Add memory DoS prevention comments

zebra-chain/src/transparent/serialize.rs

@@ -196,6 +196,7 @@ impl ZcashDeserialize for Input {
             if len > 100 {
                 return Err(SerializationError::Parse("coinbase has too much data"));
             }
+            // Memory Denial of Service: this length has just been checked
             let mut data = vec![0; len as usize];
             reader.read_exact(&mut data[..])?;
             let (height, data) = parse_coinbase_height(data)?;

zebra-network/src/protocol/external/codec.rs

@@ -615,6 +615,7 @@ impl Codec {
 
         let filter_length: usize = min(body_len, MAX_FILTERADD_LENGTH);
 
+        // Memory Denial of Service: this length has just been bounded
         let mut filter_bytes = vec![0; filter_length];
         reader.read_exact(&mut filter_bytes)?;