Fail instead of swallow on database corruption

zcash_client_sqlite/src/wallet.rs

@@ -383,12 +383,20 @@ pub(crate) fn get_transparent_receivers<P: consensus::Parameters>(
             })?;
 
         if let Some(taddr) = ua.transparent() {
-            let di_short = DiversifierIndex::from(di).try_into();
+            let index = NonHardenedChildIndex::from_index(
-            if let Ok(di_short) = di_short {
+                DiversifierIndex::from(di).try_into().map_err(|_| {
-                if let Some(index) = NonHardenedChildIndex::from_index(di_short) {
+                    SqliteClientError::CorruptedData(
-                    ret.insert(*taddr, index);
+                        "Unable to get diversifier for transparent address.".to_string(),
-                }
+                    )
-            }
+                })?,
+            )
+            .ok_or_else(|| {
+                SqliteClientError::CorruptedData(
+                    "Unexpected hardened index for transparent address.".to_string(),
+                )
+            })?;
+
+            ret.insert(*taddr, index);
         }
     }
 

zcash_primitives/src/legacy.rs

@@ -439,6 +439,8 @@ impl NonHardenedChildIndex {
     }
 
     pub fn next(&self) -> Option<Self> {
+        // overflow cannot happen because self.0 is 31 bits, and the next index is at most 32 bits
+        // which in that case would lead from_index to return None.
         Self::from_index(self.0 + 1)
     }
 }
@@ -585,7 +587,7 @@ mod tests {
         ));
 
         fn check<T: ConstantTimeEq>(v1: T, v2: T) -> bool {
-            v1.ct_eq(&v2).unwrap_u8() == 1
+            v1.ct_eq(&v2).into()
         }
     }