GHSA-jv2j-mqmw-xvv5: SurrealDB: Denial of Service via deep operator chains

An authenticated user could crash a SurrealDB server with a single query containing a long chain of operators.

Such a query — for example RETURN 1 + 1 + 1 + ... with tens of thousands of terms — is parsed into an expression tree one level deep per operator. Because the chain is flat and the pratt parser appends to it iteratively, the configured query- and object-recursion limits never fire, so the tree grows unbounded with the length of the query.

The root cause: the over-deep tree is later walked recursively, one call per node, when it is dropped, formatted, or lowered for execution — overflowing the thread stack and aborting the process.