From cc1e1cb7facf8d988911da120e05eb25df4babcc Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Wed, 6 May 2026 06:45:41 -0700
Subject: [PATCH] fix(editor): cap stamp vertex count and skip NaN samples on
 load

A malformed stamp JSON could carry millions of entries (would OOM)
or NaN dx/dy/height (would propagate through brush blends and leave
permanent holes in the heightmap).
---
 tools/editor/terrain_editor.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tools/editor/terrain_editor.cpp b/tools/editor/terrain_editor.cpp
index 246be826..e653afa5 100644
--- a/tools/editor/terrain_editor.cpp
+++ b/tools/editor/terrain_editor.cpp
@@ -1516,12 +1516,23 @@ bool TerrainEditor::loadStamp(const std::string& path) {
         if (!j.contains("vertices") || !j["vertices"].is_array()) return false;
 
         stampData_.clear();
+        // Cap stamp size — stamps blast directly into chunk heights, so a
+        // huge or NaN-laden stamp would corrupt the terrain irreversibly.
+        constexpr size_t kMaxStampVerts = 1'000'000;
+        if (j["vertices"].size() > kMaxStampVerts) {
+            LOG_ERROR("Stamp vertexCount too large: ", j["vertices"].size());
+            return false;
+        }
         for (const auto& v : j["vertices"]) {
             if (!v.is_array() || v.size() < 3) continue;
             StampVertex sv;
             sv.dx = v[0].get<float>();
             sv.dy = v[1].get<float>();
             sv.height = v[2].get<float>();
+            // Skip non-finite samples — they'd propagate through brush blends
+            // and produce permanent NaN holes in the heightmap.
+            if (!std::isfinite(sv.dx) || !std::isfinite(sv.dy) ||
+                !std::isfinite(sv.height)) continue;
             stampData_.push_back(sv);
         }
         stampCenter_ = glm::vec3(0);