Merge #9693: Prevent integer overflow in ReadVarInt.

45f0961 Prevent integer overflow in ReadVarInt. (Gregory Maxwell) Tree-SHA512: 385ea0efb6b59d44c45a49227e5f6fff236b4775544cbeb236312a3fd87fd75c226ac56f7aa1bca66b853639da75a579610074f7582f92cf2ebd4a74bc40f6f0
author: Pieter Wuille <pieter.wuille@gmail.com> 2017-04-17 04:46:34 -0700
committer: Pieter Wuille <pieter.wuille@gmail.com> 2017-04-17 04:58:31 -0700
commit: c5e9e428a9198c8c4076f239b5eaa8dc95e7985b (patch)
tree: 4f775789f219f0f6c8815a4e6916e2e3698d8b31
parent: f4db00f9a5482c91ae8a86c6e41e0ba61acf152b (diff)
parent: 45f09618f22f0a59d872818f28fc2a938cc98311 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/src/serialize.h b/src/serialize.h
index e4d72d2348..e82ddf2c5a 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -336,11 +336,18 @@ I ReadVarInt(Stream& is)
     I n = 0;
     while(true) {
         unsigned char chData = ser_readdata8(is);
+        if (n > (std::numeric_limits<I>::max() >> 7)) {
+           throw std::ios_base::failure("ReadVarInt(): size too large");
+        }
         n = (n << 7) | (chData & 0x7F);
-        if (chData & 0x80)
+        if (chData & 0x80) {
+            if (n == std::numeric_limits<I>::max()) {
+                throw std::ios_base::failure("ReadVarInt(): size too large");
+            }
             n++;
-        else
+        } else {
             return n;
+        }
     }
 }
author	Pieter Wuille <pieter.wuille@gmail.com>	2017-04-17 04:46:34 -0700
committer	Pieter Wuille <pieter.wuille@gmail.com>	2017-04-17 04:58:31 -0700
commit	c5e9e428a9198c8c4076f239b5eaa8dc95e7985b (patch)
tree	4f775789f219f0f6c8815a4e6916e2e3698d8b31
parent	f4db00f9a5482c91ae8a86c6e41e0ba61acf152b (diff)
parent	45f09618f22f0a59d872818f28fc2a938cc98311 (diff)