fix: add _MAX_PARAM_COUNT cap to decode_params_tuple

Defense-in-depth: reject V1 params tuples claiming more than
100,000 parameters early, before allocating type-code lists.
Matches the pattern used by _MAX_COLUMN_COUNT, _MAX_FILE_COUNT,
and _MAX_NODE_COUNT in responses.py. SQLite's default limit is
999 parameters (compile-time max 32766).

Closes #170.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqlitewire/tuples.py

@@ -17,6 +17,11 @@
 # Valid ValueType codes as integers, for fast membership testing in hot paths.
 _VALID_TYPE_CODES = frozenset(int(v) for v in ValueType)
 
+# Defense-in-depth cap on parameter count, matching the pattern used by
+# _MAX_COLUMN_COUNT, _MAX_FILE_COUNT, and _MAX_NODE_COUNT in responses.py.
+# SQLite's default limit is 999 (compile-time max 32766).
+_MAX_PARAM_COUNT = 100_000
+
 
 class RowMarker(Enum):
     """Row marker detected during header parsing."""
@@ -134,6 +139,11 @@ def decode_params_tuple(
         # Count was externally provided, no data consumed
         return [], 0
 
+    # Defense-in-depth: reject unreasonable parameter counts early,
+    # before allocating type-code lists or iterating over values.
+    if count > _MAX_PARAM_COUNT:
+        raise DecodeError(f"Parameter count {count} exceeds maximum ({_MAX_PARAM_COUNT})")
+
     # Header: count field (if read from data) + type codes, padded to word boundary.
     # When count was externally provided, the data starts directly with type codes
     # so count_size is 0.

tests/test_tuples.py

@@ -1,6 +1,11 @@
 """Tests for tuple encoding/decoding."""
 
+import struct
+
+import pytest
+
 from dqlitewire.constants import ValueType
+from dqlitewire.exceptions import DecodeError
 from dqlitewire.tuples import (
     RowMarker,
     decode_params_tuple,
@@ -565,3 +570,24 @@ def test_roundtrip_with_null(self) -> None:
         encoded = encode_row_values(values, types)
         decoded, _ = decode_row_values(encoded, types)
         assert decoded == values
+
+
+class TestParamsTupleMaxCount:
+    """170: decode_params_tuple should reject excessive parameter counts."""
+
+    def test_v1_count_exceeding_cap_raises(self) -> None:
+        """A V1 params tuple claiming 200_000 params should be rejected."""
+        # Craft a V1 header with count = 200_000
+        count = 200_000
+        header = struct.pack("<I", count)
+        # Pad to a full 8-byte word
+        data = header + b"\x00" * 4
+        with pytest.raises(DecodeError, match="exceeds maximum"):
+            decode_params_tuple(data, schema=1)
+
+    def test_v0_count_within_cap_succeeds(self) -> None:
+        """V0 counts (max 255) should never hit the cap."""
+        # Encode a valid empty-params V0 tuple (count=0)
+        data = b"\x00" + b"\x00" * 7  # count=0, padded to 8 bytes
+        result, _ = decode_params_tuple(data, schema=0)
+        assert result == []