Validate column_count in decode_rows_continuation against _MAX_COLUMN_COUNT

decode_body() validated column_count but decode_rows_continuation() did not,
creating an inconsistency where the continuation path had no defense-in-depth
cap on the caller-provided column_count parameter.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: antoineleclair

src/dqlitewire/messages/responses.py

@@ -378,6 +378,8 @@ def decode_rows_continuation(
         method to decode those continuation messages, passing the column_names
         and column_count from the initial response.
         """
+        if column_count > _MAX_COLUMN_COUNT:
+            raise DecodeError(f"Column count {column_count} exceeds maximum {_MAX_COLUMN_COUNT}")
         if len(column_names) != column_count:
             raise DecodeError(
                 f"column_names length ({len(column_names)}) does not match "

tests/test_messages_responses.py

@@ -533,6 +533,21 @@ def test_continuation_column_count_mismatch_raises(self) -> None:
                 column_count=2,
             )
 
+    def test_decode_rows_continuation_rejects_excessive_column_count(self) -> None:
+        """decode_rows_continuation should reject column_count exceeding _MAX_COLUMN_COUNT."""
+        import pytest
+
+        from dqlitewire.exceptions import DecodeError
+
+        body = b"\xff" * 8  # DONE marker
+        excessive = 20_000
+        with pytest.raises(DecodeError, match="exceeds maximum"):
+            RowsResponse.decode_rows_continuation(
+                body,
+                column_names=["c"] * excessive,
+                column_count=excessive,
+            )
+
 
 class TestEmptyResponse:
     def test_encode(self) -> None: