aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2017-04-17 04:46:34 -0700
committerPieter Wuille <pieter.wuille@gmail.com>2017-04-17 04:58:31 -0700
commitc5e9e428a9198c8c4076f239b5eaa8dc95e7985b (patch)
tree4f775789f219f0f6c8815a4e6916e2e3698d8b31 /src
parentf4db00f9a5482c91ae8a86c6e41e0ba61acf152b (diff)
parent45f09618f22f0a59d872818f28fc2a938cc98311 (diff)
Merge #9693: Prevent integer overflow in ReadVarInt.
45f0961 Prevent integer overflow in ReadVarInt. (Gregory Maxwell) Tree-SHA512: 385ea0efb6b59d44c45a49227e5f6fff236b4775544cbeb236312a3fd87fd75c226ac56f7aa1bca66b853639da75a579610074f7582f92cf2ebd4a74bc40f6f0
Diffstat (limited to 'src')
-rw-r--r--src/serialize.h11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/serialize.h b/src/serialize.h
index e4d72d2348..e82ddf2c5a 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -336,11 +336,18 @@ I ReadVarInt(Stream& is)
I n = 0;
while(true) {
unsigned char chData = ser_readdata8(is);
+ if (n > (std::numeric_limits<I>::max() >> 7)) {
+ throw std::ios_base::failure("ReadVarInt(): size too large");
+ }
n = (n << 7) | (chData & 0x7F);
- if (chData & 0x80)
+ if (chData & 0x80) {
+ if (n == std::numeric_limits<I>::max()) {
+ throw std::ios_base::failure("ReadVarInt(): size too large");
+ }
n++;
- else
+ } else {
return n;
+ }
}
}