Skip to content

Commit c5e9e42

Browse files
committed
Merge #9693: Prevent integer overflow in ReadVarInt.
45f0961 Prevent integer overflow in ReadVarInt. (Gregory Maxwell) Tree-SHA512: 385ea0efb6b59d44c45a49227e5f6fff236b4775544cbeb236312a3fd87fd75c226ac56f7aa1bca66b853639da75a579610074f7582f92cf2ebd4a74bc40f6f0
2 parents f4db00f + 45f0961 commit c5e9e42

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

src/serialize.h

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -336,11 +336,18 @@ I ReadVarInt(Stream& is)
336336
I n = 0;
337337
while(true) {
338338
unsigned char chData = ser_readdata8(is);
339+
if (n > (std::numeric_limits<I>::max() >> 7)) {
340+
throw std::ios_base::failure("ReadVarInt(): size too large");
341+
}
339342
n = (n << 7) | (chData & 0x7F);
340-
if (chData & 0x80)
343+
if (chData & 0x80) {
344+
if (n == std::numeric_limits<I>::max()) {
345+
throw std::ios_base::failure("ReadVarInt(): size too large");
346+
}
341347
n++;
342-
else
348+
} else {
343349
return n;
350+
}
344351
}
345352
}
346353

0 commit comments

Comments
 (0)