mirror of
https://github.com/bitcoin/bitcoin.git
synced 2024-11-20 10:38:42 +01:00
fix a deserialization overflow edge case
A specially-constructed BlockTransactionsRequest can overflow in deserialization in a way that is currently harmless.
This commit is contained in:
parent
051faf7e9d
commit
6bed4b374d
@ -52,12 +52,12 @@ public:
|
||||
}
|
||||
}
|
||||
|
||||
uint16_t offset = 0;
|
||||
int32_t offset = 0;
|
||||
for (size_t j = 0; j < indexes.size(); j++) {
|
||||
if (uint64_t(indexes[j]) + uint64_t(offset) > std::numeric_limits<uint16_t>::max())
|
||||
if (int32_t(indexes[j]) + offset > std::numeric_limits<uint16_t>::max())
|
||||
throw std::ios_base::failure("indexes overflowed 16 bits");
|
||||
indexes[j] = indexes[j] + offset;
|
||||
offset = indexes[j] + 1;
|
||||
offset = int32_t(indexes[j]) + 1;
|
||||
}
|
||||
} else {
|
||||
for (size_t i = 0; i < indexes.size(); i++) {
|
||||
|
Loading…
Reference in New Issue
Block a user