From 8a76ab2fb947d52776c3012e860529b7b883b292 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BChlmann?= <andreas@kruhlmann.dev>
Date: Mon, 12 Jan 2026 17:31:38 +0100
Subject: [PATCH] Ensure canvas size remains within limits

---
 .../kruhlmann/imgfloat/service/ChannelDirectoryService.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/dev/kruhlmann/imgfloat/service/ChannelDirectoryService.java b/src/main/java/dev/kruhlmann/imgfloat/service/ChannelDirectoryService.java
index 697405d..3e9ce34 100644
--- a/src/main/java/dev/kruhlmann/imgfloat/service/ChannelDirectoryService.java
+++ b/src/main/java/dev/kruhlmann/imgfloat/service/ChannelDirectoryService.java
@@ -733,7 +733,9 @@ public class ChannelDirectoryService {
             BAD_REQUEST,
             "Canvas width out of range [0 to " + canvasMaxSizePixels + "]"
         );
-        if (req.getHeight() == null || req.getHeight() <= 0) throw new ResponseStatusException(
+        if (
+            req.getHeight() == null || req.getHeight() <= 0 || req.getHeight() > canvasMaxSizePixels
+        ) throw new ResponseStatusException(
             BAD_REQUEST,
             "Canvas height out of range [0 to " + canvasMaxSizePixels + "]"
         );