[GIT PULL] liburing.h: fix integer overflow in recvmsg_validate and payload_length wraparound

[YooLCD]

io_uring_recvmsg_validate() computed the required header size by summing
msg_controllen (size_t) and msg_namelen (socklen_t) before comparing
against buf_len. When msg_controllen is near SIZE_MAX, this addition
overflows unsigned long, making the computed header appear small and
bypassing the buffer length check entirely.

io_uring_recvmsg_payload_length() could return ~4GB when msg_namelen +
msg_controllen exceeded buf_len, because payload_start > payload_end
and the unsigned subtraction wrapped around.

Fix recvmsg_validate() by checking each field separately against the
remaining space after the previous field. Fix payload_length() by
guarding against payload_start >= payload_end.

Tests added to test/recv-multishot.c.

[axboe]

msg_controllen and msg_namelen should never be > INT_MAX - with that in mind, is there still an issue? I'm not opposed to doing this as a cleanup, but the kernel should never pass back anything that's anywhere near SIZE_MAX here.

[YooLCD]

Thanks for the review! These fields are set by the caller before submitting the request, not populated by the kernel response, so a buggy caller could trigger the overflow. The fix is minimal and makes the safety explicit.

[axboe]

Gotcha, yes that makes more sense, and agree we might as well do it, doesn't hurt anything and helps improve readability too. Can you check the CI results? Failing on Alpine.

[YooLCD]

Thanks for the review! Could you re-run the CI? I've pushed a fix for the Alpine build failure.

[axboe]

Please squash into a single fix, doesn't make sense to have a known broken commit and then fixups on top.

[YooLCD]

Done! squashed into a single commit.