Priority: High
OacpDiscoveryHandler.readProviderText() calls readText() with no size limit. A malicious or buggy OACP provider could return arbitrarily large data, causing OOM. This also runs on the main thread (see related issue).
Recommended fix
- Cap reads at 1 MB:
readText().take(MAX_SIZE)
- Move discovery to a background thread
- Add explicit
SecurityException handling with clearer error messages
Files
android/app/src/main/kotlin/com/oacp/hark/OacpDiscoveryHandler.kt (line 80)
Priority: High
OacpDiscoveryHandler.readProviderText()callsreadText()with no size limit. A malicious or buggy OACP provider could return arbitrarily large data, causing OOM. This also runs on the main thread (see related issue).Recommended fix
readText().take(MAX_SIZE)SecurityExceptionhandling with clearer error messagesFiles
android/app/src/main/kotlin/com/oacp/hark/OacpDiscoveryHandler.kt(line 80)