From 2f5b1c5f80590ffa6b5a5bcfb21fddb1dc22e852 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C5=91rinc?= <pap.lorinc@gmail.com>
Date: Tue, 13 Jan 2026 12:53:51 +0100
Subject: [PATCH] psbt: Fix `PSBTInputSignedAndVerified` bounds `assert`

The previous `assert` used `>=`, allowing `input_index == psbt.inputs.size()` and out-of-bounds access in `psbt.inputs[input_index]`.

Found during review: https://github.com/bitcoin/bitcoin/pull/31650#discussion_r2685892867
---
 src/psbt.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/psbt.cpp b/src/psbt.cpp
index 9e99ca5e8cd..9339bf7c092 100644
--- a/src/psbt.cpp
+++ b/src/psbt.cpp
@@ -325,7 +325,7 @@ bool PSBTInputSigned(const PSBTInput& input)
 bool PSBTInputSignedAndVerified(const PartiallySignedTransaction psbt, unsigned int input_index, const PrecomputedTransactionData* txdata)
 {
     CTxOut utxo;
-    assert(psbt.inputs.size() >= input_index);
+    assert(input_index < psbt.inputs.size());
     const PSBTInput& input = psbt.inputs[input_index];
 
     if (input.non_witness_utxo) {