diff options
| author | Pieter Wuille <pieter.wuille@gmail.com> | 2017-04-17 04:46:34 -0700 |
|---|---|---|
| committer | Pieter Wuille <pieter.wuille@gmail.com> | 2017-04-17 04:58:31 -0700 |
| commit | c5e9e428a9198c8c4076f239b5eaa8dc95e7985b (patch) | |
| tree | 4f775789f219f0f6c8815a4e6916e2e3698d8b31 /src | |
| parent | f4db00f9a5482c91ae8a86c6e41e0ba61acf152b (diff) | |
| parent | 45f09618f22f0a59d872818f28fc2a938cc98311 (diff) | |
| download | bitcoin-c5e9e428a9198c8c4076f239b5eaa8dc95e7985b.tar.xz | |
Merge #9693: Prevent integer overflow in ReadVarInt.
45f0961 Prevent integer overflow in ReadVarInt. (Gregory Maxwell)
Tree-SHA512: 385ea0efb6b59d44c45a49227e5f6fff236b4775544cbeb236312a3fd87fd75c226ac56f7aa1bca66b853639da75a579610074f7582f92cf2ebd4a74bc40f6f0
Diffstat (limited to 'src')
| -rw-r--r-- | src/serialize.h | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/serialize.h b/src/serialize.h index e4d72d2348..e82ddf2c5a 100644 --- a/src/serialize.h +++ b/src/serialize.h @@ -336,11 +336,18 @@ I ReadVarInt(Stream& is) I n = 0; while(true) { unsigned char chData = ser_readdata8(is); + if (n > (std::numeric_limits<I>::max() >> 7)) { + throw std::ios_base::failure("ReadVarInt(): size too large"); + } n = (n << 7) | (chData & 0x7F); - if (chData & 0x80) + if (chData & 0x80) { + if (n == std::numeric_limits<I>::max()) { + throw std::ios_base::failure("ReadVarInt(): size too large"); + } n++; - else + } else { return n; + } } } |