diff options
author | Alexander Blair <snipa@jagtech.io> | 2020-09-27 16:17:17 -0700 |
---|---|---|
committer | Alexander Blair <snipa@jagtech.io> | 2020-09-27 16:17:17 -0700 |
commit | 3cbb44a2fd79ce9c667006e2e42e61513993e59a (patch) | |
tree | fbb2d9f86de021996c3104e252d1d89b00a52e5a | |
parent | Merge pull request #6840 (diff) | |
parent | fix a couple bugs found by OSS-fuzz (diff) | |
download | monero-3cbb44a2fd79ce9c667006e2e42e61513993e59a.tar.xz |
Merge pull request #6841
b6c4f8cd5 fix a couple bugs found by OSS-fuzz (moneromooo-monero)
-rw-r--r-- | src/ringct/rctTypes.h | 6 | ||||
-rw-r--r-- | src/wallet/wallet2.cpp | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/ringct/rctTypes.h b/src/ringct/rctTypes.h index e073bb61b..00b72123a 100644 --- a/src/ringct/rctTypes.h +++ b/src/ringct/rctTypes.h @@ -368,6 +368,12 @@ namespace rct { template<bool W, template <bool> class Archive> bool serialize_rctsig_prunable(Archive<W> &ar, uint8_t type, size_t inputs, size_t outputs, size_t mixin) { + if (inputs >= 0xffffffff) + return false; + if (outputs >= 0xffffffff) + return false; + if (mixin >= 0xffffffff) + return false; if (type == RCTTypeNull) return ar.stream().good(); if (type != RCTTypeFull && type != RCTTypeSimple && type != RCTTypeBulletproof && type != RCTTypeBulletproof2 && type != RCTTypeCLSAG) diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 063c493ce..a3755ff08 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -13043,6 +13043,8 @@ process: crypto::public_key tx_pub_key = get_tx_pub_key_from_received_outs(td); const std::vector<crypto::public_key> additional_tx_pub_keys = get_additional_tx_pub_keys_from_extra(td.m_tx); + THROW_WALLET_EXCEPTION_IF(td.m_internal_output_index >= td.m_tx.vout.size(), + error::wallet_internal_error, "Internal index is out of range"); THROW_WALLET_EXCEPTION_IF(td.m_tx.vout[td.m_internal_output_index].target.type() != typeid(cryptonote::txout_to_key), error::wallet_internal_error, "Unsupported output type"); const crypto::public_key& out_key = boost::get<cryptonote::txout_to_key>(td.m_tx.vout[td.m_internal_output_index].target).key; |