From 543ab27747dbf31b583175dd81d7d3aa3c82df79 Mon Sep 17 00:00:00 2001
From: nexy7574 <git@nexy7574.co.uk>
Date: Fri, 27 Jun 2025 20:58:52 +0100
Subject: [PATCH] fix: Additional sanity checks when creating a PDU

Prevents creating events that are most likely catastrophically invalid
---
 src/service/rooms/timeline/mod.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/service/rooms/timeline/mod.rs b/src/service/rooms/timeline/mod.rs
index 4b2f3cb2..94d306d1 100644
--- a/src/service/rooms/timeline/mod.rs
+++ b/src/service/rooms/timeline/mod.rs
@@ -719,6 +719,18 @@ impl Service {
 				);
 			}
 		}
+		if event_type != TimelineEventType::RoomCreate && prev_events.is_empty() {
+			return Err!(Request(Unknown("Event incorrectly had zero prev_events.")));
+		}
+		if state_key.is_none() && depth.le(&uint!(2)) {
+			// The first two events in a room are always m.room.create and m.room.member,
+			// so any other events with that same depth are illegal.
+			warn!(
+				"Had unsafe depth {depth} when creating non-state event in {room_id}. Cowardly \
+				 aborting"
+			);
+			return Err!(Request(Unknown("Unsafe depth for non-state event.")));
+		}
 
 		let mut pdu = PduEvent {
 			event_id: ruma::event_id!("$thiswillbefilledinlater").into(),