aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Blair <snipa@jagtech.io>2020-09-27 16:17:17 -0700
committerAlexander Blair <snipa@jagtech.io>2020-09-27 16:17:17 -0700
commit3cbb44a2fd79ce9c667006e2e42e61513993e59a (patch)
treefbb2d9f86de021996c3104e252d1d89b00a52e5a
parentMerge pull request #6840 (diff)
parentfix a couple bugs found by OSS-fuzz (diff)
downloadmonero-3cbb44a2fd79ce9c667006e2e42e61513993e59a.tar.xz
Merge pull request #6841
b6c4f8cd5 fix a couple bugs found by OSS-fuzz (moneromooo-monero)
-rw-r--r--src/ringct/rctTypes.h6
-rw-r--r--src/wallet/wallet2.cpp2
2 files changed, 8 insertions, 0 deletions
diff --git a/src/ringct/rctTypes.h b/src/ringct/rctTypes.h
index e073bb61b..00b72123a 100644
--- a/src/ringct/rctTypes.h
+++ b/src/ringct/rctTypes.h
@@ -368,6 +368,12 @@ namespace rct {
template<bool W, template <bool> class Archive>
bool serialize_rctsig_prunable(Archive<W> &ar, uint8_t type, size_t inputs, size_t outputs, size_t mixin)
{
+ if (inputs >= 0xffffffff)
+ return false;
+ if (outputs >= 0xffffffff)
+ return false;
+ if (mixin >= 0xffffffff)
+ return false;
if (type == RCTTypeNull)
return ar.stream().good();
if (type != RCTTypeFull && type != RCTTypeSimple && type != RCTTypeBulletproof && type != RCTTypeBulletproof2 && type != RCTTypeCLSAG)
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 063c493ce..a3755ff08 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -13043,6 +13043,8 @@ process:
crypto::public_key tx_pub_key = get_tx_pub_key_from_received_outs(td);
const std::vector<crypto::public_key> additional_tx_pub_keys = get_additional_tx_pub_keys_from_extra(td.m_tx);
+ THROW_WALLET_EXCEPTION_IF(td.m_internal_output_index >= td.m_tx.vout.size(),
+ error::wallet_internal_error, "Internal index is out of range");
THROW_WALLET_EXCEPTION_IF(td.m_tx.vout[td.m_internal_output_index].target.type() != typeid(cryptonote::txout_to_key),
error::wallet_internal_error, "Unsupported output type");
const crypto::public_key& out_key = boost::get<cryptonote::txout_to_key>(td.m_tx.vout[td.m_internal_output_index].target).key;