Add bounds check for file content in FilesResponse.decode_body

The file content slice used Python's silent truncation behavior when
the declared size exceeded available data. Now raises DecodeError
with a clear message about the truncation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqlitewire/messages/responses.py

@@ -517,6 +517,11 @@ def decode_body(cls, data: bytes, schema: int = 0) -> "FilesResponse":
             offset += consumed
             size = decode_uint64(data[offset:])
             offset += 8
+            if offset + size > len(data):
+                raise DecodeError(
+                    f"FilesResponse file content truncated: expected {size} bytes "
+                    f"at offset {offset}, but only {len(data) - offset} bytes available"
+                )
             content = data[offset : offset + size]
             # No padding after content — matches Go's byte-by-byte read.
             offset += size

tests/test_messages_responses.py

@@ -607,6 +607,20 @@ def test_file_count_exceeds_hard_limit(self) -> None:
         with pytest.raises(DecodeError, match="File count.*exceeds maximum"):
             FilesResponse.decode_body(body)
 
+    def test_truncated_file_content_raises(self) -> None:
+        """Declared file size larger than available data should raise DecodeError."""
+        import pytest
+
+        from dqlitewire.exceptions import DecodeError
+        from dqlitewire.types import encode_text, encode_uint64
+
+        body = encode_uint64(1)  # count=1
+        body += encode_text("test.db")  # filename
+        body += encode_uint64(4096)  # claims 4096 bytes
+        body += b"\x00" * 100  # but only 100 bytes available
+        with pytest.raises(DecodeError, match="truncated"):
+            FilesResponse.decode_body(body)
+
 
 class TestServersResponse:
     def test_empty(self) -> None: