From 9aebb96fb99e8e9e019663659c6eff851a62f2ce Mon Sep 17 00:00:00 2001
From: Sanket Kanjalkar <sanketk@squareup.com>
Date: Tue, 26 Nov 2024 21:35:14 -0800
Subject: [PATCH] Fix psbt fuzz crash

Fixes: https://github.com/rust-bitcoin/rust-bitcoin/issues/3628

This occurs when combining two PSBTs with different xpub key sources. Added a length check before indexing into slices to prevent out-of-bounds access.
---
 bitcoin/src/psbt/mod.rs           | 15 +++++++++++++--
 bitcoin/tests/data/psbt_fuzz1.hex |  1 +
 bitcoin/tests/data/psbt_fuzz2.hex |  1 +
 3 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 bitcoin/tests/data/psbt_fuzz1.hex
 create mode 100644 bitcoin/tests/data/psbt_fuzz2.hex

diff --git a/bitcoin/src/psbt/mod.rs b/bitcoin/src/psbt/mod.rs
index c9eac7165..bfbb2853d 100644
--- a/bitcoin/src/psbt/mod.rs
+++ b/bitcoin/src/psbt/mod.rs
@@ -255,8 +255,9 @@ impl Psbt {
                                 == derivation2[derivation2.len() - derivation1.len()..])
                     {
                         continue;
-                    } else if derivation2[..]
-                        == derivation1[derivation1.len() - derivation2.len()..]
+                    } else if derivation2.len() <= derivation1.len()
+                        && derivation2[..]
+                                == derivation1[derivation1.len() - derivation2.len()..]
                     {
                         entry.insert((fingerprint1, derivation1));
                         continue;
@@ -2113,6 +2114,16 @@ mod tests {
         assert_eq!(psbt1, psbt2);
     }
 
+
+    // https://github.com/rust-bitcoin/rust-bitcoin/issues/3628
+    #[test]
+    fn test_combine_psbt_fuzz_3628() {
+        let mut psbt1 = hex_psbt(include_str!("../../tests/data/psbt_fuzz1.hex")).unwrap();
+        let psbt2 = hex_psbt(include_str!("../../tests/data/psbt_fuzz2.hex")).unwrap();
+
+        assert!(matches!(psbt1.combine(psbt2).unwrap_err(), Error::CombineInconsistentKeySources(_)));
+    }
+
     #[cfg(feature = "rand-std")]
     fn gen_keys() -> (PrivateKey, PublicKey, Secp256k1<All>) {
         use secp256k1::rand::thread_rng;
diff --git a/bitcoin/tests/data/psbt_fuzz1.hex b/bitcoin/tests/data/psbt_fuzz1.hex
new file mode 100644
index 000000000..dd3c9b7ed
--- /dev/null
+++ b/bitcoin/tests/data/psbt_fuzz1.hex
@@ -0,0 +1 @@
+70736274ff01000a000000ff0000000074ff4f010488b21eff02000001004a92244992244902030203030303030303030303030303030303030303030303030303030303030303f4000000000000000a000208ffffffff08080804000000000000000c080808000b0000000000010000
\ No newline at end of file
diff --git a/bitcoin/tests/data/psbt_fuzz2.hex b/bitcoin/tests/data/psbt_fuzz2.hex
new file mode 100644
index 000000000..8a33cf01c
--- /dev/null
+++ b/bitcoin/tests/data/psbt_fuzz2.hex
@@ -0,0 +1 @@
+70736274ff01000a000000ff0000000074ff4f010488b21eff02000001004a92244992244902030203030303030303030303030303030303030303030303030303030303030303f4000000000000000a000208ffffffff080808040000000000000008000000000000001000
\ No newline at end of file