Fail early for messages with more than 65k fields.

This would already cause problems for any generated code, and C++ dynamic messages would overflow a uint16_t during parse.

PiperOrigin-RevId: 794732114

Author: mkruskal-google

python/google/protobuf/internal/proto_builder_test.py

@@ -66,7 +66,7 @@ def testMakeSameProtoClassTwice(self):
 
   def testMakeLargeProtoClass(self):
     """Test that large created protos don't use reserved field numbers."""
-    num_fields = 123456
+    num_fields = 65000
     fields = {
         'foo%d' % i: descriptor_pb2.FieldDescriptorProto.TYPE_INT64
         for i in range(num_fields)

src/google/protobuf/descriptor.cc

@@ -96,7 +96,8 @@ namespace google {
 namespace protobuf {
 namespace {
 
-const int kPackageLimit = 100;
+constexpr int kPackageLimit = 100;
+constexpr int kMaxFieldsPerMessage = 65535;
 
 
 size_t CamelCaseSize(const absl::string_view input) {
@@ -6870,6 +6871,16 @@ void DescriptorBuilder::BuildMessage(const DescriptorProto& proto,
       });
     }
   }
+
+  if (result->field_count() > kMaxFieldsPerMessage) {
+    AddError(
+        result->full_name(), proto, DescriptorPool::ErrorCollector::TYPE, [&] {
+          return absl::StrCat(result->field_count(), " fields in ",
+                              result->full_name(), " exceeds the limit of ",
+                              kMaxFieldsPerMessage);
+        });
+  }
+
   // Check that fields aren't using reserved names or numbers and that they
   // aren't using extension numbers.
   for (int i = 0; i < result->field_count(); i++) {

src/google/protobuf/descriptor_unittest.cc

@@ -13786,6 +13786,27 @@ TEST_F(ValidationErrorTest, PackageTooLong) {
       "aaaaaaaa: NAME: Package name is too long\n");
 }
 
+TEST_F(ValidationErrorTest, TooManyFieldsInMessage) {
+  FileDescriptorProto file = ParseTextOrDie(R"pb(
+    name: "foo.proto"
+    syntax: "proto2"
+    package: "test"
+    message_type { name: "Foo" }
+  )pb");
+
+  for (int i = 0; i < 70000; ++i) {
+    FieldDescriptorProto* field = file.mutable_message_type(0)->add_field();
+    field->set_name(absl::StrCat("field", i));
+    field->set_number(i + 1);
+    field->set_label(FieldDescriptorProto::LABEL_OPTIONAL);
+    field->set_type(FieldDescriptorProto::TYPE_INT32);
+  }
+  BuildFileWithErrors(
+      file,
+      "foo.proto: test.Foo: TYPE: 70000 fields in test.Foo exceeds the limit "
+      "of 65535\n");
+}
+
 
 // ===================================================================
 // DescriptorDatabase