jmestwa-coder opened a new pull request, #1053:
URL: https://github.com/apache/poi/pull/1053
### Summary
This change updates buffer size calculations in HSLF blip processing to
avoid potential integer overflow before array allocation.
### What changed
\- Replaced inline size calculations using \`new byte\[...\]\` with:
\- \`long\`-based size computation
\- \`IOUtils.safelyAllocate(...)\` for allocation
\- Applied consistently to:
\- \`Bitmap\`
\- \`EMF\`
\- \`PICT\`
\- \`WMF\`
### Why
In the current implementation, buffer sizes are computed using integer
arithmetic:
new byte\[a + b + c\]
If intermediate values exceed Integer.MAX\_VALUE, this can overflow before
allocation, leading to incorrect buffer sizes and runtime failures.
Using IOUtils.safelyAllocate ensures:
* size is evaluated using long
* overflow is detected before allocation
* behavior is consistent with existing POI safety patterns
### Scope
* Limited to HSLF blip classes only
* No API changes
* No behavioral changes for valid inputs
### Notes
This follows the same allocation safety approach already used in other parts
of POI.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
