From b30bf0c1d1f985703c428b59438f446c79c4d638 Mon Sep 17 00:00:00 2001
From: kevinz000 <kevinz1234567890@gmail.com>
Date: Sat, 29 Jul 2017 04:42:57 -0700
Subject: [PATCH] Update browserOutput.dm

---
 goon/code/datums/browserOutput.dm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/goon/code/datums/browserOutput.dm b/goon/code/datums/browserOutput.dm
index d928397728..a6cabcba87 100644
--- a/goon/code/datums/browserOutput.dm
+++ b/goon/code/datums/browserOutput.dm
@@ -2,6 +2,9 @@
 For the main html chat area
 *********************************/
 
+#define BICON_X_MAX 96
+#define BICON_Y_MAX 96
+
 //Precaching a bunch of shit
 GLOBAL_DATUM_INIT(iconCache, /savefile, new("data/iconCache.sav")) //Cache of icons for the browser output
 
@@ -188,6 +191,10 @@ GLOBAL_LIST_EMPTY(bicon_cache)
 /proc/icon2base64(icon/icon, iconKey = "misc")
 	if (!isicon(icon))
 		return FALSE
+	//DOS exploit
+	if(icon.Width() > BICON_X_MAX || icon.Length() > BICON_Y_MAX)
+		return FALSE
+	//
 	GLOB.iconCache[iconKey] << icon
 	var/iconData = GLOB.iconCache.ExportText(iconKey)
 	var/list/partial = splittext(iconData, "{")
@@ -286,4 +293,4 @@ GLOBAL_LIST_EMPTY(bicon_cache)
 			return M.current.client
 
 /datum/log	//exists purely to capture to_chat() output
-	var/log = ""
\ No newline at end of file
+	var/log = ""