aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-07-24 21:23:08 +0100
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-09-11 13:38:14 +0000
commit61632dc166c25d172681a928583836b6bc2e1562 (patch)
treed08d636a106b506d53c82f28cf6efdc191108151
parentcrypto: some paranoid checks in generate_signature/check_signature (diff)
downloadmonero-61632dc166c25d172681a928583836b6bc2e1562.tar.xz
ringct: prevent a potential very large allocation
Reported by QuarksLab.
-rw-r--r--src/ringct/rctTypes.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ringct/rctTypes.h b/src/ringct/rctTypes.h
index 5c02f92aa..ffc4df3ed 100644
--- a/src/ringct/rctTypes.h
+++ b/src/ringct/rctTypes.h
@@ -317,9 +317,9 @@ namespace rct {
ar.begin_array();
uint32_t nbp = bulletproofs.size();
FIELD(nbp)
- PREPARE_CUSTOM_VECTOR_SERIALIZATION(nbp, bulletproofs);
- if (bulletproofs.size() > outputs)
+ if (nbp > outputs)
return false;
+ PREPARE_CUSTOM_VECTOR_SERIALIZATION(nbp, bulletproofs);
for (size_t i = 0; i < nbp; ++i)
{
FIELDS(bulletproofs[i])