ix precondition in simplicity_build_txEnv unenforced

[roconnor-blockstream]

One of the preconditions listed in simplicity_build_txEnv is that ix < tx->numInputs.

simplicity/C/primitive/elements/primitive.h

Lines 266 to 274 in de799bd

	/* Contstruct a txEnv structure from its components.
	* This function will precompute any cached values.
	*
	* Precondition: NULL != tx
	* NULL != taproot
	* NULL != genesisHash
	* ix < tx->numInputs
	*/
	txEnv simplicity_build_txEnv(const transaction* tx, const tapEnv* taproot, const sha256_midstate* genesisHash, uint_fast32_t ix);

However at the call site, this is not ensured.

simplicity/C/primitive/elements/exec.c

Line 120 in de799bd

txEnv env = simplicity_build_txEnv(tx, taproot, &genesis_hash, ix);

The ix value is passed straight into simplicity_build_txEnv.

AFAICT, there are no bad consequences to this at the moment. env->ix is only used in elementsJets.c, and it is checked before ever being used as an array index.

The solution is to either list ix in the preconditions of simplicity_elements_execSimplicity, or check the ix value in that function.