(found by Murch in https://github.com/bitcoin-core/qa-assets/pull/246)
Originally posted by @maflcko in #29675 (review)
(needs a hardened libc++, msan, or valgrind)
0$ echo 'cHNidP8BAP0+AQIAAAAGy4dxGNHKAQgFPtEAoVgyMqb+N0ghgmdne5OjULYs2sUAAAr/AP3////L
1fnEY0crZmwU+EVahszExpv43SCGCZ2d7k6NQtizaOwADAC4ABHwdAMt+cRjRytmbBT4RVqFYMTGm
2/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXlTl39C5ZmAtOAI4+zy32vWLVnyQjw7IvQsBa6rYA
3AAcAAP3//zKG/zqgb7JIwmli68xeUjUXVp+c4b/tvc55IsAI4yQAAAAAAAAA/f///8t/0cpxGNmb
4BT4RVqFYMTOm/jdIIXj///8AAAAAgNo7AACAAAD9//3/AiHf9QUAAAAAFgAU9/Ykq9yiCFGnUpsi
5RsS6FFGLkQEAAAAAAAABABYAFEEQliEApQAADCBABv78gsn+/////wAAAAAAAAAAACIagHQAAAAV
6DLQyJycoAHNiKDIDAEIAAEEA/wEABgDI/jdIIYJnZ3uTo1AAOwAsAAC2KwD9////hqbXAY9zeZ10
7c/zcAAEBK2ECEWUrKwAAIlEgcPx0K2ICYgQkKwABAQEBAQsCAgAERUIADwADAAADmSsAAAA=' | base64 --decode > /tmp/crash.bin
8
9
10$ FUZZ=psbt ./bld-cmake/bin/fuzz -runs=1 /tmp/crash.bin
11INFO: Running with entropic power schedule (0xFF, 100).
12INFO: Seed: 494792800
13INFO: Loaded 1 modules (385403 inline 8-bit counters): 385403 [0x55c06b279420, 0x55c06b2d759b),
14INFO: Loaded 1 PC tables (385403 PCs): 385403 [0x55c06b2d75a0,0x55c06b8b8d50),
15./bld-cmake/bin/fuzz: Running 1 inputs 1 time(s) each.
16Running: /tmp/crash.bin
17/usr/bin/../include/c++/v1/span:512: assertion __offset <= size() failed: span<T>::subspan(offset, count): offset out of range
A shorter input:
0$ echo 'cHNidP8BADMAAZJuAQAAAAAAAAAAAABMHQD/AAAAAAAAAAAA//////9BAB4AjIwAAAD5////AAAA
1/NwAAQErYQIAAAAAAAAiUSBw/G0rYgJicCsrtgAA2P//+HN0AAIA+f//7gAF++8AACIaCAEAAP8A
2cHNidP8BABMAAiEeAAEXDD4AAAEBAACCpP73IUL8j3+PjNNzYnT/AAAAAAAAlpb/AAAAAAAAAAYE
3AisAAAA=' | base64 --decode > /tmp/crash.bin
