`NewBlockFromBytes`: panic: runtime error: slice bounds out of range

By applying differential fuzzing (using btcd@0.24.0), we noticed that NewBlockFromBytes may panic because of slice bounds out of range. By reproducing the issue in older releases, we noticed they do not panic, just throw an error. It seems to be caused by a recent change: https://github.com/btcsuite/btcd/commit/d7396dc13d8021001ab05684c99f465ea16fedc8#diff-d90adfff2befe29fa72ab522be237f2565daf0abf0dc1069beff4563b13119feL1054-L1055

To reproduce the issue:

package main

import (
    "fmt"
    "github.com/btcsuite/btcd/btcutil"
)

func main() {
    var bytes = []byte{
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x20, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x01, 0x47, 0xa6, 0x00, 0x17, 0xfe, 0xff, 0xff, 0xbe,
        0x00, 0xe1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x40, 0x00, 0x00,
        0x00, 0x00, 0x3a, 0x3a, 0x3a, 0xf7, 0x7a, 0x3a, 0x3a, 0x3a, 0x3a, 0xa1,
        0xa1, 0xa1, 0x31, 0xff, 0xff, 0xff, 0x56, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1,
        0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1,
        0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1, 0xa1,
        0xa1, 0xa1, 0xa1, 0xa1, 0x3a, 0x00, 0x00, 0x00, 0x04, 0x08, 0x00, 0x00,
        0x40, 0x00, 0x00, 0x3a, 0x3a, 0x3a, 0x47, 0x47, 0xa6, 0x00, 0x17, 0xfe,
        0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 0x00,
    }

    // Create a new block from the serialized bytes.
    _, err := btcutil.NewBlockFromBytes(bytes)
    if err != nil {
        fmt.Printf("NewBlockFromBytes: %v", err)
        return
    }

    fmt.Printf("Completed")
}

cc: @hax0kartik

btcsuite / btcd

`NewBlockFromBytes`: panic: runtime error: slice bounds out of range #2193