Fix dec_slice_packed_bool when bools are inefficiently encoded.

This doesn't occur in practice, but was discovered by gofuzz
(reported in #76).

proto/all_test.go

@@ -2010,6 +2010,19 @@ func TestOneof(t *testing.T) {
 	}
 }
 
+func TestInefficientPackedBool(t *testing.T) {
+	// https://github.com/golang/protobuf/issues/76
+	inp := []byte{
+		0x12, 0x02, // 0x12 = 2<<3|2; 2 bytes
+		// Usually a bool should take a single byte,
+		// but it is permitted to be any varint.
+		0xb9, 0x30,
+	}
+	if err := Unmarshal(inp, new(MoreRepeated)); err != nil {
+		t.Error(err)
+	}
+}
+
 // Benchmarks
 
 func testMsg() *GoTest {

proto/decode.go

@@ -597,9 +597,13 @@ func (o *Buffer) dec_slice_packed_bool(p *Properties, base structPointer) error
 		return err
 	}
 	nb := int(nn) // number of bytes of encoded bools
+	fin := o.index + nb
+	if fin < o.index {
+		return errOverflow
+	}
 
 	y := *v
-	for i := 0; i < nb; i++ {
+	for o.index < fin {
 		u, err := p.valDec(o)
 		if err != nil {
 			return err