Merge bitcoin/bitcoin#25700: psbt: Fix unsigned integer overflow

4fa79837ad psbt: Fix unsigned integer overflow (Aurèle Oulès)

Pull request description:

  Fixes #25692.

  This change prevents an unsigned integer overflow during the deserialization of a PSBT.

ACKs for top commit:
  achow101:
    ACK 4fa79837ad

Tree-SHA512: 0863d4d31ada1ba50632b6a66cb4c694c0a15680a90cf9370129cf3db15e3c10e65610b779db047d5a4cc7c920708b728948708e4023e916099c6bfe730f01f9

src/psbt.h

@@ -893,6 +893,9 @@ struct PSBTOutput
                     s >> leaf_hashes;
                     size_t after_hashes = s.size();
                     size_t hashes_len = before_hashes - after_hashes;
+                    if (hashes_len > value_len) {
+                        throw std::ios_base::failure("Output Taproot BIP32 keypath has an invalid length");
+                    }
                     size_t origin_len = value_len - hashes_len;
                     m_tap_bip32_paths.emplace(xonly, std::make_pair(leaf_hashes, DeserializeKeyOrigin(s, origin_len)));
                     break;