 Operators for BigDecimal (+, -, %, /%, quot, etc.) don't use value of mc (MathContext)

It can lead for security problems in open systems, which use these operators without checking of scale of received BigDecimal values.

Following code can grab CPU core for several minutes and then will throw an out of memory error: 
```scala
BigDecimal("1e1000000000", java.math.MathContext.DECIMAL128) + 1
```

W/A is using of methods of underlying java.math.BigDecimal, like:
```scala
BigDecimal("1e1000000000").underlying.add(BigDecimal("1").underlying, java.math.MathContext.DECIMAL128)
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Operators for BigDecimal (+, -, %, /%, quot, etc.) don't use value of mc (MathContext) #10882

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Operators for BigDecimal (+, -, %, /%, quot, etc.) don't use value of mc (MathContext) #10882

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions