[I] IndexOutOfBoundsException in XSSFTextParagraph.getBulletAutoNumberScheme() due to hardcoded Enum index access [poi]

Thu, 19 Mar 2026 04:11:35 -0700 


amos-wnjsoft opened a new issue, #1032:
URL: https://github.com/apache/poi/issues/1032

   Issue Description:
   In the current trunk version of XSSFTextParagraph.java, the method 
getBulletAutoNumberScheme() performs a direct array access using an integer 
value from the XML beans without boundary validation.
   
   When an Excel file is created with a newer or unsupported numbering scheme 
(e.g., a type value that exceeds the pre-defined ListAutoNumber enum length), 
the application crashes with an ArrayIndexOutOfBoundsException.
   
   Affected Code:
   File: 
poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFTextParagraph.java
   Line: (Approx. line 512 in current trunk)
   
   ```Java
   public ListAutoNumber getBulletAutoNumberScheme() {
       ParagraphPropertyFetcher<ListAutoNumber> fetcher = new 
ParagraphPropertyFetcher<ListAutoNumber>(getLevel()){
           public boolean fetch(CTTextParagraphProperties props){
               if(props.isSetBuAutoNum() && props.getBuAutoNum().getType() != 
null) {
                   // DANGEROUS LINE:
                   
setValue(ListAutoNumber.values()[props.getBuAutoNum().getType().intValue() - 
1]);
                   return true;
               }
               return false;
           }
       };
       // ...
   }
   ```
   Steps to Reproduce:
   Create an Excel file containing a text box with a specific numbering/bullet 
format (e.g., newer Office 365 numbering schemes).
   
   Load the file using XSSFWorkbook.
   
   Iterate through XSSFTextParagraph and call getBulletAutoNumberScheme().
   
   Observe java.lang.ArrayIndexOutOfBoundsException: Index 23 out of bounds for 
length 19.
   
   Suggested Fix:
   Add a boundary check or use a mapping method that defaults to 
ListAutoNumber.ARABIC_PLAIN if the index is out of range.
   
   ```Java
   int typeIdx = props.getBuAutoNum().getType().intValue() - 1;
   ListAutoNumber[] values = ListAutoNumber.values();
   if (typeIdx >= 0 && typeIdx < values.length) {
       setValue(values[typeIdx]);
   } else {
       setValue(ListAutoNumber.ARABIC_PLAIN);
   }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to