From 2271ddedcc7f7ed964a6d09d0ce81dcc415d5c95 Mon Sep 17 00:00:00 2001
From: Simon Cruanes <simon.cruanes.2007@m4x.org>
Date: Tue, 10 Feb 2026 03:14:50 +0000
Subject: [PATCH] fix leb128 slice bug

---
 src/leb128/containers_leb128.ml |  4 ++--
 tests/leb128/t_leb128.ml        | 39 +++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/src/leb128/containers_leb128.ml b/src/leb128/containers_leb128.ml
index d43f3121..11171d26 100644
--- a/src/leb128/containers_leb128.ml
+++ b/src/leb128/containers_leb128.ml
@@ -14,7 +14,7 @@ module Decode = struct
     while !continue do
       if sl.len <= 0 then invalid_arg "out of bound";
       incr n_consumed;
-      let b = Char.code (Bytes.get sl.bs !off) in
+      let b = Char.code (Bytes.get sl.bs (sl.off + !off)) in
       let cur = b land 0x7f in
       if cur <> b then (
         (* at least one byte follows this one *)
@@ -39,7 +39,7 @@ module Decode = struct
     while !continue do
       if sl.len <= 0 then invalid_arg "out of bound";
       incr n_consumed;
-      let b = Char.code (Bytes.get sl.bs !off) in
+      let b = Char.code (Bytes.get sl.bs (sl.off + !off)) in
       let cur = b land 0x7f in
       if cur <> b then (
         (* at least one byte follows this one *)
diff --git a/tests/leb128/t_leb128.ml b/tests/leb128/t_leb128.ml
index a937000f..28114c6d 100644
--- a/tests/leb128/t_leb128.ml
+++ b/tests/leb128/t_leb128.ml
@@ -226,5 +226,44 @@ assert_equal ~printer:Int64.to_string 500L v2;
 assert_equal ~printer:string_of_int 2 n1;
 assert_equal ~printer:string_of_int 2 n2;
 true
+;;
+
+t @@ fun () ->
+(* Test decoding from a slice with non-zero offset *)
+let bytes = Bytes.of_string "\x00\x00\x54\x00" in
+let slice = Slice.create ~off:2 ~len:1 bytes in
+assert_equal
+  ~printer:(fun c -> Printf.sprintf "0x%02x" (Char.code c))
+  '\x54' (Slice.get slice 0);
+let v, n = Leb128.Decode.int_truncate slice 0 in
+assert_equal ~printer:string_of_int 42 v;
+assert_equal ~printer:string_of_int 1 n;
+true
+;;
+
+t @@ fun () ->
+(* Test decoding u64 from a slice with non-zero offset *)
+let bytes = Bytes.of_string "\xFF\xFF\x2A\x00" in
+let slice = Slice.create ~off:2 ~len:1 bytes in
+assert_equal
+  ~printer:(fun c -> Printf.sprintf "0x%02x" (Char.code c))
+  '\x2A' (Slice.get slice 0);
+let v, n = Leb128.Decode.u64 slice 0 in
+assert_equal ~printer:Int64.to_string 42L v;
+assert_equal ~printer:string_of_int 1 n;
+true
+;;
+
+t @@ fun () ->
+(* Test decoding from a sub-slice *)
+let buf = Buf.create () in
+Buf.append_string buf "padding";
+Leb128.Encode.int buf 42;
+let slice = Buf.to_slice buf in
+let sub_slice = Slice.sub slice 7 (Slice.len slice - 7) in
+let v, n = Leb128.Decode.int_truncate sub_slice 0 in
+assert_equal ~printer:string_of_int 42 v;
+assert_equal ~printer:string_of_int 1 n;
+true
 
 let () = Containers_testlib.run_all ~descr:"test leb128" [ get () ]