Merge commit from fork

* BodyParser: slice/array invalid range
- add test case

* BodyParser: slice/array invalid range

Author: ReneWerner87

ctx_test.go

@@ -654,6 +654,31 @@ func Test_Ctx_BodyParser(t *testing.T) {
 	})
 }
 
+func Test_Ctx_BodyParser_InvalidRequestData(t *testing.T) {
+	t.Parallel()
+
+	type RequestBody struct {
+		NestedContent []*struct {
+			Value string `form:"value"`
+		} `form:"nested-content"`
+	}
+	app := New()
+	c := app.AcquireCtx(&fasthttp.RequestCtx{})
+	defer app.ReleaseCtx(c)
+
+	c.Request().Reset()
+	c.Request().Header.SetContentType(MIMEApplicationForm)
+	// Test with invalid form data
+	c.Request().SetBody([]byte("nested-content[-1].value=Foo&nested-content[0].value=Bar&nested-content[1].value=FooBar"))
+	c.Request().Header.SetContentLength(len(c.Body()))
+
+	subject := new(RequestBody)
+	err := c.BodyParser(subject)
+
+	utils.AssertEqual(t, true, nil != err)
+	utils.AssertEqual(t, "failed to decode: schema: panic while decoding: reflect: slice index out of range", fmt.Sprintf("%v", err))
+}
+
 func Test_Ctx_ParamParser(t *testing.T) {
 	t.Parallel()
 	app := New()

internal/schema/decoder.go

@@ -67,11 +67,24 @@ func (d *Decoder) RegisterConverter(value interface{}, converterFunc Converter)
 // Keys are "paths" in dotted notation to the struct fields and nested structs.
 //
 // See the package documentation for a full explanation of the mechanics.
-func (d *Decoder) Decode(dst interface{}, src map[string][]string) error {
+func (d *Decoder) Decode(dst interface{}, src map[string][]string) (err error) {
 	v := reflect.ValueOf(dst)
 	if v.Kind() != reflect.Ptr || v.Elem().Kind() != reflect.Struct {
 		return errors.New("schema: interface must be a pointer to struct")
 	}
+
+	// Catch panics from the decoder and return them as an error.
+	// This is needed because the decoder calls reflect and reflect panics
+	defer func() {
+		if r := recover(); r != nil {
+			if e, ok := r.(error); ok {
+				err = e
+			} else {
+				err = fmt.Errorf("schema: panic while decoding: %v", r)
+			}
+		}
+	}()
+
 	v = v.Elem()
 	t := v.Type()
 	multiError := MultiError{}