From 6d6df8c739c674da6ccc19e945144df6101b6703 Mon Sep 17 00:00:00 2001
From: Naveed Khan <dxbnaveed.k@gmail.com>
Date: Sat, 27 Jun 2026 20:09:00 +0530
Subject: [PATCH 1/2] reject out-of-range values in LongLocaleConverter

The parse method narrowed the result with Long.valueOf(result.longValue()) and had no range check, so a value beyond long range was silently clamped to Long.MAX_VALUE instead of throwing. Add the bounds check, mirroring the sibling Integer/Byte/Short/Float locale converters.
---
 .../converters/LongLocaleConverter.java       |  5 ++++
 .../converters/LongLocaleConverterTest.java   | 29 +++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/src/main/java/org/apache/commons/beanutils2/locale/converters/LongLocaleConverter.java b/src/main/java/org/apache/commons/beanutils2/locale/converters/LongLocaleConverter.java
index 918222e5d..855a5affd 100644
--- a/src/main/java/org/apache/commons/beanutils2/locale/converters/LongLocaleConverter.java
+++ b/src/main/java/org/apache/commons/beanutils2/locale/converters/LongLocaleConverter.java
@@ -78,6 +78,11 @@ protected Long parse(final Object value, final String pattern) throws ParseExcep
             return (Long) result;
         }
 
+        final double doubleValue = result.doubleValue();
+        if (doubleValue < Long.MIN_VALUE || doubleValue > Long.MAX_VALUE) {
+            throw new ConversionException("Supplied number is not of type Long: " + result);
+        }
+
         return Long.valueOf(result.longValue());
     }
 }
diff --git a/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java b/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java
index f1c4f5e22..7df0c97be 100644
--- a/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java
+++ b/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java
@@ -17,6 +17,12 @@
 
 package org.apache.commons.beanutils2.converters;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.fail;
+
+import java.text.DecimalFormat;
+
+import org.apache.commons.beanutils2.ConversionException;
 import org.apache.commons.beanutils2.locale.converters.LongLocaleConverter;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -189,4 +195,27 @@ void testConstructorMain() {
         convertInvalid(converter, "(C)", defaultValue);
         convertNull(converter, "(C)", defaultValue);
     }
+
+    /**
+     * Test Long limits
+     */
+    @Test
+    void testLongLimits() {
+        converter = LongLocaleConverter.builder().setLocale(defaultLocale).get();
+        final DecimalFormat fmt = new DecimalFormat("#");
+        assertEquals(Long.valueOf(Long.MAX_VALUE), converter.convert(fmt.format(Long.MAX_VALUE)), "Long.MAX_VALUE");
+        assertEquals(Long.valueOf(Long.MIN_VALUE), converter.convert(fmt.format(Long.MIN_VALUE)), "Long.MIN_VALUE");
+        try {
+            converter.convert("99999999999999999999");
+            fail("Positive out of range should throw ConversionException");
+        } catch (final ConversionException e) {
+            // expected result
+        }
+        try {
+            converter.convert("-99999999999999999999");
+            fail("Negative out of range should throw ConversionException");
+        } catch (final ConversionException e) {
+            // expected result
+        }
+    }
 }

From ba5329b623d7730c5fddd0e6fe7b25de6e4ac7c0 Mon Sep 17 00:00:00 2001
From: Naveed Khan <dxbnaveed.k@gmail.com>
Date: Sun, 28 Jun 2026 01:11:48 +0530
Subject: [PATCH 2/2] use assertThrows in LongLocaleConverter range test

Signed-off-by: Naveed Khan <dxbnaveed.k@gmail.com>
---
 .../converters/LongLocaleConverterTest.java      | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java b/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java
index 7df0c97be..dac385f3e 100644
--- a/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java
+++ b/src/test/java/org/apache/commons/beanutils2/converters/LongLocaleConverterTest.java
@@ -18,7 +18,7 @@
 package org.apache.commons.beanutils2.converters;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.fail;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.text.DecimalFormat;
 
@@ -205,17 +205,7 @@ void testLongLimits() {
         final DecimalFormat fmt = new DecimalFormat("#");
         assertEquals(Long.valueOf(Long.MAX_VALUE), converter.convert(fmt.format(Long.MAX_VALUE)), "Long.MAX_VALUE");
         assertEquals(Long.valueOf(Long.MIN_VALUE), converter.convert(fmt.format(Long.MIN_VALUE)), "Long.MIN_VALUE");
-        try {
-            converter.convert("99999999999999999999");
-            fail("Positive out of range should throw ConversionException");
-        } catch (final ConversionException e) {
-            // expected result
-        }
-        try {
-            converter.convert("-99999999999999999999");
-            fail("Negative out of range should throw ConversionException");
-        } catch (final ConversionException e) {
-            // expected result
-        }
+        assertThrows(ConversionException.class, () -> converter.convert("99999999999999999999"));
+        assertThrows(ConversionException.class, () -> converter.convert("-99999999999999999999"));
     }
 }