Sanitize input for substring$ (JabRef#11322)

src/main/java/org/jabref/logic/bst/BstFunctions.java

@@ -711,12 +711,9 @@ void bstSubstring(BstVMVisitor visitor, ParserRuleContext ctx) {
             length = Integer.MAX_VALUE / 2;
         }
 
-        if (start > (Integer.MAX_VALUE / 2)) {
-            start = Integer.MAX_VALUE / 2;
-        }
-
-        if (start < (Integer.MIN_VALUE / 2)) {
-            start = -Integer.MIN_VALUE / 2;
+        if ((start > string.length()) || (start < -string.length())) {
+            stack.push("");
+            return;
         }
 
         if (start < 0) {
@@ -726,7 +723,12 @@ void bstSubstring(BstVMVisitor visitor, ParserRuleContext ctx) {
         }
 
         int zeroBasedStart = start - 1;
-        String result = string.substring(zeroBasedStart, Math.min(zeroBasedStart + length, string.length()));
+        int zeroBasedEnd = Math.min(zeroBasedStart + length, string.length());
+
+        // Sanitize too large start values
+        zeroBasedStart = Math.min(zeroBasedStart, zeroBasedEnd);
+
+        String result = string.substring(zeroBasedStart, zeroBasedEnd);
 
         LOGGER.trace("substring$(s, start, len): ({}, {}, {})={}", string, start, length, result);
         stack.push(result);

src/test/java/org/jabref/logic/bst/BstFunctionsTest.java

@@ -213,7 +213,8 @@ public void substring() throws RecognitionException {
             "abc, abcd, -2, 2147483647",
             "b, abcd, -3, 1",
             "a, abcd, -4, 1",
-            "'', abcd, -5, 1" // invalid number -5
+            "'', abcd, -5, 1",                    // invalid number -5
+            "'', abcd, -2147483647, 2147483647",  // invalid number
     })
     void substringPlain(String expected, String full, Integer start, Integer length) {
         BstVMContext bstVMContext = new BstVMContext(List.of(), new BibDatabase(), Path.of("404.bst"));