umb: avoid wild pointer dereference in umb_decap()

When processing messages produced by the USB device, umb_decap() trusts
ptroff and later dlen and doff with pointer arithmetic, without
sufficient sanity checks. The resulting pointer address may be outside
of the valid boundary, causing the wrong memory to be copied or a page
fault.

This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.

PR: 284920
Reported by: Robert Morris <rtm@lcs.mit.edu>
Approved by: philip (mentor)
Sponsored by: The FreeBSD Foundation