From df1f46c2cce90b7a90c31ce61cd0383f9de96252 Mon Sep 17 00:00:00 2001
From: panel-sk <panel@centrum.sk>
Date: Wed, 28 Jan 2026 01:37:13 +0100
Subject: [PATCH] Fix memory exhaustion when reading corrupted FPT memo files

Prevents the memo reader from attempting to allocate excessive memory when encountering corrupted FPT files.

Added a safety check to limit the maximum memo length to 100MB per column, preventing fatal memory errors (e.g., attempts to allocate ~1.9GB) during file processing.
---
 src/Memo/FoxproMemo.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Memo/FoxproMemo.php b/src/Memo/FoxproMemo.php
index 1c97ff7..b3597c2 100644
--- a/src/Memo/FoxproMemo.php
+++ b/src/Memo/FoxproMemo.php
@@ -51,6 +51,12 @@ public function get(int $pointer): ?MemoObject
         $info = unpack('N', $this->fp->read(self::BLOCK_TYPE_LENGTH)); //todo figure out type-enums
 
         $memoLength = unpack('N', $this->fp->read(self::BLOCK_LENGTH_LENGTH));
+        
+        // Safety check: prevent reading corrupted/huge memo fields (max 100MB)
+        if ($memoLength[1] > 104857600) {
+            throw new \Exception("Corrupted FPT file: memo field size {$memoLength[1]} bytes exceeds 100MB limit");
+        }
+        
         $result = $this->fp->read($memoLength[1]);
 
         $info = $this->guessDataType($result);