decode: guard against panics when alloc is disabled

The existing code panics if you try to decode a too-large checksum and
it fails, which is definitely wrong. Fix this so that FieldVec::from_iter
does not panic, allowing the "invalid residue" error to be constructed.

There is also a panic when trying to correct too-large checksums. This
is arguably permissible, since it's something that's detectable at
compile time (though what would be even better is if this language would
support telling the compiler to do this; see
rust-lang/rust#92827
for more info). But remove it anyway.

Author: apoelstra

src/primitives/correction.rs

@@ -65,8 +65,17 @@ pub trait CorrectableError {
 
     /// Wrapper around [`Self::residue_error`] that outputs a correction context.
     ///
+    /// Will return None if the error is not a correctable one, or if the **alloc**
+    /// feature is disabled and the checksum is too large. See the documentation
+    /// for [`NO_ALLOC_MAX_LENGTH`] for more information.
+    ///
     /// This is the function that users should call.
     fn correction_context<Ck: Checksum>(&self) -> Option<Corrector<Ck>> {
+        #[cfg(not(feature = "alloc"))]
+        if Ck::CHECKSUM_LENGTH >= NO_ALLOC_MAX_LENGTH {
+            return None;
+        }
+
         self.residue_error().map(|e| Corrector { residue: e.residue(), phantom: PhantomData })
     }
 }

src/primitives/decode.rs

@@ -1028,7 +1028,9 @@ impl InvalidResidueError {
     /// holds the target residue but this doesn't help), the caller will need
     /// to obtain the checksum from somewhere else in order to make use of this.
     ///
-    /// Not public because [`Polynomial`] is a private type.
+    /// Not public because [`Polynomial`] is a private type, and because the
+    /// subtraction will panic if this is called without checking has_data
+    /// on the FieldVecs.
     pub(super) fn residue(&self) -> Polynomial<Fe32> { self.actual.clone() - &self.target }
 }