From 76fb300b63c5c0d01d768510ec69d894820432fa Mon Sep 17 00:00:00 2001
From: Andrew Chow <achow101-github@achow101.com>
Date: Thu, 30 Jun 2022 11:08:44 -0400
Subject: [PATCH] psbt: Check Taproot tree depth and leaf versions

Since TaprootBuilder has assertions for the depth and leaf versions, the
PSBT decoder should check these values before calling
TaprootBuilder::Add so that the assertions are not triggered on
malformed taproot trees.
---
 src/psbt.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/psbt.h b/src/psbt.h
index a143a99988e..c390bb67d38 100644
--- a/src/psbt.h
+++ b/src/psbt.h
@@ -866,6 +866,12 @@ struct PSBTOutput
                         s_tree >> depth;
                         s_tree >> leaf_ver;
                         s_tree >> script;
+                        if (depth > TAPROOT_CONTROL_MAX_NODE_COUNT) {
+                            throw std::ios_base::failure("Output Taproot tree has as leaf greater than Taproot maximum depth");
+                        }
+                        if ((leaf_ver & ~TAPROOT_LEAF_MASK) != 0) {
+                            throw std::ios_base::failure("Output Taproot tree has a leaf with an invalid leaf version");
+                        }
                         m_tap_tree->Add((int)depth, script, (int)leaf_ver, true /* track */);
                     }
                     if (!m_tap_tree->IsComplete()) {