Fix a too-long uncompressed frame chunk causing a panic.

It should return an error instead.

Fixes #26.

decode.go

@@ -195,6 +195,10 @@ func (r *Reader) Read(p []byte) (int, error) {
 			checksum := uint32(buf[0]) | uint32(buf[1])<<8 | uint32(buf[2])<<16 | uint32(buf[3])<<24
 			// Read directly into r.decoded instead of via r.buf.
 			n := chunkLen - checksumSize
+			if n > len(r.decoded) {
+				r.err = ErrCorrupt
+				return 0, r.err
+			}
 			if !r.readFull(r.decoded[:n]) {
 				return 0, r.err
 			}

snappy_test.go

@@ -725,6 +725,20 @@ func TestFlush(t *testing.T) {
 	}
 }
 
+func TestReaderUncompressedDataTooLong(t *testing.T) {
+	// https://github.com/google/snappy/blob/master/framing_format.txt section
+	// 4.3 says that "the maximum legal chunk length... is 65540", or 0x10004.
+	const n = 0x10005
+
+	r := NewReader(strings.NewReader(magicChunk +
+		"\x01\x05\x00\x01" + // Uncompressed chunk, n bytes long.
+		strings.Repeat("\x00", n),
+	))
+	if _, err := ioutil.ReadAll(r); err != ErrCorrupt {
+		t.Fatalf("got %v, want %v", err, ErrCorrupt)
+	}
+}
+
 func TestReaderReset(t *testing.T) {
 	gold := bytes.Repeat([]byte("All that is gold does not glitter,\n"), 10000)
 	buf := new(bytes.Buffer)