TROVE-2021-001: Bug in dump_desc() code
The dump_desc() code dumps its entire input, but it is sometimes called with an input that extends beyond the end of the string.
This can cause two kinds of bugs:
- A CPU-based DOS bug, where we try to parse a string that contains a zillion tiny unparseable descriptors.
- Possibly, an unbounded read bug, where we read off the end of an allocation. The latter is not a privacy leak, since we don't expose the data, but it could be a crash bug. (I think it might not even be a crash bug, since we NUL-terminate our downloads, but we should check.)
For 0.3.5 through 0.4.4, I believe we should just disable dump_desc().
For a real fix, we should give it a length argument.