Guard negative maxResult in debug_storageRangeAt (#21221)

Clamp negative maxResult in debug_storageRangeAt to prevent empty-heap
access in geth-compat mode, and add a regression test that proves the
path is safe.

Co-authored-by: lupin012 <58134934+lupin012@users.noreply.github.com>

Author: dsoko1ov

rpc/jsonrpc/debug_api.go

@@ -131,6 +131,10 @@ func (api *DebugAPIImpl) StorageRangeAt(ctx context.Context, blockHash common.Ha
 	}
 	defer tx.Rollback()
 
+	if maxResult < 0 {
+		maxResult = 0
+	}
+
 	blockNrOrHash := rpc.BlockNumberOrHashWithHash(blockHash, true)
 	blockNumber, _, _, err := rpchelper.GetCanonicalBlockNumber(ctx, blockNrOrHash, tx, api._blockReader, api.filters)
 	if err != nil {

rpc/jsonrpc/debug_api_test.go

@@ -390,6 +390,13 @@ func TestStorageRangeAtGethCompat(t *testing.T) {
 		if !reflect.DeepEqual(result, expect) {
 			t.Fatalf("wrong result:\ngot %s\nwant %s", dumper.Sdump(result), dumper.Sdump(&expect))
 		}
+
+		// negative maxResult should be handled safely and must not panic.
+		result, err = api.StorageRangeAt(m.Ctx, latestBlock.Hash(), 0, addr, nil, -1)
+		require.NoError(t, err)
+		require.Empty(t, result.Storage)
+		require.NotNil(t, result.NextKey)
+		require.Equal(t, keys[0], *result.NextKey)
 	})
 }
 

rpc/jsonrpc/storage_range.go

@@ -131,6 +131,10 @@ func storageRangeAtErigon(ttx kv.TemporalTx, contractAddress common.Address, sta
 func storageRangeAtGethCompat(ttx kv.TemporalTx, contractAddress common.Address, start []byte, txNum uint64, maxResult int) (StorageRangeResult, error) {
 	result := StorageRangeResult{Storage: storageMap{}}
 
+	if maxResult < 0 {
+		maxResult = 0
+	}
+
 	// Always scan all storage for this contract — we need to sort by hashed key
 	// to match Geth's trie-based iteration order.
 	fromKey := common.Copy(contractAddress.Bytes())