Assert validity on the raw socket in SockRef::from

Since we now use the niche feature on Unix it's unsound to use
SockRef::from(-1), but it can be done without any unsafe. This change
adds an assertion to ensure we hit this soundness issue.

Still need to wait on the I/O safety RFC:
https://github.com/rust-lang/rfcs/blob/master/text/3128-io-safety.md
Tracking issue: rust-lang/rust#87074
Implementation pr: rust-lang/rust#87329

Author: Thomasdezeeuw

src/sockref.rs

@@ -109,8 +109,10 @@ where
 {
     /// The caller must ensure `S` is actually a socket.
     fn from(socket: &'s S) -> Self {
+        let fd = socket.as_raw_fd();
+        assert!(fd >= 0);
         SockRef {
-            socket: ManuallyDrop::new(unsafe { Socket::from_raw_fd(socket.as_raw_fd()) }),
+            socket: ManuallyDrop::new(unsafe { Socket::from_raw_fd(fd) }),
             _lifetime: PhantomData,
         }
     }
@@ -125,8 +127,10 @@ where
 {
     /// See the `From<&impl AsRawFd>` implementation.
     fn from(socket: &'s S) -> Self {
+        let socket = socket.as_raw_socket();
+        assert!(socket != winapi::um::winsock2::INVALID_SOCKET);
         SockRef {
-            socket: ManuallyDrop::new(unsafe { Socket::from_raw_socket(socket.as_raw_socket()) }),
+            socket: ManuallyDrop::new(unsafe { Socket::from_raw_socket(socket) }),
             _lifetime: PhantomData,
         }
     }
@@ -141,3 +145,12 @@ impl fmt::Debug for SockRef<'_> {
             .finish()
     }
 }
+
+#[test]
+#[should_panic]
+fn sockref_from_invalid_fd() {
+    #[cfg(unix)]
+    let _ = SockRef::from(&-1);
+    #[cfg(windows)]
+    let _ = SockRef::from(&winapi::um::winsock2::INVALID_SOCKET);
+}