Maybe net.ParseIP shouldn't successfully parse IP addresses out of unbounded inputs?

e.g. fmt.Println(net.ParseIP(strings.Repeat("0", 10<<20) + "000000192.0000168.00000.00001")) passes, as does UnmarshalText (https://play.golang.org/p/bXGEzOS6KVQ)

Of course, in both those cases the data is already fully in memory, so most the harm has been done if this is attacker-controlled.

Still, a bit surprising. Intentional?

Some parsers reject past 3 digits per octet, so 196.168.020.001 is valid, but not 0196.0168.0020.0001.