Fix path traversal, encoding, and edge case bugs

pixstrip-core/src/operations/watermark.rs

@@ -363,12 +363,8 @@ fn apply_tiled_image_watermark(
         reason: format!("Failed to load watermark image: {}", e),
     })?;
 
-    let wm_width = (watermark.width() as f32 * scale) as u32;
-    let wm_height = (watermark.height() as f32 * scale) as u32;
-
-    if wm_width == 0 || wm_height == 0 {
-        return Ok(img);
-    }
+    let wm_width = ((watermark.width() as f32 * scale) as u32).clamp(1, 16384);
+    let wm_height = ((watermark.height() as f32 * scale) as u32).clamp(1, 16384);
 
     let mut watermark = watermark.resize_exact(wm_width, wm_height, image::imageops::FilterType::Lanczos3);
     if let Some(rot) = rotation {
@@ -429,13 +425,9 @@ fn apply_image_watermark(
         reason: format!("Failed to load watermark image: {}", e),
     })?;
 
-    // Scale the watermark
-    let wm_width = (watermark.width() as f32 * scale) as u32;
-    let wm_height = (watermark.height() as f32 * scale) as u32;
-
-    if wm_width == 0 || wm_height == 0 {
-        return Ok(img);
-    }
+    // Scale the watermark (capped to prevent OOM on extreme scale values)
+    let wm_width = ((watermark.width() as f32 * scale) as u32).clamp(1, 16384);
+    let wm_height = ((watermark.height() as f32 * scale) as u32).clamp(1, 16384);
 
     let mut watermark = watermark.resize_exact(
         wm_width,