fix: Cap span expansion at u16::MAX (65535) line range

romtsn · claude · romtsn · commit ea0879bc9fcf · 2026-02-16T14:22:38.000+01:00
Prevents excessive iteration from malformed mapping files where the
original line range could be extremely large (up to u32::MAX).  The JVM
bytecode maximum line number is 65535, so any span beyond that is
invalid and falls through to single-line handling.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/cache/mod.rs b/src/cache/mod.rs
@@ -83,6 +83,15 @@ use crate::mapper::{format_cause, format_frames, format_throwable};
 use crate::utils::{class_name_to_descriptor, extract_class_name, synthesize_source_file};
 use crate::{java, stacktrace, DeobfuscatedSignature, StackFrame, StackTrace, Throwable};
 
+/// Maximum number of frames emitted by span expansion for a single mapping entry.
+///
+/// R8 uses `0:65535` as the catch-all range for methods with a single unique position:
+/// <https://r8.googlesource.com/r8/+/refs/heads/main/doc/retrace.md#catch-all-range-for-methods-with-a-single-unique-position>
+///
+/// No real method would span more lines than this, so ranges exceeding this cap
+/// are treated as malformed and fall through to single-line handling.
+const MAX_SPAN_EXPANSION: u32 = 65_535;
+
 pub use raw::{ProguardCache, PRGCACHE_VERSION};
 
 /// Result of looking up member mappings for a frame.
@@ -1005,6 +1014,8 @@ fn iterate_with_lines<'a>(
             // emit one frame per original line.
             if member.original_endline != u32::MAX
                 && member.original_endline > member.original_startline().unwrap_or(0)
+                && (member.original_endline - member.original_startline().unwrap_or(0))
+                    <= MAX_SPAN_EXPANSION
             {
                 let first_line = member.original_startline().unwrap_or(0) as usize;
                 let last_line = member.original_endline as usize;
diff --git a/src/mapper.rs b/src/mapper.rs
@@ -4,6 +4,15 @@ use std::fmt;
 use std::fmt::{Error as FmtError, Write};
 use std::iter::FusedIterator;
 
+/// Maximum number of frames emitted by span expansion for a single mapping entry.
+///
+/// R8 uses `0:65535` as the catch-all range for methods with a single unique position:
+/// <https://r8.googlesource.com/r8/+/refs/heads/main/doc/retrace.md#catch-all-range-for-methods-with-a-single-unique-position>
+///
+/// No real method would span more lines than this, so ranges exceeding this cap
+/// are treated as malformed and fall through to single-line handling.
+const MAX_SPAN_EXPANSION: usize = 65_535;
+
 use crate::builder::{
     Member, MethodReceiver, ParsedProguardMapping, RewriteAction, RewriteCondition, RewriteRule,
 };
@@ -701,7 +710,7 @@ impl<'s> ProguardMapper<'s> {
                     // emit one frame per original line.
                     if let Some(oe) = member.original_endline {
                         let os = member.original_startline.unwrap_or(0);
-                        if oe > os {
+                        if oe > os && (oe - os) <= MAX_SPAN_EXPANSION {
                             for line in os..=oe {
                                 collected.frames.push(map_member_without_lines(
                                     &frame,
