Skip to content

Guard deep link map parser against OOM via oversized input#66

Draft
Copilot wants to merge 5 commits into
masterfrom
copilot/fix-deep-link-map-parsing
Draft

Guard deep link map parser against OOM via oversized input#66
Copilot wants to merge 5 commits into
masterfrom
copilot/fix-deep-link-map-parsing

Conversation

Copilot AI commented Apr 9, 2026
edited
Loading

Copy link
Copy Markdown

Crafted roboyard://open?data=... deep links with arbitrarily large board dimensions or excessive robot/target counts could cause an OutOfMemoryError in convertWebFormatToAppFormat — a remote denial-of-service with no user interaction required.

Changes

MainActivity.java

  • Added size-limit constants: 
    private static final int DEEPLINK_MAX_WIDTH   = 200;
private static final int DEEPLINK_MAX_HEIGHT  = 200;
private static final int DEEPLINK_MAX_CELLS   = 40_000;
private static final int DEEPLINK_MAX_ROBOTS  = 50;
private static final int DEEPLINK_MAX_TARGETS = 50;
  • Validate width, height, and width × height before allocating the grid; return null immediately on violation
  • Robot/target collection loops now return null as soon as the count exceeds its limit (fail-fast — no list over-allocation)
  • handleIntent handles the null return: shows a localized Toast and drops the deep link silently

String resources

  • Added deeplink_map_too_large to all 9 language files (en, de, es, fr, ko, ja, zh, pl, pt-rBR)

rubo77 and others added 3 commits April 4, 2026 08:21
@rubo77
Version 48 (130)
f1ed140 
- Switch between English, German, Spanish, French, Korean, Chinese, Japanese, Polish and Portuguese (Brazil)
@rubo77
apk 48
495b03e
Initial plan
b1c462c
Copilot AI linked an issue Apr 9, 2026 that may be closed by this pull request
Deep link map parsing allows OOM crash (missing size limits) #65
Closed
Copilot AI and others added 2 commits April 9, 2026 04:02
@rubo77
Add size limits to deep link map parsing to prevent OOM crash
12f5113 
- Add constants: DEEPLINK_MAX_WIDTH=200, DEEPLINK_MAX_HEIGHT=200,
  DEEPLINK_MAX_CELLS=40000, DEEPLINK_MAX_ROBOTS=50, DEEPLINK_MAX_TARGETS=50
- Validate board dimensions before allocating grid in convertWebFormatToAppFormat
- Validate robot count and target count before processing
- Return null from convertWebFormatToAppFormat when limits are exceeded
- Show Toast error and ignore the deep link in handleIntent on null return
- Add deeplink_map_too_large string to all 9 language resource files

Agent-Logs-Url: https://github.com/Eastcoast-Laboratories/Roboyard/sessions/0909791c-f81a-425c-b84a-00412f0eb8dc

Co-authored-by: rubo77 <1591563+rubo77@users.noreply.github.com>
@rubo77
Fail fast on oversized robot/target counts in deep link parser
3d6d1e8 
Agent-Logs-Url: https://github.com/Eastcoast-Laboratories/Roboyard/sessions/0909791c-f81a-425c-b84a-00412f0eb8dc

Co-authored-by: rubo77 <1591563+rubo77@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix OOM crash in deep link map parsing with size limits Guard deep link map parser against OOM via oversized input Apr 9, 2026
Copilot AI requested a review from rubo77 April 9, 2026 04:05
@rubo77 rubo77 force-pushed the master branch 3 times, most recently from 5681451 to 2607101 Compare May 28, 2026 09:19
@rubo77 rubo77 force-pushed the master branch 3 times, most recently from eecae00 to e2cbf53 Compare June 16, 2026 04:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rubo77 rubo77 Awaiting requested review from rubo77

Assignees

@rubo77 rubo77

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Deep link map parsing allows OOM crash (missing size limits)

2 participants

@rubo77