aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2016-04-24 16:21:44 +0200
committerPieter Wuille <pieter.wuille@gmail.com>2016-04-25 14:42:07 +0200
commit5d0434d13d0145a110c0c93e59edfd7d062f8531 (patch)
tree7a6629f4f661d2b52b8d5b2304cf42e673caf7e8
parent4bf631e5e48cd4c14c825cdaf7a1bee81e15493d (diff)
downloadbitcoin-5d0434d13d0145a110c0c93e59edfd7d062f8531.tar.xz
Fix OOM bug: UTXO entries with invalid script length
Diffstat
-rw-r--r--src/compressor.h10
-rw-r--r--src/streams.h14
2 files changed, 22 insertions, 2 deletions
diff --git a/src/compressor.h b/src/compressor.h
index 4a72090830..fa702f0dfa 100644
--- a/src/compressor.h
+++ b/src/compressor.h
@@ -86,8 +86,14 @@ public:
return;
}
nSize -= nSpecialScripts;
- script.resize(nSize);
- s >> REF(CFlatData(script));
+ if (nSize > MAX_SCRIPT_SIZE) {
+ // Overly long script, replace with a short invalid one
+ script << OP_RETURN;
+ s.ignore(nSize);
+ } else {
+ script.resize(nSize);
+ s >> REF(CFlatData(script));
+ }
}
};
diff --git a/src/streams.h b/src/streams.h
index a50fe4e859..ed14f3f412 100644
--- a/src/streams.h
+++ b/src/streams.h
@@ -406,6 +406,20 @@ public:
return (*this);
}
+ CAutoFile& ignore(size_t nSize)
+ {
+ if (!file)
+ throw std::ios_base::failure("CAutoFile::ignore: file handle is NULL");
+ unsigned char data[4096];
+ while (nSize > 0) {
+ size_t nNow = std::min<size_t>(nSize, sizeof(data));
+ if (fread(data, 1, nNow, file) != nNow)
+ throw std::ios_base::failure(feof(file) ? "CAutoFile::ignore: end of file" : "CAutoFile::read: fread failed");
+ nSize -= nNow;
+ }
+ return (*this);
+ }
+
CAutoFile& write(const char* pch, size_t nSize)
{
if (!file)
generated by cgit v1.2.3 (git 2.26.2) at 2024-07-02 21:30:57 +0000