decoder: raise default max depth to 1500 and add DecodeUnlimitedDepth

[urvisavla]

What

• Raise DecodeDefaultMaxDepth from 250 → 1500. This is the bound applied to untrusted, user-supplied XDR (anyone using NewDecoder/Unmarshal or MaxDepth: 0).
• Add a new sentinel DecodeUnlimitedDepth = uint(math.MaxUint). Callers decoding trusted XDR (e.g. emitted by stellar-core) can set DecodeOptions{MaxDepth: xdr3.DecodeUnlimitedDepth} to disable the depth limit.

Why

The previous default of 250 was too shallow for some legitimately deep XDR. User-supplied input still needs a guard against unbounded recursion / stack growth, so the default is raised to 1500 rather than removed. Trusted core output, which is acyclic and finite but can nest deeply, gets an explicit opt-out.

Usage

// User-supplied / untrusted XDR — capped at 1500
xdr3.Unmarshal(r, &v)

// Trusted XDR emitted by stellar-core — no depth limit
xdr3.UnmarshalWithOptions(r, &v, xdr3.DecodeOptions{
    MaxDepth: xdr3.DecodeUnlimitedDepth,
})

Implementation notes

• 0 already means "use the default", so a separate sentinel was needed for "unlimited". math.MaxUint reuses the existing countdown logic untouched — no hot-path change — and is effectively unbounded for any real nesting.
• Trade-off: DecodeUnlimitedDepth is not truly unbounded; a genuinely cyclic/adversarial input would no longer be caught by the depth check. That's intended, since this knob is only for trusted input (documented on the constant).

Testing

• Added TestDecodeUnlimitedDepth: builds a chain nested 100 levels past the default, confirms the default limit rejects it (ErrMaxDecodingDepth) and DecodeUnlimitedDepth decodes it cleanly.
• Full suite green across xdr, xdr2, xdr3.

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Raises the default XDR decoding depth limit in xdr3 from 250 to 1500 and introduces a DecodeUnlimitedDepth sentinel (math.MaxUint) for callers decoding trusted XDR (e.g., stellar-core output) where deep nesting is expected.

Changes:

• Raise DecodeDefaultMaxDepth from 250 to 1500 and expand its doc comment.
• Add new DecodeUnlimitedDepth constant and document it in DecodeOptions.MaxDepth.
• Add TestDecodeUnlimitedDepth covering both the default-limit rejection and the unlimited-depth success path via a self-referential linkedNode type.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
xdr3/decode.go	Bumps default max depth to 1500 and adds DecodeUnlimitedDepth sentinel with docs on MaxDepth.
xdr3/decode_test.go	Adds linkedNode helper and TestDecodeUnlimitedDepth exercising default-limit failure and unlimited-depth success.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.