Sanitize the search offset which is user-controlled via the requested page
We cannot sanitize the requested page before searching because we do not know the number of results and hence pages yet. However, specificying an arbitrarily large page yields an arbitrarily large offset which Tantivy uses to size an internal allocation of a binary heap which can fail and thereby abort the whole process.
We can however avoid this by sanitizing the offset itself which can never be larger than the overall number of documents stored in the index, no matter the query. This way we can avoid arbitrarily large allocations and hence the denial-of-service condition caused by them.
Closes #248 (closed)
Edited by Adam Reichold