diff options
author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-07-24 21:23:08 +0100 |
---|---|---|
committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2018-09-11 13:38:14 +0000 |
commit | 61632dc166c25d172681a928583836b6bc2e1562 (patch) | |
tree | d08d636a106b506d53c82f28cf6efdc191108151 | |
parent | crypto: some paranoid checks in generate_signature/check_signature (diff) | |
download | monero-61632dc166c25d172681a928583836b6bc2e1562.tar.xz |
ringct: prevent a potential very large allocation
Reported by QuarksLab.
-rw-r--r-- | src/ringct/rctTypes.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ringct/rctTypes.h b/src/ringct/rctTypes.h index 5c02f92aa..ffc4df3ed 100644 --- a/src/ringct/rctTypes.h +++ b/src/ringct/rctTypes.h @@ -317,9 +317,9 @@ namespace rct { ar.begin_array(); uint32_t nbp = bulletproofs.size(); FIELD(nbp) - PREPARE_CUSTOM_VECTOR_SERIALIZATION(nbp, bulletproofs); - if (bulletproofs.size() > outputs) + if (nbp > outputs) return false; + PREPARE_CUSTOM_VECTOR_SERIALIZATION(nbp, bulletproofs); for (size_t i = 0; i < nbp; ++i) { FIELDS(bulletproofs[i]) |