From d4c6b90ca3f9b47adb1b2724a0c3514f80635c84 Mon Sep 17 00:00:00 2001
From: s_nakamoto <s_nakamoto@1a98c847-1fd6-4fd8-948a-caf3550aa51b>
Date: Sun, 15 Aug 2010 21:35:24 +0000
Subject: fix for block 74638 overflow output transaction

git-svn-id: https://bitcoin.svn.sourceforge.net/svnroot/bitcoin/trunk@132 1a98c847-1fd6-4fd8-948a-caf3550aa51b
---
 main.cpp    |  8 ++++++++
 main.h      | 11 ++++++++++-
 serialize.h |  2 +-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/main.cpp b/main.cpp
index 3e7d2b9ecc..0977b32400 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1006,6 +1006,14 @@ bool CTransaction::ConnectInputs(CTxDB& txdb, map<uint256, CTxIndex>& mapTestPoo
                 mapTestPool[prevout.hash] = txindex;
 
             nValueIn += txPrev.vout[prevout.n].nValue;
+
+            // Check for negative or overflow input values
+            if (txPrev.vout[prevout.n].nValue < 0)
+                return error("ConnectInputs() : txin.nValue negative");
+            if (txPrev.vout[prevout.n].nValue > MAX_MONEY)
+                return error("ConnectInputs() : txin.nValue too high");
+            if (nValueIn > MAX_MONEY)
+                return error("ConnectInputs() : txin total too high");
         }
 
         // Tally transaction fees
diff --git a/main.h b/main.h
index 8ed3ef228b..771b21bfcd 100644
--- a/main.h
+++ b/main.h
@@ -18,6 +18,7 @@ static const unsigned int MAX_SIZE = 0x02000000;
 static const unsigned int MAX_BLOCK_SIZE = 1000000;
 static const int64 COIN = 100000000;
 static const int64 CENT = 1000000;
+static const int64 MAX_MONEY = 21000000 * COIN;
 static const int COINBASE_MATURITY = 100;
 
 static const CBigNum bnProofOfWorkLimit(~uint256(0) >> 32);
@@ -471,10 +472,18 @@ public:
         if (vin.empty() || vout.empty())
             return error("CTransaction::CheckTransaction() : vin or vout empty");
 
-        // Check for negative values
+        // Check for negative or overflow output values
+        int64 nValueOut = 0;
         foreach(const CTxOut& txout, vout)
+        {
             if (txout.nValue < 0)
                 return error("CTransaction::CheckTransaction() : txout.nValue negative");
+            if (txout.nValue > MAX_MONEY)
+                return error("CTransaction::CheckTransaction() : txout.nValue too high");
+            nValueOut += txout.nValue;
+            if (nValueOut > MAX_MONEY)
+                return error("CTransaction::CheckTransaction() : txout total too high");
+        }
 
         if (IsCoinBase())
         {
diff --git a/serialize.h b/serialize.h
index 591aaa49e3..b781b19055 100644
--- a/serialize.h
+++ b/serialize.h
@@ -19,7 +19,7 @@ class CScript;
 class CDataStream;
 class CAutoFile;
 
-static const int VERSION = 309;
+static const int VERSION = 310;
 static const char* pszSubVer = ".0";
 
 
-- 
cgit v1.2.3