From: PJ Fanning <fanningpj@apache.org>
Date: Mon, 15 Apr 2019 23:10:04 +0000 (+0000)
Subject: some more checks for int overflows
X-Git-Tag: REL_4_1_1~129
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=cf5b72bc0072d6873a2d225db4bf986ddf2dd759;p=poi.git

some more checks for int overflows

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1857609 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/java/org/apache/poi/poifs/filesystem/POIFSDocument.java b/src/java/org/apache/poi/poifs/filesystem/POIFSDocument.java
index a47b2d8300..e43029d459 100644
--- a/src/java/org/apache/poi/poifs/filesystem/POIFSDocument.java
+++ b/src/java/org/apache/poi/poifs/filesystem/POIFSDocument.java
@@ -154,7 +154,7 @@ public final class POIFSDocument implements POIFSViewable, Iterable<ByteBuffer>
            }
        }
 
-       return (int)length;
+       return Math.toIntExact(length);
    }
    
    /**
diff --git a/src/java/org/apache/poi/poifs/property/RootProperty.java b/src/java/org/apache/poi/poifs/property/RootProperty.java
index 3cb4a6e43b..c74a02a29d 100644
--- a/src/java/org/apache/poi/poifs/property/RootProperty.java
+++ b/src/java/org/apache/poi/poifs/property/RootProperty.java
@@ -17,6 +17,7 @@
 
 package org.apache.poi.poifs.property;
 
+import org.apache.commons.math3.util.ArithmeticUtils;
 import org.apache.poi.poifs.common.POIFSConstants;
 
 /**
@@ -55,7 +56,7 @@ public final class RootProperty extends DirectoryProperty {
     {
         final int BLOCK_SHIFT = 6;
         final int _block_size = 1 << BLOCK_SHIFT;
-        super.setSize(size * _block_size);
+        super.setSize(ArithmeticUtils.mulAndCheck(size, _block_size));
     }
 
     /**
diff --git a/src/java/org/apache/poi/ss/formula/EvaluationConditionalFormatRule.java b/src/java/org/apache/poi/ss/formula/EvaluationConditionalFormatRule.java
index a487b36ec4..a478982021 100644
--- a/src/java/org/apache/poi/ss/formula/EvaluationConditionalFormatRule.java
+++ b/src/java/org/apache/poi/ss/formula/EvaluationConditionalFormatRule.java
@@ -455,7 +455,7 @@ public class EvaluationConditionalFormatRule implements Comparable<EvaluationCon
                         Collections.sort(allValues);
                     }
                     
-                    int limit = (int) conf.getRank();
+                    int limit = Math.toIntExact(conf.getRank());
                     if (conf.getPercent()) {
                         limit = allValues.size() * limit / 100;
                     }