There are several checks on string length in BinaryDecoder. However, it lacks the same checks for byte arrays.
- Negative lengths lead to IllegalArgumentException instead of org.apache.avro.AvroRuntimeException
- Pathologically large (however legal) arrays can be allocated. Some applications will be suffer denial of service if they are forced to allocate 1 GB arrays repeatedly.