Decimal numbers cannot be precisely represented as a BigDecimal if the BigDecimal(double val) constructor is used.
Noncompliant Code Example
This noncompliant code example passes a double value to the BigDecimal constructor. Because of this, precision of the literal is affected.
// prints 0.1000000000000000055511151231257827021181583404541015625 System.out.println(new BigDecimal(0.1));
Compliant Solution
This compliant solution passes the decimal literal as a String so that the BigDecimal(String val) constructor is invoked.
// prints 0.1
System.out.println(new BigDecimal("0.1"));
Risk Assessment
Using the BigDecimal constructor that accepts decimal literals can lead to loss of precision.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FLP08-J |
low |
probable |
low |
P6 |
L2 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
[JLS 2005]
FLP07-J. Do not use floating point variables as loop counters 07. Floating Point (FLP) FLP09-J. Do not rely on the default string representation of floating point values