From f34b6e85b01f7825ea061e5a3445cc0f56d1ce95 Mon Sep 17 00:00:00 2001
From: Ambrose Chua <ambrose@hey.com>
Date: Mon, 6 May 2024 10:10:23 +0800
Subject: [PATCH] Prevent crash due to large memory allocation (#291)

---
 mcproto/read.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mcproto/read.go b/mcproto/read.go
index 77bd20a..4aedc48 100644
--- a/mcproto/read.go
+++ b/mcproto/read.go
@@ -160,6 +160,12 @@ func ReadFrame(reader io.Reader, addr net.Addr) (*Frame, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	// Limit frame length to 2^21 - 1
+	if frame.Length > 2097151 {
+		return nil, errors.Errorf("frame length %d too large", frame.Length)
+	}
+
 	logrus.
 		WithField("client", addr).
 		WithField("length", frame.Length).