Socket checks coord sizes (esp. to prevent non-list inputs)

author: Holden Rohrer <hr@hrhr.dev> 2020-07-16 12:32:48 -0400
committer: Holden Rohrer <hr@hrhr.dev> 2020-07-16 12:32:48 -0400
commit: 1eefea00737117706bb6cca5a2882cb2e081d5ab (patch)
tree: 52c5b147fd834056966b23d7acee2cc139b0d04a
parent: b7df60369e35df143dc26a024a1ed0b4038c1889 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/socket.js b/socket.js
index e49cd28..47e558d 100644
--- a/socket.js
+++ b/socket.js
@@ -48,9 +48,10 @@ class Socket extends retryws {
     });
 
     this.fetch = function(coords){ //coords is a list of min/max pairs of y/x coordinate pairs which each describe at most 1000 tiles
-    //Unchecked for speed
       for (let i=0; i<coords.length; i++){
-        coords[i] = {"minY":coords[i][0][0], "minX":coords[i][0][1], "maxY":coords[i][1][0], "maxX":coords[i][1][1]};
+        let c = coords[i];
+        if ( (c[1][0]-c[0][0]+1) * (c[1][1]-c[0][1]+1) > 1000) throw "Fetch has overlarge rectangular request";
+        coords[i] = {"minY":c[0][0], "minX":c[0][1], "maxY":c[1][0], "maxX":c[1][1]};
       }
       this.send( JSON.stringify({
         "fetchRectangles": coords,
author	Holden Rohrer <hr@hrhr.dev>	2020-07-16 12:32:48 -0400
committer	Holden Rohrer <hr@hrhr.dev>	2020-07-16 12:32:48 -0400
commit	1eefea00737117706bb6cca5a2882cb2e081d5ab (patch)
tree	52c5b147fd834056966b23d7acee2cc139b0d04a
parent	b7df60369e35df143dc26a024a1ed0b4038c1889 (diff)