apache
diff --git a/‎java/org/apache/coyote/http2/Hpack.java‎
Lines changed: 1 addition & 1 deletion b/‎java/org/apache/coyote/http2/Hpack.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎test/org/apache/coyote/http2/TestHpack.java‎
Lines changed: 13 additions & 0 deletions b/‎test/org/apache/coyote/http2/TestHpack.java‎
Lines changed: 13 additions & 0 deletions
@@ -179,7 +179,7 @@ static int decodeInteger(ByteBuffer source, int n) throws HpackException {
                     return -1;
                 }
                 b = source.get();
-                result = result + (b & 127) * (PREFIX_TABLE[m] + 1);
+                result = result + (b & 127) * (PREFIX_TABLE[m] + 1L);
                 if (result > Integer.MAX_VALUE) {
                     throw new HpackException(sm.getString("hpack.integerEncodedTooBig"));
                 }
 
@@ -178,6 +178,19 @@ public void testDecodeIntegerMaxValuePlus1() throws HpackException {
         Hpack.decodeInteger(bb, 1);
     }
 
+    @Test(expected = HpackException.class)
+    public void testDecodeIntegerOverflow() throws HpackException {
+        ByteBuffer bb = ByteBuffer.allocate(9);
+        bb.put((byte) 255);
+        bb.put((byte) 254);
+        bb.put((byte) 255);
+        bb.put((byte) 255);
+        bb.put((byte) 255);
+        bb.put((byte) 15);
+        bb.position(0);
+
+        Hpack.decodeInteger(bb, 1);
+    }
 
     @Test(expected = HpackException.class)
     public void testDecodeIntegerZeroValues() throws HpackException {
Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,7 @@ static int decodeInteger(ByteBuffer source, int n) throws HpackException {`
`179`	`179`	`return -1;`
`180`	`180`	`}`
`181`	`181`	`b = source.get();`
`182`		`- result = result + (b & 127) * (PREFIX_TABLE[m] + 1);`
	`182`	`+ result = result + (b & 127) * (PREFIX_TABLE[m] + 1L);`
`183`	`183`	`if (result > Integer.MAX_VALUE) {`
`184`	`184`	`throw new HpackException(sm.getString("hpack.integerEncodedTooBig"));`
`185`	`185`	`}`