From eb86151307d6c68189adc723b7ea57fb2885dffc Mon Sep 17 00:00:00 2001
From: Chris Hennes <chennes@pioneerlibrarysystem.org>
Date: Thu, 20 Mar 2025 23:08:19 -0500
Subject: [PATCH] Mesh: Sanity-check old file format size

---
 src/Mod/Mesh/App/Core/MeshKernel.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/Mod/Mesh/App/Core/MeshKernel.cpp b/src/Mod/Mesh/App/Core/MeshKernel.cpp
index 5d58221064..be46d392c4 100644
--- a/src/Mod/Mesh/App/Core/MeshKernel.cpp
+++ b/src/Mod/Mesh/App/Core/MeshKernel.cpp
@@ -1033,6 +1033,12 @@ void MeshKernel::Read(std::istream& rclIn)
         MeshPointArray pointArray;
         MeshFacetArray facetArray;
 
+        // Sanity checks so we don't over-allocate below: limit the mesh to 1 billion points and
+        // 1 billion facets. Coverity issue 515697.
+        if (uCtPts > 1e9 || uCtFts > 1e9) {
+            throw Base::BadFormatError("Mesh seems to have over a billion points or facets");
+        }
+
         float ratio = 0;
         if (uCtPts > 0) {
             ratio = static_cast<float>(uCtFts) / static_cast<float>(uCtPts);