[Go] unbounded allocation and recursion in go typedef deserialization

### Search before asking

- [x] I had searched in the [issues](https://github.com/apache/fory/issues) and found no similar issues.


### Version

v0.17.0

### Component(s)

Go

### Minimal reproduce step

```go
func TestTypeDefFieldCountOOMPanic(t *testing.T) {
	fory := NewFory()
	header := int64(HAS_FIELDS_META_FLAG | 8)

	// metaHeaderByte value of 31 triggers the extended VarUint32 field-count path.
	buffer := NewByteBuffer(make([]byte, 0, 8))
	buffer.WriteByte(31)
	buffer.WriteVarUint32(2000000000)
	buffer.WriteUint8(0)
	buffer.WriteVarUint32(0)
	buffer.SetReaderIndex(0)

	_, err := decodeTypeDef(fory, buffer, header)
	if err == nil {
		t.Fatal("expected error for oversized fieldCount, got nil")
	}
}

func TestTypeDefNestedRecursionStackOverflowPanic(t *testing.T) {
	depth := 20000000
	buffer := NewByteBuffer(make([]byte, 0, depth*2))
	for i := 0; i < depth; i++ {
		buffer.WriteVarUint32Small7(uint32(LIST) << 2)
	}
	buffer.WriteVarUint32Small7(uint32(INT32) << 2)
	buffer.SetReaderIndex(0)

	bufErr := &Error{}
	_, err := readFieldTypeWithFlags(buffer, 0, bufErr)
	if err == nil {
		t.Fatal("expected error for excessive nesting depth, got nil")
	}
}
```

### Are you willing to submit a PR?

- [x] I'm willing to submit a PR!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Go] unbounded allocation and recursion in go typedef deserialization #3619

Search before asking

Version

Component(s)

Minimal reproduce step

Are you willing to submit a PR?

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[Go] unbounded allocation and recursion in go typedef deserialization #3619

Description

Search before asking

Version

Component(s)

Minimal reproduce step

Are you willing to submit a PR?

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions