core: ssz offset validation

[pinebit]

Fix SSZ offset validation panic in unsigned data decoding.

category: bug
ticket: none

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

❌ Patch coverage is 78.57143% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.10%. Comparing base (2c42245) to head (7bcddb4).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
core/proto.go	75.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4529      +/-   ##
==========================================
+ Coverage   57.01%   57.10%   +0.08%     
==========================================
  Files         245      245              
  Lines       32971    33003      +32     
==========================================
+ Hits        18799    18845      +46     
+ Misses      11789    11783       -6     
+ Partials     2383     2375       -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Fixes a panic when decoding malformed SSZ “versioned” payloads by validating that the decoded offset does not exceed the input buffer length, ensuring unsigned data decoding returns a proper error instead of panicking.

Changes:

• Add upper-bound checks for SSZ offsets in unmarshalSSZVersionedBlinded and unmarshalSSZVersioned.
• Add panic recovery to UnsignedDataSetFromProto and factor shared recovery logic into recoverPanicErr.
• Add regression tests covering out-of-bounds SSZ offsets and recoverPanicErr behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
core/ssz.go	Prevents slice-bounds panics by rejecting SSZ offsets that exceed len(buf).
core/proto.go	Ensures panics during unsigned data decoding are converted into errors; centralizes recovery formatting.
core/proto_internal_test.go	Adds regression tests to confirm malformed SSZ offsets return ssz.ErrOffset and do not trigger panic recovery.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.