From 470a7611919bb1aa4a82c2eeeccd23e8c62fa182 Mon Sep 17 00:00:00 2001
From: Houmgaor <contact@houmgaor.com>
Date: Mon, 23 Mar 2026 11:19:50 +0100
Subject: [PATCH] fix(scenario): enforce scenarioChunkSizeLimit in
 CompileScenarioJSON

The constant was declared and documented but never used, causing a
golangci-lint failure. Wire it into compileScenario() so oversized
chunks are rejected with a clear error rather than silently served
to the client (which discards them per FUN_11525c60 RE findings).
---
 server/channelserver/scenario_json.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/channelserver/scenario_json.go b/server/channelserver/scenario_json.go
index 20db20a54..b3116fafe 100644
--- a/server/channelserver/scenario_json.go
+++ b/server/channelserver/scenario_json.go
@@ -349,6 +349,12 @@ func compileScenario(s *ScenarioJSON) ([]byte, error) {
 		}
 	}
 
+	for i, chunk := range [][]byte{chunk0, chunk1, chunk2} {
+		if len(chunk) > scenarioChunkSizeLimit {
+			return nil, fmt.Errorf("chunk%d size %d exceeds client limit of %d bytes", i, len(chunk), scenarioChunkSizeLimit)
+		}
+	}
+
 	var buf bytes.Buffer
 	// Container header: c0_size, c1_size (big-endian u32)
 	_ = binary.Write(&buf, binary.BigEndian, uint32(len(chunk0)))