accel/qaic: tighten bounds checking in decode_message()

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: tighten bounds checking in decode_message()

Copy the bounds checking from encode_message() to decode_message().

This patch addresses the following concerns. Ensure that there is enough space for at least one header so that we don't have a negative size later.

if (msg_hdr_len < sizeof(*trans_hdr))

Ensure that we have enough space to read the next header from the msg->data.

if (msg_len > msg_hdr_len - sizeof(*trans_hdr)) return -EINVAL;

Check that the trans_hdr->len is not below the minimum size:

if (hdr_len < sizeof(*trans_hdr))

This minimum check ensures that we don't corrupt memory in decode_passthrough() when we do.

memcpy(out_trans->data, in_trans->data, len - sizeof(in_trans->hdr));

And finally, use size_add() to prevent an integer overflow:

if (size_add(msg_len, hdr_len) > msg_hdr_len)