Merge bitcoin/bitcoin#29855: psbt: Check non witness utxo outpoint early

9e13ccc50eec9d2efe0f472e6d50dc822df70d84 psbt: Check non witness utxo outpoint early (Ava Chow)

Pull request description:

  A common issue that our fuzzers keep finding is that outpoints don't exist in the non witness utxos. Instead of trying to track this down and checking in various individual places, do the check early during deserialization. This also unifies the error message returned for this class of problems.

ACKs for top commit:
  maflcko:
    lgtm ACK 9e13ccc50eec9d2efe0f472e6d50dc822df70d84
  S3RK:
    tACK 9e13ccc50eec9d2efe0f472e6d50dc822df70d84
  dergoegge:
    utACK 9e13ccc50eec9d2efe0f472e6d50dc822df70d84

Tree-SHA512: 81b8055b146c6358052226578ddfec0ae5bd877968c7f4f62dc3d6a684545ea568f37c7f1bd619918441af9e453ba8b26531a2280d218da37fa15480f1b45d0e

1 files changed, 7 insertions, 2 deletions

diff --git a/src/psbt.h b/src/psbt.h
index 4607304046..0663ca620c 100644
--- a/src/psbt.h
+++ b/src/psbt.h
@@ -1177,8 +1177,13 @@ struct PartiallySignedTransaction
             inputs.push_back(input);
 
             // Make sure the non-witness utxo matches the outpoint
-            if (input.non_witness_utxo && input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
-                throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
+            if (input.non_witness_utxo) {
+                if (input.non_witness_utxo->GetHash() != tx->vin[i].prevout.hash) {
+                    throw std::ios_base::failure("Non-witness UTXO does not match outpoint hash");
+                }
+                if (tx->vin[i].prevout.n >= input.non_witness_utxo->vout.size()) {
+                    throw std::ios_base::failure("Input specifies output index that does not exist");
+                }
             }
             ++i;
         }