Return an error if a decoded slice length doesn't fit into usize

[poljar]

Bincode encodes a slice length, which is an usize, as an u64. When such an encoded slice length needs to be decoded it again uses an u64 but critically it truncates it into an usize.

An usize is architecture dependent, it is the size how many bytes it takes to reference any location in memory. The most common sizes for an usize are 64, 32, and 16 bit.

This might lead to silent data loss if the architecture that encoded the slice differs from the architecture that decoded the slice, i.e. if we go from a 64 bit architecture to a 32 or 16 bit one.

Since bincode aims to be suitable for storage, aiming to support the exchange of data between different architectures silently truncating such slice lenghts should be avoided.

This patch changes the behaviour to error out if we try to decode an slice lenght that can't fit into the current usize type.

[codecov]

Codecov Report

Merging #491 (9fe5d1b) into trunk (e036a40) will increase coverage by 0.05%.
The diff coverage is 100.00%.

❗ Current head 9fe5d1b differs from pull request most recent head c6c9b3d. Consider uploading reports for the commit c6c9b3d to get more accurate results

@@            Coverage Diff             @@
##            trunk     #491      +/-   ##
==========================================
+ Coverage   69.26%   69.32%   +0.05%     
==========================================
  Files          39       39              
  Lines        2925     2927       +2     
==========================================
+ Hits         2026     2029       +3     
+ Misses        899      898       -1     

Impacted Files	Coverage Δ
src/error.rs	0.00% <ø> (ø)
src/de/impls.rs	79.79% <100.00%> (+0.42%)	⬆️
src/de/mod.rs	80.00% <100.00%> (+0.68%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e036a40...c6c9b3d. Read the comment docs.

[VictorKoenders]

Quick scan through the source code to see if we have some more cases where we cast to usize, found some:

• bincode/src/de/impls.rs

  Line 178 in 8c3dd01

  } as usize)

• Comment here:

  bincode/src/de/mod.rs

  Line 104 in 8c3dd01

  /// let len = u64::decode(decoder)? as usize;

• array indices when decoding chars, which is probably fine.
• tuples, which is also fine up until u16::MAX entries

Can you add this check to the 2 places above?

[poljar]

Can you add this check to the 2 places above?

Did so, I also renamed the error variant since it isn't length specific anymore.

[VictorKoenders]

Thanks!