Add fuzz test to handle length math issues with Messages and Headers

fuzz/fuzz_targets/header_length.rs

@@ -1,21 +1,15 @@
 #![no_main]
 use libfuzzer_sys::fuzz_target;
-use mongodb::cmap::conn::wire::header::Header;
+use mongodb::cmap::conn::wire::{header::Header, message::Message};
 
 fuzz_target!(|data: &[u8]| {
     if data.len() < Header::LENGTH {
         return;
     }
     if let Ok(header) = Header::from_slice(data) {
-        if header.length < 0 {
-            panic!("Negative length detected: {}", header.length);
-        }
-        if header.length as usize > std::usize::MAX - Header::LENGTH {
-            panic!("Integer overflow detected in length calculation");
-        }
-        let total_size = Header::LENGTH + header.length as usize;
-        if total_size > data.len() {
-            return;
+        let data = &data[Header::LENGTH..];
+        if let Ok(message) = Message::read_from_slice(data, header) {
+            let _ = message;
         }
     }
 });

src/cmap/conn/wire/header.rs

@@ -51,6 +51,8 @@ impl Header {
     #[cfg(not(feature = "fuzzing"))]
     pub(crate) const LENGTH: usize = 4 * std::mem::size_of::<i32>();
 
+    // generates a Header from a randomly generated slice of bytes, as long as the slice is at least
+    // 16 bytes long this is used for fuzzing
     #[cfg(feature = "fuzzing")]
     pub fn from_slice(data: &[u8]) -> Result<Self> {
         if data.len() < Self::LENGTH {