From dedee6af572471b9beeebca9543934e788484b2e Mon Sep 17 00:00:00 2001
From: Andrew Chow <github@achow101.com>
Date: Thu, 20 Oct 2022 13:24:57 -0400
Subject: wallet: Check utxo prevout index out of bounds in sendall

Github-Pull: #26344
Rebased-From: b132c85650afb2182f2e58e903f3d6f86fd3fb22
---
 src/wallet/rpc/spend.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wallet/rpc/spend.cpp b/src/wallet/rpc/spend.cpp
index 7d105b35b8..bc65cbf7bf 100644
--- a/src/wallet/rpc/spend.cpp
+++ b/src/wallet/rpc/spend.cpp
@@ -1380,7 +1380,7 @@ RPCHelpMan sendall()
                         throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("Input not available. UTXO (%s:%d) was already spent.", input.prevout.hash.ToString(), input.prevout.n));
                     }
                     const CWalletTx* tx{pwallet->GetWalletTx(input.prevout.hash)};
-                    if (!tx || !(pwallet->IsMine(tx->tx->vout[input.prevout.n]) & (coin_control.fAllowWatchOnly ? ISMINE_ALL : ISMINE_SPENDABLE))) {
+                    if (!tx || input.prevout.n >= tx->tx->vout.size() || !(pwallet->IsMine(tx->tx->vout[input.prevout.n]) & (coin_control.fAllowWatchOnly ? ISMINE_ALL : ISMINE_SPENDABLE))) {
                         throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("Input not found. UTXO (%s:%d) is not part of wallet.", input.prevout.hash.ToString(), input.prevout.n));
                     }
                     total_input_value += tx->tx->vout[input.prevout.n].nValue;
-- 
cgit v1.2.3