Oracle has released a fix for security alert CVE-2010-4476 — the “Java Hangs on 2.2250738585072012e-308 bug.” The fix comes in the form of something called the FPUpdater Tool, which updates rt.jar. I tested it on my Windows XP system and it works.

Running FPUpdater

I downloaded and extracted fpupdater.jar and then ran this command:

"C:\Program Files\Java\jre6\bin\java" -jar fpupdater.jar -u -v

This was the output (formatted for display):

FPUpdater java.home: C:\Program Files\Java\jre6 java.vendor: Sun Microsystems Inc. java.version: 1.6.0_23 os.name: Windows XP Checking for update for major: 1.6.0 minor: 23 Retrieved update jar file from tool: C:\Program Files\Java\jre6\ tmpUpdate2208012852213660487\tmpUpdate5228545869487358026.jar Updating files. Please note this can take several minutes to run. Allow FPUpdater tool to complete. Jar file C:\Program Files\Java\jre6\lib\rt.jar.fpupdater succesfully verified. Done backup of rt.jar to C:\Program Files\Java\jre6\lib\ rt.jar.fpupdater Extracting C:\Program Files\Java\jre6\lib\rt.jar to working copy C:\Program Files\Java\jre6\lib\tmpUpdate7145466411537220462\ copyofRt.jar Recreating rt.jar Rebuilt. Jar file C:\Program Files\Java\jre6\lib\ tmpUpdate7145466411537220462\copyofRt.jar succesfully verified. Moving working copy of rt.jar back to live rt.jar. Update applied successfully to java.home path : C:\Program Files\Java\jre6

I have two instances of the JRE,

so I had to run the tool a second time, as per these instructions:

“If you run more than one instance of the JRE, for example if you have an instance of the JRE inside a JDK bundle and another standalone JRE, you need to run the tool against each instance to update them.”

I used this command:

"C:\Program Files\Java\jdk1.6.0_23\jre\bin\java" -jar fpupdater.jar -u -v

(The output was similar.)

After executing FPUpdater twice, both the runtime and compile time hangs were fixed.

No Source Code Available Yet

The source code for the fix is not available yet, but I’m told it will be soon. The fix updates FloatingDecimal.java, but I don’t know if it is the suggested fix. I’ll keep you posted.