Merge #1790: fix(wallet): improve safety on finaize psbt

evanlinjin · evanlinjin · commit b2876d83a083 · 2025-01-10T16:34:15.000+11:00
e8a9638 fix(wallet): improve safety on finaize psbt (f3r10) Pull request description:  fix #1711 ### Description This PR replaces how currently potentially bug-prone PSBT's input access is done using a more carefully approach. ### Notes to the reviewers  ### Changelog notice   ### Checklists #### All Submissions: * [x] I've signed all my commits * [x] I followed the [contribution guidelines](https://github.com/bitcoindevkit/bdk/blob/master/CONTRIBUTING.md) * [x] I ran `cargo fmt` and `cargo clippy` before committing ACKs for top commit: rustaceanrob: ACK e8a9638 evanlinjin: ACK e8a9638 Tree-SHA512: ad25a9d5d47cbdc41b11ea4ce57b30c6855ea391c0f053dffbee0c3dd1b06c6b227e056ede69eee6026e8b72915fe06c366d0a4e2fd6a1d454fc8dafed80b74a
diff --git a/crates/wallet/src/wallet/mod.rs b/crates/wallet/src/wallet/mod.rs
@@ -1901,8 +1901,11 @@ impl Wallet {
                         Ok(_) => {
                             // Set the UTXO fields, final script_sig and witness
                             // and clear everything else.
-                            let original = mem::take(&mut psbt.inputs[n]);
-                            let psbt_input = &mut psbt.inputs[n];
+                            let psbt_input = psbt
+                                .inputs
+                                .get_mut(n)
+                                .ok_or(SignerError::InputIndexOutOfRange)?;
+                            let original = mem::take(psbt_input);
                             psbt_input.non_witness_utxo = original.non_witness_utxo;
                             psbt_input.witness_utxo = original.witness_utxo;
                             if !tmp_input.script_sig.is_empty() {
