fix(domain_fronter): prevent panic when brace positions are inverted in fallback JSON extraction

CaptainMirage · CaptainMirage · commit d3d41e963486 · 2026-05-16T02:06:57.000+03:30
In three error-path fallback sites (finalize_tunnel_response,
finalize_batch_response, parse_relay_json), the code uses text.find('{')
and text.rfind('}') to extract a JSON object from a messy response. When
the response body is binary garbage, those byte values can appear in any
order, causing start &gt; end. The subsequent &amp;text[start..=end] slice then
panics with 'begin &gt; end' and a SIGILL core dump.

Add a bounds check at all three sites: if start &gt; end, return a structured
BadResponse error instead of slicing. Reproducible whenever Apps Script
returns a non-JSON binary response body.
diff --git a/src/domain_fronter.rs b/src/domain_fronter.rs
@@ -3037,6 +3037,12 @@ impl DomainFronter {
             let end = text.rfind('}').ok_or_else(|| {
                 FronterError::BadResponse("no json end in tunnel response".into())
             })?;
+            if start > end {
+                return Err(FronterError::BadResponse(format!(
+                    "no valid json object in: {}",
+                    &text.chars().take(200).collect::<String>()
+                )));
+            }
             &text[start..=end]
         };
         Ok(serde_json::from_str(json_str)?)
@@ -3205,6 +3211,12 @@ impl DomainFronter {
             let end = text.rfind('}').ok_or_else(|| {
                 FronterError::BadResponse("no json end in batch response".into())
             })?;
+            if start > end {
+                return Err(FronterError::BadResponse(format!(
+                    "no valid json object in: {}",
+                    &text.chars().take(200).collect::<String>()
+                )));
+            }
             &text[start..=end]
         };
         // Don't log payload content. Batch responses carry base64-encoded
@@ -4574,6 +4586,12 @@ fn parse_relay_json(body: &[u8]) -> Result<Vec<u8>, FronterError> {
                         &text[..text.len().min(200)]
                     ))
                 })?;
+                if start > end {
+                    return Err(FronterError::BadResponse(format!(
+                        "no valid json object in: {}",
+                        &text.chars().take(200).collect::<String>()
+                    )));
+                }
                 serde_json::from_str(&text[start..=end])?
             }
         }
