From 4cd9c37b4a85e3068f9ccfe80302cd47ebcee38b Mon Sep 17 00:00:00 2001
From: ghaithabdulreda <167309608+ghaithabdulreda@users.noreply.github.com>
Date: Fri, 12 Jun 2026 16:35:01 -0700
Subject: [PATCH] Defensively cap number_of_leading_zeros to prevent OOM

---
 cpp/src/phonenumbers/phonenumberutil.cc                    | 7 ++++---
 .../src/com/google/i18n/phonenumbers/PhoneNumberUtil.java  | 4 +++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/cpp/src/phonenumbers/phonenumberutil.cc b/cpp/src/phonenumbers/phonenumberutil.cc
index c0c9d09a04..85cf16f24e 100644
--- a/cpp/src/phonenumbers/phonenumberutil.cc
+++ b/cpp/src/phonenumbers/phonenumberutil.cc
@@ -2678,10 +2678,11 @@ void PhoneNumberUtil::GetNationalSignificantNumber(
     string* national_number) const {
   DCHECK(national_number);
   // If leading zero(s) have been set, we prefix this now. Note this is not a
-  // national prefix. Ensure the number of leading zeros is at least 0 so we
-  // don't crash in the case of malicious input.
+  // national prefix. Defensively cap the number of leading zeros to avoid OOM
+  // from malicious input. Ensure the number of leading zeros is at least 0 so
+  // we don't crash in the case of malicious input.
   StrAppend(national_number, number.italian_leading_zero() ?
-      string(std::max(number.number_of_leading_zeros(), 0), '0') : "");
+      string(std::min(std::max(number.number_of_leading_zeros(), 0), 3), '0') : "");
   StrAppend(national_number, number.national_number());
 }
 
diff --git a/java/libphonenumber/src/com/google/i18n/phonenumbers/PhoneNumberUtil.java b/java/libphonenumber/src/com/google/i18n/phonenumbers/PhoneNumberUtil.java
index b6de408449..8cd480eb01 100644
--- a/java/libphonenumber/src/com/google/i18n/phonenumbers/PhoneNumberUtil.java
+++ b/java/libphonenumber/src/com/google/i18n/phonenumbers/PhoneNumberUtil.java
@@ -1928,9 +1928,11 @@ public String formatOutOfCountryKeepingAlphaChars(PhoneNumber number,
    */
   public String getNationalSignificantNumber(PhoneNumber number) {
     // If leading zero(s) have been set, we prefix this now. Note this is not a national prefix.
+    // Defensively cap the number of leading zeros to avoid OOM from malicious input.
     StringBuilder nationalNumber = new StringBuilder();
     if (number.isItalianLeadingZero() && number.getNumberOfLeadingZeros() > 0) {
-      char[] zeros = new char[number.getNumberOfLeadingZeros()];
+      int numberOfLeadingZeros = Math.min(number.getNumberOfLeadingZeros(), 3);
+      char[] zeros = new char[numberOfLeadingZeros];
       Arrays.fill(zeros, '0');
       nationalNumber.append(new String(zeros));
     }