metsw24-max opened a new pull request, #1076: URL: https://github.com/apache/poi/pull/1076
Replace unchecked uint32-to-int narrowing in HDGF PointerFactory for offset and length fields with Math.toIntExact. These values originate from LittleEndian.getUInt(...) and later flow into stream offset/length arithmetic and StreamStore construction. Malformed values above Integer.MAX_VALUE could previously wrap into negative or truncated integers. This change aligns PointerFactory with the HDGF ChunkHeader hardening introduced in PR #1075 and with the broader parser hardening work using Math.toIntExact for structural size and offset fields. Address parsing intentionally remains unchanged because the value is only used for diagnostic/debug output and does not participate in bounds calculations. Added regression tests covering: - oversized offset rejection - oversized length rejection - v5 and v6+ parsing paths - acceptance of Integer.MAX_VALUE boundary values -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
