Voting starts in March for the Drupal Association Board election.
We define "quantity" as a decimal(10, 2) column, which means the biggest value it can accept is 99 999 999.99 (8 digits on the left, 2 on the right).
However, commerce_line_item_handler_field_edit_quantity currently does this:
'#maxlength' => max(4, strlen($quantity)),
instead of this:
'#maxlength' => max(4, 8),
so maxlength gets set to 9 (probably because it's not rounded before the length measurement, didn't check), allowing you to input a value that crashes the update (overflow on the quantity field).
However, even with setting maxlength to a smaller value, there's still the possibility of overflowing the amount column of the price field.
That is something we can't really fix, since we don't know how big the prices can be.
Still, it's something to have in mind.
So, I should submit the maxlength change as a patch, and you guys should tell me if you have any additional ideas, so that the user can't crash the site through basic input.