Severity: Critical
Array-producing functions have no upper bound on output dimensions. Formulas like =SEQUENCE(999999999) or =SEQUENCE("1e308") pass all validation checks and attempt to allocate massive arrays, causing an out-of-memory crash with no error returned.
Reproduction
const hf = HyperFormula.buildFromArray([['=SEQUENCE(999999999)']], { licenseKey: 'gpl-v3' })
// OOM crash — no error returned, process killedAlso crashes: =SEQUENCE("1e308") (string coerces to finite 1e308, passes isFinite check).
Expected behavior
Should return an error. Excel returns #VALUE! when dimensions exceed sheet limits (1048576 rows, 16384 columns).
Affected scope
SequencePlugin — no max dimension check in isValidDimension or sequenceArraySize- Potentially any function with
sizeOfResultArrayMethod that accepts user-controlled dimensions
Suggested fix
Add max dimension validation, e.g. derived from Config.maxRows / Config.maxColumns:
private static isValidDimension(n: number): boolean {
return Number.isFinite(n) && n >= SequencePlugin.MIN_DIMENSION && n <= MAX_SAFE_DIMENSION
}Found during SEQUENCE implementation (PR #1645).
Severity: Critical
Array-producing functions have no upper bound on output dimensions. Formulas like
=SEQUENCE(999999999)or=SEQUENCE("1e308")pass all validation checks and attempt to allocate massive arrays, causing an out-of-memory crash with no error returned.Reproduction
Also crashes:
=SEQUENCE("1e308")(string coerces to finite 1e308, passesisFinitecheck).Expected behavior
Should return an error. Excel returns
#VALUE!when dimensions exceed sheet limits (1048576 rows, 16384 columns).Affected scope
SequencePlugin— no max dimension check inisValidDimensionorsequenceArraySizesizeOfResultArrayMethodthat accepts user-controlled dimensionsSuggested fix
Add max dimension validation, e.g. derived from
Config.maxRows/Config.maxColumns:Found during SEQUENCE implementation (PR #1645).