[Go] configurable size guardrails for untrusted payloads

[chaokunyang]

Feature Request

Add configurable deserialization size guardrails in Fory Go for untrusted payloads.

Is your feature request related to a problem? Please describe

There are currently no configurable limits for payload-driven lengths. Untrusted binary/map/list lengths can trigger large allocations and memory pressure.

Describe the solution you'd like

Add two configurable size limits to Go deserialization and enforce them in relevant preallocation-sensitive read paths.

Resolve task:

• Add only two runtime guardrail options: max_binary_size and max_collection_size.
• Enforce max_collection_size for collection and map reads (map uses entry count).
• Enforce max_binary_size for binary byte-length reads.
• Do not add string size checks; string reads are excluded from this requirement.
• Return/throw a deserialization error when a configured limit is exceeded.

Describe alternatives you've considered

Relying only on process-level memory limits and runtime/allocator behavior. This is late-failing and not protocol-aware.

Additional context

Medium: no configurable size guardrails for untrusted payloads (binary/map/list lengths can drive large allocations).

Related locations:

• go/fory/fory.go:52
• go/fory/slice.go:267
• go/fory/slice.go:301
• go/fory/slice_primitive.go:1312
• go/fory/map.go:308
• go/fory/map_primitive.go:73
• go/fory/map_primitive.go:699

[ayush00git]

Hey @chaokunyang
Could I take this up ?

[Zakir032002]

Heyy @ayush00git ,,forgot to comment ,im already working on it along with rust, sorry about that