zat.dev
atproto utils for zig
zat.dev
atproto
sdk
zig
feat: add size limits to CAR parser
reject CAR data > 2MB and block count > 10,000, matching indigo's
safety limits. removes the last correctness asymmetry in the benchmarks.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
zzstoatzz.io
+10
src/internal/repo/car.zig
+10
src/internal/repo/car.zig
···
32
32
UnexpectedEof,
33
33
OutOfMemory,
34
34
BadBlockHash,
35
+
BlocksTooLarge,
36
+
TooManyBlocks,
35
37
};
38
+
39
+
/// match indigo's safety limits
40
+
const max_blocks_size: usize = 2 * 1024 * 1024; // 2 MB
41
+
const max_block_count: usize = 10_000;
36
42
37
43
pub const ReadOptions = struct {
38
44
/// verify that each block's content hashes to its CID.
···
48
54
49
55
/// parse a CAR v1 file from raw bytes with options
50
56
pub fn readWithOptions(allocator: Allocator, data: []const u8, options: ReadOptions) CarError!Car {
57
+
if (data.len > max_blocks_size) return error.BlocksTooLarge;
58
+
51
59
var pos: usize = 0;
52
60
53
61
// read header length (unsigned varint)
···
96
104
if (options.verify_block_hashes) {
97
105
try verifyBlockHash(cid_bytes, content);
98
106
}
107
+
108
+
if (blocks.items.len >= max_block_count) return error.TooManyBlocks;
99
109
100
110
try blocks.append(allocator, .{
101
111
.cid_raw = cid_bytes,