From 6966c202b94fff151ed1c3bb7cd3d686be83fcf8 Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Thu, 28 May 2026 16:30:19 -0400
Subject: [PATCH] fix: validate media size dimensions

---
 src/media-generation/runtime-shared.test.ts | 10 ++++++++++
 src/media-generation/runtime-shared.ts      |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/src/media-generation/runtime-shared.test.ts b/src/media-generation/runtime-shared.test.ts
index a4c9223d6d8..f55203cb7bf 100644
--- a/src/media-generation/runtime-shared.test.ts
+++ b/src/media-generation/runtime-shared.test.ts
@@ -241,6 +241,16 @@ describe("media-generation runtime shared normalization", () => {
     expect(deriveAspectRatioFromSize("1024x1536")).toBe("2:3");
   });
 
+  it("rejects unsafe size dimensions before deriving ratios", () => {
+    expect(deriveAspectRatioFromSize("9007199254740993x3")).toBeUndefined();
+    expect(
+      resolveClosestSize({
+        requestedSize: "9007199254740993x3",
+        supportedSizes: ["1024x1024", "1536x1024"],
+      }),
+    ).toBeUndefined();
+  });
+
   it("maps unsupported sizes to the closest supported size", () => {
     expect(
       resolveClosestSize({
diff --git a/src/media-generation/runtime-shared.ts b/src/media-generation/runtime-shared.ts
index 71c51c473cf..2c45b33fae3 100644
--- a/src/media-generation/runtime-shared.ts
+++ b/src/media-generation/runtime-shared.ts
@@ -311,6 +311,9 @@ function parseSizeValue(raw?: string | null): ParsedSize | null {
   if (!pair) {
     return null;
   }
+  if (!Number.isSafeInteger(pair.width) || !Number.isSafeInteger(pair.height)) {
+    return null;
+  }
   return {
     width: pair.width,
     height: pair.height,