Catch overflow when incrementing src pointers.

decode.go

@@ -103,7 +103,7 @@ func Decode(dst, src []byte) ([]byte, error) {
 
 		case tagCopy1:
 			s += 2
-			if s > len(src) {
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
 				return nil, ErrCorrupt
 			}
 			length = 4 + int(src[s-2])>>2&0x7
@@ -111,7 +111,7 @@ func Decode(dst, src []byte) ([]byte, error) {
 
 		case tagCopy2:
 			s += 3
-			if s > len(src) {
+			if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
 				return nil, ErrCorrupt
 			}
 			length = 1 + int(src[s-3])>>2