From b648a9b31872d4bad3ae1b3ff47cf0812b6f1046 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 8 Mar 2026 06:50:55 +0000
Subject: [PATCH 1/2] Initial plan


From a279298f8dc4fd3c3ba42b93b154d9f6d083aadc Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 8 Mar 2026 06:53:20 +0000
Subject: [PATCH 2/2] Add pre/post-decode size guards for data URL base64
 images

Co-authored-by: jacobjmc <111402762+jacobjmc@users.noreply.github.com>
---
 src-tauri/src/shared/codex_core.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src-tauri/src/shared/codex_core.rs b/src-tauri/src/shared/codex_core.rs
index 35b7464..1347b3b 100644
--- a/src-tauri/src/shared/codex_core.rs
+++ b/src-tauri/src/shared/codex_core.rs
@@ -1129,9 +1129,16 @@ fn persist_data_image_to_temp_file(data_url: &str) -> Option<String> {
     if !metadata.starts_with("image/") {
         return None;
     }
+    let estimated_len = encoded.len().saturating_mul(3) / 4;
+    if estimated_len > URL_IMAGE_MAX_BYTES {
+        return None;
+    }
     let bytes = base64::engine::general_purpose::STANDARD
         .decode(encoded)
         .ok()?;
+    if bytes.len() > URL_IMAGE_MAX_BYTES {
+        return None;
+    }
 
     let mut hasher = DefaultHasher::new();
     metadata.hash(&mut hasher);