diff options
| author | Satoshi Nakamoto <satoshin@gmx.com> | 2010-08-15 23:09:29 +0000 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2010-08-15 23:09:29 +0000 |
| commit | 76793dc969f5ee9feadb6827845c1682b11914a6 (patch) | |
| tree | 43ec9d108255f289be5bfd778e0b98cd77b17dbd | |
| parent | 6ac7f9f144757f5f1a049c059351b978f83d1476 (diff) | |
| download | bitcoin-76793dc969f5ee9feadb6827845c1682b11914a6.tar.xz | |
fix for block 74638 overflow output transaction
| -rw-r--r-- | main.cpp | 8 | ||||
| -rw-r--r-- | main.h | 11 | ||||
| -rw-r--r-- | serialize.h | 2 |
3 files changed, 19 insertions, 2 deletions
@@ -1006,6 +1006,14 @@ bool CTransaction::ConnectInputs(CTxDB& txdb, map<uint256, CTxIndex>& mapTestPoo mapTestPool[prevout.hash] = txindex; nValueIn += txPrev.vout[prevout.n].nValue; + + // Check for negative or overflow input values + if (txPrev.vout[prevout.n].nValue < 0) + return error("ConnectInputs() : txin.nValue negative"); + if (txPrev.vout[prevout.n].nValue > MAX_MONEY) + return error("ConnectInputs() : txin.nValue too high"); + if (nValueIn > MAX_MONEY) + return error("ConnectInputs() : txin total too high"); } // Tally transaction fees @@ -18,6 +18,7 @@ static const unsigned int MAX_SIZE = 0x02000000; static const unsigned int MAX_BLOCK_SIZE = 1000000; static const int64 COIN = 100000000; static const int64 CENT = 1000000; +static const int64 MAX_MONEY = 21000000 * COIN; static const int COINBASE_MATURITY = 100; static const CBigNum bnProofOfWorkLimit(~uint256(0) >> 32); @@ -471,10 +472,18 @@ public: if (vin.empty() || vout.empty()) return error("CTransaction::CheckTransaction() : vin or vout empty"); - // Check for negative values + // Check for negative or overflow output values + int64 nValueOut = 0; foreach(const CTxOut& txout, vout) + { if (txout.nValue < 0) return error("CTransaction::CheckTransaction() : txout.nValue negative"); + if (txout.nValue > MAX_MONEY) + return error("CTransaction::CheckTransaction() : txout.nValue too high"); + nValueOut += txout.nValue; + if (nValueOut > MAX_MONEY) + return error("CTransaction::CheckTransaction() : txout total too high"); + } if (IsCoinBase()) { diff --git a/serialize.h b/serialize.h index 89b5c2bef0..a41c6a1a11 100644 --- a/serialize.h +++ b/serialize.h @@ -19,7 +19,7 @@ class CScript; class CDataStream; class CAutoFile; -static const int VERSION = 309; +static const int VERSION = 310; static const char* pszSubVer = ".0"; |