NewBlockFromBytes: panic: runtime error: slice bounds out of range

[brunoerg]

By applying differential fuzzing (using [email protected]), we noticed that NewBlockFromBytes may panic because of slice bounds out of range. By reproducing the issue in older releases, we noticed they do not panic, just throw an error. It seems to be caused by a recent change: d7396dc#diff-d90adfff2befe29fa72ab522be237f2565daf0abf0dc1069beff4563b13119feL1054-L1055

To reproduce the issue:

package main

import (
	"fmt"
	"github.com/btcsuite/btcd/btcutil"
)

func main() {
	var bytes = []byte{
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x20, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x01, 0x47, 0xa6, 0x00, 0x17, 0xfe, 0xff, 0xff, 0xbe,
		0x00, 0xe1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x40, 0x00, 0x00,
		0x00, 0x00, 0x3a, 0x3a, 0x3a, 0xf7, 0x7a, 0x3a, 0x3a, 0x3a, 0x3a, 0xa1,
		0xa1, 0xa1, 0x31, 0xff, 0xff, 0xff, 0x56, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1,
		0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1,
		0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1,
		0xa1, 0xa1, 0xa1, 0xa1, 0x3a, 0x00, 0x00, 0x00, 0x04, 0x08, 0x00, 0x00,
		0x40, 0x00, 0x00, 0x3a, 0x3a, 0x3a, 0x47, 0x47, 0xa6, 0x00, 0x17, 0xfe,
		0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0x00,
	}

	// Create a new block from the serialized bytes.
	_, err := btcutil.NewBlockFromBytes(bytes)
	if err != nil {
		fmt.Printf("NewBlockFromBytes: %v", err)
		return
	}

	fmt.Printf("Completed")
}

cc: @hax0kartik

[brunoerg]

It's fixed, nevermind.