DeserializeFetchMessagesResponse in Go SDK calls panic() when S2 decompression fails, instead of returning an error.
payloadSlice, err = s2.Decode(nil, payloadSlice)
if err != nil {
panic("iggy: failed to decode s2 payload: " + err.Error())
}A truncated or corrupt compressed message from the server crashes the entire Go client process. This is a DoS vector clients should never panic on bad server data.
We should return error instead of calling panic.
DeserializeFetchMessagesResponsein Go SDK callspanic()when S2 decompression fails, instead of returning an error.A truncated or corrupt compressed message from the server crashes the entire Go client process. This is a DoS vector clients should never panic on bad server data.
We should return error instead of calling panic.