From 1ec0207fb5fe772e47b257ab2b0c26ff85f94598 Mon Sep 17 00:00:00 2001
From: xuri <xuri.me@gmail.com>
Date: Tue, 20 Jul 2021 23:04:50 +0800
Subject: Fix code security issue

---
 calc.go   | 9 ++++-----
 lib.go    | 5 +----
 styles.go | 8 ++++----
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/calc.go b/calc.go
index 2d10e3b..3bb81b8 100644
--- a/calc.go
+++ b/calc.go
@@ -7401,7 +7401,7 @@ func (fn *formulaFuncs) cumip(name string, argsList *list.List) formulaArg {
 	if start.Number < 1 || start.Number > end.Number {
 		return newErrorFormulaArg(formulaErrorNA, formulaErrorNA)
 	}
-	num, ipmt := 0.0, newNumberFormulaArg(0)
+	num := 0.0
 	for per := start.Number; per <= end.Number; per++ {
 		args := list.New().Init()
 		args.PushBack(rate)
@@ -7411,11 +7411,10 @@ func (fn *formulaFuncs) cumip(name string, argsList *list.List) formulaArg {
 		args.PushBack(newNumberFormulaArg(0))
 		args.PushBack(typ)
 		if name == "CUMIPMT" {
-			ipmt = fn.IPMT(args)
-		} else {
-			ipmt = fn.PPMT(args)
+			num += fn.IPMT(args).Number
+			continue
 		}
-		num += ipmt.Number
+		num += fn.PPMT(args).Number
 	}
 	return newNumberFormulaArg(num)
 }
diff --git a/lib.go b/lib.go
index 00a67d9..df2af4a 100644
--- a/lib.go
+++ b/lib.go
@@ -63,10 +63,7 @@ func (f *File) readXML(name string) []byte {
 // saveFileList provides a function to update given file content in file list
 // of XLSX.
 func (f *File) saveFileList(name string, content []byte) {
-	newContent := make([]byte, 0, len(XMLHeader)+len(content))
-	newContent = append(newContent, []byte(XMLHeader)...)
-	newContent = append(newContent, content...)
-	f.Pkg.Store(name, newContent)
+	f.Pkg.Store(name, append([]byte(XMLHeader), content...))
 }
 
 // Read file content as string in a archive file.
diff --git a/styles.go b/styles.go
index 5b9b200..07ccab1 100644
--- a/styles.go
+++ b/styles.go
@@ -3130,11 +3130,11 @@ func ThemeColor(baseColor string, tint float64) string {
 	if tint == 0 {
 		return "FF" + baseColor
 	}
-	r, _ := strconv.ParseInt(baseColor[0:2], 16, 64)
-	g, _ := strconv.ParseInt(baseColor[2:4], 16, 64)
-	b, _ := strconv.ParseInt(baseColor[4:6], 16, 64)
+	r, _ := strconv.ParseUint(baseColor[0:2], 16, 64)
+	g, _ := strconv.ParseUint(baseColor[2:4], 16, 64)
+	b, _ := strconv.ParseUint(baseColor[4:6], 16, 64)
 	var h, s, l float64
-	if r >= 0 && r <= math.MaxUint8 && g >= 0 && g <= math.MaxUint8 && b >= 0 && b <= math.MaxUint8 {
+	if r <= math.MaxUint8 && g <= math.MaxUint8 && b <= math.MaxUint8 {
 		h, s, l = RGBToHSL(uint8(r), uint8(g), uint8(b))
 	}
 	if tint < 0 {
-- 
cgit v1.2.1