function `setup_pfioc_states()` has a potential multiply with overflow issue without pre-checking

[cicilzx]

Hi, I'm developing a fuzzer to test the safe abstraction, and I found a multiply with overflow when calling function src/lib/setup_pfioc_states(). Below is a test case:

#[allow(warnings, unused, non_snake_case)]
#[test]
fn test_setup_pfioc_states_8Cv9V() {
    let num_states = 2241257528;
    let _ = setup_pfioc_states(num_states);
}

Output:

thread 'test_setup_pfioc_states_8Cv9V' panicked at src/lib.rs:563:27:
attempt to multiply with overflow
stack backtrace:
   0: rust_begin_unwind
             at /rustc/d84b9037541f45dc2c52a41d723265af211c0497/library/std/src/panicking.rs:652:5
   1: core::panicking::panic_fmt
             at /rustc/d84b9037541f45dc2c52a41d723265af211c0497/library/core/src/panicking.rs:72:14
   2: core::panicking::panic_const::panic_const_mul_overflow
             at /rustc/d84b9037541f45dc2c52a41d723265af211c0497/library/core/src/panicking.rs:179:21
   3: pfctl::setup_pfioc_states
             at ./src/lib.rs:563:27
   4: pfctl::test_setup_pfioc_states_8Cv9V
             at ./src/lib.rs:646:13
   5: pfctl::test_setup_pfioc_states_8Cv9V::{{closure}}
             at ./src/lib.rs:629:35
   6: core::ops::function::FnOnce::call_once
             at /rustc/d84b9037541f45dc2c52a41d723265af211c0497/library/core/src/ops/function.rs:250:5
   7: core::ops::function::FnOnce::call_once
             at /rustc/d84b9037541f45dc2c52a41d723265af211c0497/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.

I think checking the scope of pfioc_states after unsafe block would make the external API more robust.

pfctl-rs/src/lib.rs

Line 561 in d47081f

let mut pfioc_states = unsafe { mem::zeroed::<ffi::pfvar::pfioc_states>() };