From c5f51e935ecf614d788bff3d5a40793ee4939f13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20T=C5=AFma?= <tumic@cbox.cz>
Date: Tue, 25 Feb 2025 20:23:01 +0100
Subject: [PATCH] Limit maximal allowed CSV entries size

---
 src/common/csv.cpp | 7 +++++--
 src/common/csv.h   | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/common/csv.cpp b/src/common/csv.cpp
index f2e1cb32..c8adabed 100644
--- a/src/common/csv.cpp
+++ b/src/common/csv.cpp
@@ -7,15 +7,18 @@ RFC 4180 parser with the following enchancements:
  - allows LF line ends in addition to CRLF line ends
 */
 
-bool CSV::readEntry(QByteArrayList &list)
+bool CSV::readEntry(QByteArrayList &list, int limit)
 {
-	int state = 0;
+	int state = 0, len = 0;
 	char c;
 	QByteArray field;
 
 	list.clear();
 
 	while (_device->getChar(&c)) {
+		if (limit && ++len > limit)
+			return false;
+
 		switch (state) {
 			case 0:
 				if (c == '\r')
diff --git a/src/common/csv.h b/src/common/csv.h
index a80e715f..861553dc 100644
--- a/src/common/csv.h
+++ b/src/common/csv.h
@@ -9,7 +9,7 @@ public:
 	CSV(QIODevice *device, char delimiter = ',')
 	  : _device(device), _delimiter(delimiter), _line(1) {}
 
-	bool readEntry(QByteArrayList &list);
+	bool readEntry(QByteArrayList &list, int limit = 4096);
 	bool atEnd() const {return _device->atEnd();}
 	int line() const {return _line;}