OSS-Fuzz memory allocation issues (21619,21632,21644,21645,21667,21801 )

[danielaparker]

Thanks to David Korczynski, jsoncons is now continuously fuzz tested with Google's OSS-Fuzz.

OSS-Fuzz reported a number of bad_alloc and out-of-memory issues affecting binary parsers that could be triggered by unreasonable or malicious input.

Issue 1:

Until v0.150.0, binary parsers (bson, cbor, msgpack, ubjson) read a length field for a text string, byte string or typed array, and then tried to allocate space for the whole item. Now, binary parsers read and allocate in chunks, so bad input with huge lengths will typically result in unexpected_eof errors (on 64 bit architecture) or number_too_large errors (on 32 bit architecture).

Issue 2:

When a ubjson parser reads a huge length for a strongly typed array of no-op, null, false, or true, e.g.

[[][$][T][#][I][9223372036854775807]

reading in chunks doesn't help because there is no additional payload to read.
To avoid bad_alloc throws given unreasonable or malicious input, jsoncons now limits the length of a UBJSON container to max_items set in options, which defaults to 16,777,216. Exceeding that limit will result in a max_items_exceeded error.

These issues have been verified as fixed in v0.151.0 by OSS-Fuzz.