A number of early continue cases applied the packet-provided `size`
without validation, allowing large uint32_t values to be treated as
negative offsets and leading to segfaults.
Now, we validate `size` against the buffer length immediately to avoid a
crash.
This could be triggered by receiving sync data for a synchronizer who's
root node had just been removed, since the code path that checked for
unusable sync state failed to advance the offset. Thus the next read
could interpret part of the payload as such an invalid `size`.
Now, we properly advance the read offset in that case (and raise a
better error).
2eadbe7b78