Merge pull request #4013 from elasota/spec-clarify-offset-code-overflow

Specify that decoders may reject non-zero probabilities for larger offset codes than implementation supports

diff --cc doc/zstd_compression_format.md
index fb0090f9ab1d386d540ea6ece3afdff6e206424d,8a60e56dfe5870de4a2f5ff15d3074def382bd18..e1e66c830c6bc9cb9d08d7eb7908e158149fff0c
--- 1/doc/zstd_compression_format.md
--- 2/doc/zstd_compression_format.md
+++ b/doc/zstd_compression_format.md
@@@ -1125,9 -1125,14 +1125,12 @@@ If it is a 3, another 2-bits repeat fla
  
  When last symbol reaches cumulated total of `1 << Accuracy_Log`,
  decoding is complete.
 -If the last symbol makes cumulated total go above `1 << Accuracy_Log`,
 -distribution is considered corrupted.
  If this process results in a non-zero probability for a value outside of the
  valid range of values that the FSE table is defined for, even if that value is
- not used, then the data is considered corrupted.
+ not used, then the data is considered corrupted.  In the case of offset codes,
+ a decoder implementation may reject a frame containing a non-zero probability
+ for an offset code larger than the largest offset code supported by the decoder
+ implementation.
  
  Then the decoder can tell how many bytes were used in this process,
  and how many symbols are present.