Add boundary checks to prevent memory safety issues in BgpLayer::getHeaderLen

[danasana]

Closes #1864

This PR fixes heap-use-after-free and heap-buffer-overflow issues in BgpLayer::getHeaderLen(), reported by AddressSanitizer when extending or shortening the BGP layer

Added boundary checks to ensure that requested offsets and lengths do not exceed:

• the current layer length,
• the total packet length,
• the next layer boundary.

Added regression_samples

[Dimi1010]

I'm unsure why the CI has a failure on checkout on windows. :/

[Dimi1010]

I'm unsure why the CI has a failure on checkout on windows. :/

I think the error is that Windows can't contain : in the file names as that is reserved symbol.

[codecov]

Codecov Report

❌ Patch coverage is 52.63158% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.49%. Comparing base (098dd4b) to head (075bb45).

Files with missing lines	Patch %	Lines
Packet++/src/Layer.cpp	47.05%	18 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##              dev    #1954      +/-   ##
==========================================
- Coverage   83.51%   83.49%   -0.02%     
==========================================
  Files         310      310              
  Lines       54884    54910      +26     
  Branches    12220    12223       +3     
==========================================
+ Hits        45834    45849      +15     
- Misses       7786     8197     +411     
+ Partials     1264      864     -400     

Flag	Coverage Δ
alpine320	75.91% <27.77%> (-0.05%)	⬇️
fedora42	76.06% <27.77%> (-0.05%)	⬇️
macos-13	81.61% <28.94%> (-0.04%)	⬇️
macos-14	81.61% <28.94%> (-0.04%)	⬇️
macos-15	81.62% <28.94%> (-0.03%)	⬇️
mingw32	70.22% <17.64%> (-0.09%)	⬇️
mingw64	70.20% <16.66%> (+0.01%)	⬆️
npcap	?
rhel94	75.76% <27.77%> (-0.05%)	⬇️
ubuntu2004	60.22% <27.77%> (-0.03%)	⬇️
ubuntu2004-zstd	60.32% <27.77%> (-0.03%)	⬇️
ubuntu2204	75.70% <27.77%> (-0.07%)	⬇️
ubuntu2204-icpx	60.75% <28.94%> (-0.04%)	⬇️
ubuntu2404	75.95% <27.77%> (-0.02%)	⬇️
ubuntu2404-arm64	75.58% <27.77%> (-0.05%)	⬇️
unittest	83.49% <52.63%> (-0.02%)	⬇️
windows-2022	85.45% <45.45%> (+0.10%)	⬆️
windows-2025	85.48% <45.45%> (+0.07%)	⬆️
winpcap	85.48% <45.45%> (-0.13%)	⬇️
xdp	53.54% <27.77%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[seladb]

Why are these checks needed? All we need to check is that offsetInLayer is within the layer's boundary, which means it is smaller than or equal to m_DataLen. Why do we need to compare it to the whole packet or involve m_NextLayer?

[seladb]

ditto

[seladb]

How can such a thing happen? curLayer->getHeaderLen() should never exceed the packet data, unless we have a bug in one of the layers

[seladb]

ditto