Add validation and better error handling for length prefixes

Copilot · MPCoreDeveloper · Copilot · commit 556fc72d8585 · 2025-12-07T17:08:47.000Z
- Added validation to prevent excessive memory allocation from corrupted length values
- Improved exception handling in full scan to distinguish EOF from corruption
- Added bounds checking for record lengths

Co-authored-by: MPCoreDeveloper &lt;37024522+MPCoreDeveloper@users.noreply.github.com&gt;
diff --git a/SharpCoreDB/DataStructures/Table.cs b/SharpCoreDB/DataStructures/Table.cs
@@ -198,6 +198,12 @@ private List<Dictionary<string, object>> SelectInternal(string? where, string? o
                         // Read the length prefix that was written by AppendBytes
                         int recordLength = reader.ReadInt32();
                         
+                        // Validate length to prevent issues with corrupted data
+                        if (recordLength < 0 || recordLength > data.Length)
+                        {
+                            break; // Corrupted record, stop scanning
+                        }
+                        
                         // Read the record data
                         var recordData = reader.ReadBytes(recordLength);
                         
@@ -215,9 +221,14 @@ private List<Dictionary<string, object>> SelectInternal(string? where, string? o
                         if (valid && (string.IsNullOrEmpty(where) || EvaluateWhere(row, where)))
                             results.Add(row);
                     }
-                    catch
+                    catch (EndOfStreamException)
+                    {
+                        // Reached end of file
+                        break;
+                    }
+                    catch (Exception)
                     {
-                        // End of file or corrupted record
+                        // Corrupted record, skip and continue
                         break;
                     }
                 }
diff --git a/SharpCoreDB/Services/Storage.cs b/SharpCoreDB/Services/Storage.cs
@@ -204,7 +204,13 @@ public long AppendBytes(string path, byte[] data)
         // Read the length prefix that was written by AppendBytes
         int length = reader.ReadInt32();
         
-        // Read the actual data
+        // Validate length to prevent excessive memory allocation
+        if (length < 0 || length > maxLength * 10) // Allow some buffer but prevent abuse
+        {
+            throw new InvalidDataException($"Invalid record length: {length}");
+        }
+        
+        // Read the actual data (maxLength is for the data portion, not including prefix)
         int bytesToRead = Math.Min(length, maxLength);
         var buffer = reader.ReadBytes(bytesToRead);
         
