metsw24-max opened a new pull request, #1064:
URL: https://github.com/apache/poi/pull/1064
Harden HPSF parsing against integer overflow conditions in Unicode string
and array size calculations. Malformed or extreme metadata values are now
rejected explicitly instead of relying on wrapped arithmetic behavior.
## Changes Done
- Replaced unchecked multiplication with Math.multiplyExact(...) in:
- UnicodeString.read
- Array.ArrayHeader.getNumberOfScalarValues
- Added validation rejecting negative Unicode string lengths
- Converted overflow conditions into IllegalPropertySetDataException
- Ensured overflow is detected at parse time before allocation or downstream
processing
## Tests
Added coverage for:
- Unicode string byte-length overflow
- Negative Unicode string lengths
- Array scalar-count overflow from oversized dimensions
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
