aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaz Wesley <kaz@lambdaverse.org>2018-11-07 12:39:44 -0800
committerKaz Wesley <kaz@lambdaverse.org>2018-11-13 12:14:34 -0800
commit6bed4b374daf26233e96fa7863d4324a5bfa99c2 (patch)
tree36b4b7ce50c50ce97b931c0cea37c25e1d09a0c8
parent051faf7e9d4e32142f95f7adb31d2f53f656cb66 (diff)
fix a deserialization overflow edge case
A specially-constructed BlockTransactionsRequest can overflow in deserialization in a way that is currently harmless.
-rw-r--r--src/blockencodings.h6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/blockencodings.h b/src/blockencodings.h
index fad1f56f54..4bfe538250 100644
--- a/src/blockencodings.h
+++ b/src/blockencodings.h
@@ -52,12 +52,12 @@ public:
}
}
- uint16_t offset = 0;
+ int32_t offset = 0;
for (size_t j = 0; j < indexes.size(); j++) {
- if (uint64_t(indexes[j]) + uint64_t(offset) > std::numeric_limits<uint16_t>::max())
+ if (int32_t(indexes[j]) + offset > std::numeric_limits<uint16_t>::max())
throw std::ios_base::failure("indexes overflowed 16 bits");
indexes[j] = indexes[j] + offset;
- offset = indexes[j] + 1;
+ offset = int32_t(indexes[j]) + 1;
}
} else {
for (size_t i = 0; i < indexes.size(); i++) {