[Python] Add output_buffer_limit to brotli.decompress()

[scovetta]

This PR adds output_buffer_limit to the brotli.decompess() function, to echo similar functionality in Decompressor.process(), enabling users to more safely decompress untrusted compressed data.

The default output_buffer_limit value of 0 means "unlimited", which preserves backwards compatibility. When set, decompress() raises brotli.error if the decompressed output would exceed the specified limit.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[eustas]

Hi. Thanks for the PR.

Where this new API will be used? I'm asking, because unlike decoding, for encoding guarantees the output size limit: see BrotliEncoderMaxCompressedSize.

[scovetta]

@eustas This shouldn't be a new API, just a new (optional) parameter on the publicly exposed brotli.decompress() module-level function, so if an application could just do something like:

import brotli
import requests

res = requests.get('<url>')
- data = brotli.decompress(res.content)
+ data = brotli.decompress(res.content, output_buffer_limit=5_000_000)

The scenario we're trying to avoid is where the contents of <url> are absurdly large, or any other scenario where the bytes being decompressed aren't already trusted.

[eustas]

Sorry for the confusion, I've misread (compression instead of decompresssion).

Will take a deep look soon-ish.

Again, thanks for the PR.

[eustas]

So, current implementation allows situations when output is larger than requested limit.

Should we pass limit to "BufferInit", where it can remember the value and respect it in "BufferGrow"?