Fix: add missing bound checking in decode_packet

Fix: add missing bound checking in decode_packet

Found by Coverity:

overflow_assign: Assigning overflowed or truncated value (or a value
computed from an overflowed or a truncated value) to toread.

overflow: Subtract operation overflows on operands toread and
readlen. Example values for operands: toread = 268435457, readlen =
9223372037074107386.

overflow_assign: Assigning overflowed or truncated value (or a value
computed from an overflowed or a truncated value) to readlen.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>