From 332cbae93220ea405ae7d9fb053c9c932db4d9e0 Mon Sep 17 00:00:00 2001
From: Yoshito Umaoka <y.umaoka@gmail.com>
Date: Tue, 9 Oct 2012 17:27:38 +0000
Subject: [PATCH] ICU-9640 Documented the internal maximum digit limit used by
 DecimalFormat#parse introduced by ticket#5698 in ICU4J.

X-SVN-Rev: 32576
---
 .../classes/core/src/com/ibm/icu/text/DecimalFormat.java   | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/icu4j/main/classes/core/src/com/ibm/icu/text/DecimalFormat.java b/icu4j/main/classes/core/src/com/ibm/icu/text/DecimalFormat.java
index bea589f0810..f2ef8b58b12 100644
--- a/icu4j/main/classes/core/src/com/ibm/icu/text/DecimalFormat.java
+++ b/icu4j/main/classes/core/src/com/ibm/icu/text/DecimalFormat.java
@@ -342,6 +342,13 @@ import com.ibm.icu.util.ULocale.Category;
  * {@link #parse(String)} indicates parse failure by throwing a {@link
  * java.text.ParseException}.
  *
+ * <p>Parsing an extremely large or small absolute value (such as 1.0E10000 or 1.0E-10000)
+ * requires huge memory allocation for representing the parsed number. Such input may expose
+ * a risk of DoS attacks. To prevent huge memory allocation triggered by such inputs,
+ * <code>DecimalFormat</code> internally limits of maximum decimal digits to be 1000. Thus,
+ * an input string resulting more than 1000 digits in plain decimal representation (non-exponent)
+ * will be treated as either overflow (positive/negative infinite) or underflow (+0.0/-0.0).
+ * 
  * <h4>Formatting</h4>
  *
  * <p>Formatting is guided by several parameters, all of which can be specified either
-- 
2.40.0