Catch overflow when incrementing src pointers.
diff --git a/decode.go b/decode.go
index 8bab5bd..5ede74e 100644
--- a/decode.go
+++ b/decode.go
@@ -63,25 +63,25 @@
s++
case x == 60:
s += 2
- if s > len(src) {
+ if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
return nil, ErrCorrupt
}
x = uint(src[s-1])
case x == 61:
s += 3
- if s > len(src) {
+ if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
return nil, ErrCorrupt
}
x = uint(src[s-2]) | uint(src[s-1])<<8
case x == 62:
s += 4
- if s > len(src) {
+ if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
return nil, ErrCorrupt
}
x = uint(src[s-3]) | uint(src[s-2])<<8 | uint(src[s-1])<<16
case x == 63:
s += 5
- if s > len(src) {
+ if uint(s) > uint(len(src)) { // The uint conversions catch overflow from the previous line.
return nil, ErrCorrupt
}
x = uint(src[s-4]) | uint(src[s-3])<<8 | uint(src[s-2])<<16 | uint(src[s-1])<<24
diff --git a/encode.go b/encode.go
index 834e3b0..297e628 100644
--- a/encode.go
+++ b/encode.go
@@ -111,7 +111,7 @@
t int // The last position with the same hash as s.
lit int // The start position of any pending literal bytes.
)
- for s+3 < len(src) {
+ for uint(s+3) < uint(len(src)) { // The uint conversions catch overflow from the +3.
// Update the hash table.
b0, b1, b2, b3 := src[s], src[s+1], src[s+2], src[s+3]
h := uint32(b0) | uint32(b1)<<8 | uint32(b2)<<16 | uint32(b3)<<24
