IndexOutOfBoundsException in XSSFTextParagraph.getBulletAutoNumberScheme() due to hardcoded Enum index access #1032
Description
Issue Description:
In the current trunk version of XSSFTextParagraph.java, the method getBulletAutoNumberScheme() performs a direct array access using an integer value from the XML beans without boundary validation.
When an Excel file is created with a newer or unsupported numbering scheme (e.g., a type value that exceeds the pre-defined ListAutoNumber enum length), the application crashes with an ArrayIndexOutOfBoundsException.
Affected Code:
File: poi-ooxml/src/main/java/org/apache/poi/xssf/usermodel/XSSFTextParagraph.java
Line: (Approx. line 512 in current trunk)
public ListAutoNumber getBulletAutoNumberScheme() {
ParagraphPropertyFetcher<ListAutoNumber> fetcher = new ParagraphPropertyFetcher<ListAutoNumber>(getLevel()){
public boolean fetch(CTTextParagraphProperties props){
if(props.isSetBuAutoNum() && props.getBuAutoNum().getType() != null) {
// DANGEROUS LINE:
setValue(ListAutoNumber.values()[props.getBuAutoNum().getType().intValue() - 1]);
return true;
}
return false;
}
};
// ...
}Steps to Reproduce:
Create an Excel file containing a text box with a specific numbering/bullet format (e.g., newer Office 365 numbering schemes).
Load the file using XSSFWorkbook.
Iterate through XSSFTextParagraph and call getBulletAutoNumberScheme().
Observe java.lang.ArrayIndexOutOfBoundsException: Index 23 out of bounds for length 19.
Suggested Fix:
Add a boundary check or use a mapping method that defaults to ListAutoNumber.ARABIC_PLAIN if the index is out of range.
int typeIdx = props.getBuAutoNum().getType().intValue() - 1;
ListAutoNumber[] values = ListAutoNumber.values();
if (typeIdx >= 0 && typeIdx < values.length) {
setValue(values[typeIdx]);
} else {
setValue(ListAutoNumber.ARABIC_PLAIN);
}