OOM in packed field decoders

[subbudvk]

repeated field whose declared
byte length is close to Integer.MAX_VALUE causes OutOfMemoryError and
crashes the JVM.

The root cause is an integer overflow in ArrayDecoders: the bounds check
fieldLimit > data.length runs after computing
fieldLimit = position + packedDataByteSize, which wraps to a negative value
when packedDataByteSize is large. A negative fieldLimit always passes the

data.length comparison, allowing ensureCapacity() to receive the
unchecked byte size. For decodePackedFixed32List, this allocates a
536-million-element int[] (~2 GB) from a 7-byte input.

[subbudvk]

Fixed via #27102

[JasonLunn]

Please be advised: the PR cannot be reviewed until the CLA is signed.

[esrauchg]

Thanks for raising the topic in general!

I believe this has been addressed at tip of main (but unfortunately can't double check exactly what methods the PR had proposed editing without a CLA signed).

I'm going to close this issue and the PR on that belief, please open a new issue if you find any topics that weren't otherwise addressed already.