41a3b5c0a5
Add sanity bounds to prevent memory exhaustion when decoding corrupt events with garbage varint values. Previously, corrupt data could cause massive allocations (e.g., make([]byte, 2^60)) leading to OOM crashes. - Add MaxTagsPerEvent (10000), MaxTagElements (100), MaxContentLength (10MB), MaxTagElementLength (1MB) limits - Return sentinel errors for corrupt data instead of logging - Silently skip corrupt events (caller handles gracefully) This fixes crash loops on archive.orly.dev where OOM during writes left corrupt events in bbolt database. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
13 KiB
13 KiB