Incorporate OOM fix in next release (v2.6.0)

[smoelius]

Please incorporate commit 66a22c8 from master in the next release (v2.6.0).

In particular, please incorporate the following OOM fix:
66a22c8#diff-03da03412d4490720c45da0a6f43d56cR36

rust-protobuf/protobuf/src/stream.rs

Lines 36 to 38 in 66a22c8

	// Max allocated vec when reading length-delimited from unknown input stream
	const READ_RAW_BYTES_MAX_ALLOC: usize = 10_000_000;

66a22c8#diff-03da03412d4490720c45da0a6f43d56cR640

rust-protobuf/protobuf/src/stream.rs

Lines 640 to 656 in 66a22c8

	if count >= READ_RAW_BYTES_MAX_ALLOC {
	// avoid calling `reserve` on buf with very large buffer: could be a malformed message
	let mut take = self.by_ref().take(count as u64);
	take.read_to_end(target)?;
	if target.len() != count {
	return Err(ProtobufError::WireError(WireError::TruncatedMessage));
	}
	} else {
	target.reserve(count);
	unsafe {
	target.set_len(count);
	}
	self.source.read_exact(target)?;

We hit this OOM error while fuzzing a project that uses the current release, v2.5.0. Patching v2.5.0 with the above commit made the error go away. It would be convenient if the commit were incorporated in an official release.

Thank you.

[stepancheg]

Cherry-picked into v2.6 branch as f32ac1c.

[stepancheg]

Published version 2.6.0.

[dvdplm]

Would you consider back porting this fix to 1.x?

[stepancheg]

Merged into v1.7 branch as a839f7b. Testing...

[stepancheg]

Published 1.7.5 with the same fix.

[stepancheg]

FYI ef888e0 fixes the same issue when using both feature with-bytes and carllerche_bytes_for_xxx codegen option (so it affects only few people).

Need to backport it 2.6 and 1.7 too.

[smoelius]

Thanks, @stepancheg !

[stepancheg]

Published 2.6.2 with a fix for bytes::Bytes fields.