feat(c++): Forced the limits of max size

[garvittsingla]

Fixes #3408

• Introduce guardrail fields in cpp/fory/serialization/config.h for maximum allowed string, list/vector, and map sizes during deserialization.
• Enforce these limits in cpp/fory/serialization/collection_serializer.h and cpp/fory/serialization/map_serializer.h.
• Return Error::invalid_data if a configured limit is exceeded when reading untrusted payloads.
• Addresses risk of large allocations from untrusted string/map/list lengths.

This change improves protocol-aware safety for C++ deserialization by preventing excessive memory usage from malicious or malformed payloads.

Related: cpp/fory/serialization/config.h:31, collection_serializer.h:396, collection_serializer.h:719, map_serializer.h:541

Done all the things as mentioned in the issue and enforced a length check

[garvittsingla]

test are failing , please help me , where am I wrong?

[chaokunyang]

test are failing , please help me , where am I wrong?

Please do not ask such things before analyze and try to address the issue.

If you have ever seen the error log, the fix is obvious:

bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/collection_serializer.h: In function 'Container fory::serialization::read_collection_data_slow(ReadContext&, uint32_t)':
bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/collection_serializer.h:397:21: error: 'class fory::serialization::ReadContext' has no member named 'config'; did you mean 'config_'?
  397 |     if(length > ctx.config().max_collection_size) {
      |                     ^~~~~~
      |                     config_
bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/collection_serializer.h:398:20: error: cannot convert 'fory::Error(const std::string&)' {aka 'fory::Error(const std::__cxx11::basic_string<char>&)'} to 'fory::Error'
  398 |       ctx.set_error(Error::invalid_data);
      |       ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
In file included from bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/serializer.h:23,
                 from bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/any_serializer.h:22,
                 from bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/fory.h:22:
bazel-out/k8-opt/bin/cpp/fory/serialization/_virtual_includes/fory_serialization/fory/serialization/context.h:380:43: note:   initializing argument 1 of 'void fory::serialization::ReadContext::set_error(fory::Error)'
  380 |   FORY_ALWAYS_INLINE void set_error(Error err) {
      |                                     ~~~~~~^~~

[garvittsingla]

@chaokunyang My apologies
This is my first time working with such a well maintained Organization, am constantly trying to solve the linting errors but there are some linting fails, i made 4 commits to make it work , use clang-format and the python ci locally as well but it is giving errors
Let me know , i will fix , and any other recommendations from your side
Should i add tests as well ?

[chaokunyang]

Please read the https://github.com/apache/fory/blob/main/CONTRIBUTING.md and https://github.com/apache/fory/blob/main/.github/workflows/ci.yml to see how it lint the code

[garvittsingla]

@chaokunyang can you give a look at cpp implementation, while running formatter , some java and swift files are getting changed , maybe there is something wrong in my implementation which breaks

[ayush00git]

@chaokunyang can you give a look at cpp implementation, while running formatter , some java and swift files are getting changed , maybe there is something wrong in my implementation which breaks

Hii @garvittsingla
Seems like you're working branch is not in sync. Try running python ./ci/run_ci.py format from project's root and push the lint changes to this PR. This hopefully should fix your code lint checks.