From f287ac3cea9b42a59fff93f97ce3af494236b50a Mon Sep 17 00:00:00 2001
From: Wilmer Paulino <wilmer.paulino@gmail.com>
Date: Wed, 20 May 2020 11:42:12 -0700
Subject: [PATCH] btcwallet: add transaction outputs bounds check to
 FetchInputInfo

This prevents a panic when providing an incompatible output index for
the transaction.
---
 lnwallet/btcwallet/signer.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lnwallet/btcwallet/signer.go b/lnwallet/btcwallet/signer.go
index a79a5fd92..6332f85f8 100644
--- a/lnwallet/btcwallet/signer.go
+++ b/lnwallet/btcwallet/signer.go
@@ -37,6 +37,11 @@ func (b *BtcWallet) FetchInputInfo(prevOut *wire.OutPoint) (*lnwallet.Utxo, erro
 	// we actually have control of this output. We do this because the check
 	// above only guarantees that the transaction is somehow relevant to us,
 	// like in the event of us being the sender of the transaction.
+	numOutputs := uint32(len(txDetail.TxRecord.MsgTx.TxOut))
+	if prevOut.Index >= numOutputs {
+		return nil, fmt.Errorf("invalid output index %v for "+
+			"transaction with %v outputs", prevOut.Index, numOutputs)
+	}
 	pkScript := txDetail.TxRecord.MsgTx.TxOut[prevOut.Index].PkScript
 	if _, err := b.fetchOutputAddr(pkScript); err != nil {
 		return nil, err