so.5.0.0)
   at __gcj_personality_v0 (/tmp/java.version=1.4.2)
   at __libc_start_main (/lib64/tls/libc-2.3.4.so)
   at _Jv_RegisterClasses (/tmp/java.version=1.4.2)
that probably means that the Java you are using is gcj/GCC Java and not Sun/Oracle Java. Assuming you have a Sun/Oracle Java JVM to update, you may need to call java from the Java location you are trying to update, e.g.:
/path/to/java/bin/java -jar fpupdater.jar -t -v

6. Patch it (and if you have to, prepend the path to java, see above.)

java -jar fpupdater.jar -u -v
It tells you where it backed the old file up to if you use -v, just in case it doesn't work. Be sure to record that somewhere in case you need it.

7. Test it again (and if you have to, prepend the path to java, see above.)

java -jar fpupdater.jar -t -v
This should result in "Verification test passed."

8. This is the part you need to handle and I can't really help a lot. You should restart everything, if needed, that uses that version of Java. You could try listing processes that use Java to assist with this (however you do it in your environment):

ps auxf|grep java
But, after that you are on your own about how you want to do that.

9. Test everything!

Good luck.

No comments: