Reject zero offsets in a length/offset pair.

The spec at
https://github.com/google/snappy/blob/master/format_description.txt
says that, "Offsets of zero can be encoded, but are not legal".

decode.go

@@ -121,7 +121,7 @@ func Decode(dst, src []byte) ([]byte, error) {
 			return nil, errUnsupportedCopy4Tag
 		}
 
-		if offset > d || length > len(dst)-d {
+		if offset <= 0 || d < offset || length > len(dst)-d {
 			return nil, ErrCorrupt
 		}
 		for end := d + length; d != end; d++ {

snappy_test.go

@@ -197,6 +197,11 @@ func TestDecode(t *testing.T) {
 		"\x08" + "\x0cabcd" + "\x01\x04",
 		"abcdabcd",
 		nil,
+	}, {
+		`decodedLen=8; tagLiteral (4 bytes "abcd"); tagCopy1; length=4 offset=0; zero offset`,
+		"\x08" + "\x0cabcd" + "\x01\x00",
+		"",
+		ErrCorrupt,
 	}, {
 		`decodedLen=9; tagLiteral (4 bytes "abcd"); tagCopy1; length=4 offset=4; inconsistent dLen`,
 		"\x09" + "\x0cabcd" + "\x01\x04",