From a5efaf30095d8e9e261e54e723ba07396e1cce39 Mon Sep 17 00:00:00 2001 From: Anton Arhipov Date: Wed, 29 Oct 2025 13:34:25 +0200 Subject: [PATCH] Update app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java safe handling of bounds Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../api/security/WatermarkController.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java index e43a2d9f4..a8e90d633 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java @@ -645,10 +645,16 @@ public class WatermarkController { if (request.getBounds() != null && !request.getBounds().isEmpty()) { String[] boundsParts = request.getBounds().split(","); if (boundsParts.length == 4) { - boundsX = Float.parseFloat(boundsParts[0].trim()); - boundsY = Float.parseFloat(boundsParts[1].trim()); - boundsWidth = Float.parseFloat(boundsParts[2].trim()); - boundsHeight = Float.parseFloat(boundsParts[3].trim()); + try { + boundsX = Float.parseFloat(boundsParts[0].trim()); + boundsY = Float.parseFloat(boundsParts[1].trim()); + boundsWidth = Float.parseFloat(boundsParts[2].trim()); + boundsHeight = Float.parseFloat(boundsParts[3].trim()); + } catch (NumberFormatException e) { + log.warn("Invalid bounds format: {}", request.getBounds(), e); + return ResponseEntity.badRequest() + .body(WebResponseUtils.error("Invalid bounds format. Expected four comma-separated numbers.")); + } } }