Add source length validation on backup media copy

service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java

@@ -273,7 +273,7 @@ public class BackupManager {
       final List<CopyParameters> toCopy) {
     final long totalBytesAdded = toCopy.stream()
         .mapToLong(copyParameters -> {
-          if (copyParameters.sourceLength() > MAX_MEDIA_OBJECT_SIZE) {
+          if (copyParameters.sourceLength() > MAX_MEDIA_OBJECT_SIZE || copyParameters.sourceLength() < 0) {
             throw Status.INVALID_ARGUMENT
                 .withDescription("Invalid sourceObject size")
                 .asRuntimeException();

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java

@@ -34,6 +34,7 @@ import javax.validation.constraints.Max;
 import javax.validation.constraints.Min;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
+import javax.validation.constraints.PositiveOrZero;
 import javax.validation.constraints.Size;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.ClientErrorException;
@@ -479,6 +480,7 @@ public class ArchiveController {
 
       @Schema(description = "The length of the source attachment before the encryption applied by the copy operation")
       @NotNull
+      @PositiveOrZero
       int objectLength,
 
       @Schema(description = "mediaId to copy on to the backup CDN, encoded in URL-safe padded base64", implementation = String.class)
@@ -575,7 +577,7 @@ public class ArchiveController {
       @Schema(description = "A list of media objects to copy from the attachments CDN to the backup CDN")
       @NotNull
       @Size(min = 1, max = 1000)
-      List<CopyMediaRequest> items) {}
+      List<@Valid CopyMediaRequest> items) {}
 
   public record CopyMediaBatchResponse(