Add explicit recursion limits to avoid stack overflows

[juntyr]

Fixes #307 and the long-standing potential for stack overflows while serialising or deserialising.

Now, ron::Options is by default configured for a recursion limit of 128 (here recursion is very loosely defined). This limit can be adjusted or disabled.

This bug was first reported by @5225225 in #307 and later by oss-fuzz.

This PR also slightly extends the from_str fuzz target to check serialising as well.

• I've included my change in CHANGELOG.md

[juntyr]

@torkleyy Does this API change look good to you? If so, feel free to squash and merge.

I would be surprised if anyone is using such highly recursive data structures in the wild and would be affected by the default limit. Hence, this might be a v0.9 change?

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 56.52174% with 50 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.19%. Comparing base (0c32f8d) to head (ab9f879).
⚠️ Report is 111 commits behind head on master.

Files with missing lines	Patch %	Lines
src/options.rs	5.55%	17 Missing ⚠️
src/ser/mod.rs	64.58%	17 Missing ⚠️
src/de/mod.rs	68.75%	15 Missing ⚠️
src/error.rs	0.00%	1 Missing ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

❗ There is a different number of reports uploaded between BASE (0c32f8d) and HEAD (ab9f879). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (0c32f8d)	HEAD (ab9f879)
	2	1

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #420      +/-   ##
==========================================
- Coverage   93.06%   87.19%   -5.87%     
==========================================
  Files          56       57       +1     
  Lines        6618     7117     +499     
==========================================
+ Hits         6159     6206      +47     
- Misses        459      911     +452     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[juntyr]

Part of the codecov regression is spurious, part is expected. As I've spent the past few commits increasing codecov this is unfortunate, but I'll get to adding coverage for the stack overflow checks at some point :)

[juntyr]

@torkleyy As you might be busy, I will merge this PR on Friday if you don’t object. While this change would break deeply nested structures, I think this can be dealt with by pushing the change to 0.9 instead of 0.8.1. Apart from a new error, the API update is a non-breaking change.

[torkleyy]

Yes limiting the recursion limit is certainly useful especially for untrusted inputs. 👍