Fix possible integer overflow

[rustamque]

If dataIndex is less than -2147483648, InvalidSourceBufferIndex will not be thrown. In this case, int ndataIndex = (int)dataIndex; assigns ndataIndex the truncated value of dataIndex.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

[dotnet-policy-service]

Tagging subscribers to this area: @SamMonoRT, @dotnet/efteam
See info in area-owners.md if you want to be subscribed.

[stephentoub]

dataIndex was just checked for being > int.MaxValue on the previous line, so it's definitely not here.

This shouldn't have an extra if block throwing a different exception type. The fix should just be to add a (ulong)dataIndex cast on L117. Same for the other version of this change below.

There should also be an included test that fails before the fix and passes after.

Thanks.

[rustamque]

Thanks for the review, Stephen! Working on your comments.

[rustamque]

@rustamque please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@dotnet-policy-service agree [company="{your company}"]

Options:

• (default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.

@dotnet-policy-service agree

• (when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.

@dotnet-policy-service agree company="Microsoft"

Contributor License Agreement

@dotnet-policy-service agree company="Linux Verification Center"