Crashes found via fuzzing

[leonklingele]

I found two strings via fuzzing that crash toml.Decode:

package main

import (
	"log"

	"github.com/BurntSushi/toml"
)

var crashes = []string{
	`""�`, // panic: runtime error: index out of range
	`h=0#
e="""#
n=2#
o=""#
s=""#
ns=0#
en=6#
y s`, // hangs
}

type empty struct{}

func main() {
	crashToTest := 0
	// crashToTest := 1
	o := empty{}
	if _, err := toml.Decode(crashes[crashToTest], &o); err != nil {
		log.Fatal(err)
	}
}

1. ""�

panic: runtime error: index out of range [recovered]
	panic: runtime error: index out of range

goroutine 1 [running]:
panic(0xcd1c0, 0xc42000a120)
	/usr/local/Cellar/go/1.7.4_1/libexec/src/runtime/panic.go:500 +0x1a1
github.com/BurntSushi/toml.parse.func1(0xc420043dd0)
	/path/to/go/src/github.com/BurntSushi/toml/parse.go:46 +0xf9
panic(0xcd1c0, 0xc42000a120)
	/usr/local/Cellar/go/1.7.4_1/libexec/src/runtime/panic.go:458 +0x243
github.com/BurntSushi/toml.lexValue(0xc420010120, 0xc420043b68)
	/path/to/go/go/src/github.com/BurntSushi/toml/lex.go:406 +0x3cd
github.com/BurntSushi/toml.(*lexer).nextItem(0xc420010120, 0xc420010118, 0x20, 0xc420090000, 0xc420043c30)
	/path/to/go/go/src/github.com/BurntSushi/toml/lex.go:84 +0x88
github.com/BurntSushi/toml.(*parser).next(0xc420054070, 0xf21d3, 0xc420043c50, 0x5bd4, 0xc3960)
	/path/to/go/go/src/github.com/BurntSushi/toml/parse.go:75 +0x33
github.com/BurntSushi/toml.(*parser).topLevel(0xc420054070, 0x12, 0xc42000a478, 0x0, 0x1)
	/path/to/go/go/src/github.com/BurntSushi/toml/parse.go:130 +0x82e
github.com/BurntSushi/toml.parse(0xe5c3d, 0x5, 0xc420054070, 0x14f280, 0xc42000a490)
	/path/to/go/go/src/github.com/BurntSushi/toml/parse.go:62 +0x3f9
github.com/BurntSushi/toml.Decode(0xe5c3d, 0x5, 0xbf0c0, 0x17ccc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/path/to/go/go/src/github.com/BurntSushi/toml/decode.go:115 +0x2fa
main.main()
	/tmp/go-toml-fuzz/main.go:27 +0x83
exit status 2

2. h=0# e="""# n=2# o=""# s=""# ns=0# en=6# y s

hangs forever