From f66e08a23ffc71b8c3354de7d80ce558454a0577 Mon Sep 17 00:00:00 2001
From: Chen Chia Yang <unayung@gmail.com>
Date: Wed, 15 Apr 2026 16:00:18 +0800
Subject: [PATCH] fix(media): scan full buffer for null bytes in CSV/Markdown
 host-read check

The previous check only scanned the first 8 KiB, leaving a window where a
file with a null-free prefix followed by binary content could pass the guard.
Scan the entire buffer to close that gap.
---
 src/media/web-media.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/media/web-media.ts b/src/media/web-media.ts
index 244f31500ea..d1009e529c5 100644
--- a/src/media/web-media.ts
+++ b/src/media/web-media.ts
@@ -143,13 +143,13 @@ function assertHostReadMediaAllowed(params: {
   // plain-text buffers that have no binary magic bytes. Allow these formats when:
   // - sniffedMime is undefined (no binary signature detected by file-type)
   // - The extension-derived MIME is text/csv or text/markdown (operator intent)
-  // - The buffer contains no null bytes (rules out binary data with no known signature)
+  // - The full buffer contains no null bytes (rules out binary data with no known signature)
   if (
     !sniffedMime &&
     normalizedMime &&
     HOST_READ_TEXT_PLAIN_ALIASES.has(normalizedMime) &&
     params.buffer &&
-    !params.buffer.subarray(0, 8192).includes(0x00)
+    !params.buffer.includes(0x00)
   ) {
     return;
   }