SpringBoot spring.webflux.multipart.max-disk-usage-per-part behaves incorrectly for values where the number of bytes overflows an int

When spring.webflux.multipart.max-disk-usage-per-part is set to value that translates to more than MAX_INT bytes (e.g., 3000MB), it causes misconfiguration and consequently much smaller files/parts are denied with HTTP code 413.

The root cause is this code in ReactiveMultipartAutoConfiguration:

map.from(multipartProperties::getMaxDiskUsagePerPart)
  .asInt(DataSize::toBytes)
  .to(defaultPartHttpMessageReader::setMaxDiskUsagePerPart);

Fix should be simply using .as(DataSeize::toBytes) instead since setMaxDiskUsagePerPart accepts parameter of type long and there's no need for conversion to int.

Comment From: koscejev

Sorry, I wanted to submit PR with fix (and updated test), but I'm having trouble building the project.

Comment From: Gby56

Is this the fix related to CVE-2023-34055 ? There is little technical information links in the advisory

Comment From: wilkinsona

No, this fix is completely unrelated to CVE-2023-34055.