From 61defd89e3f88f30d6a9fd9ba546c3317b61377e Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Fri, 2 Feb 2018 16:50:35 +0000 Subject: blockchain: sanity check number of precomputed hash of hash blocks Coverity 142951 --- src/cryptonote_core/blockchain.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/cryptonote_core') diff --git a/src/cryptonote_core/blockchain.cpp b/src/cryptonote_core/blockchain.cpp index 178479f3c..6203f313c 100644 --- a/src/cryptonote_core/blockchain.cpp +++ b/src/cryptonote_core/blockchain.cpp @@ -4343,8 +4343,13 @@ void Blockchain::load_compiled_in_block_hashes() { const unsigned char *p = get_blocks_dat_start(m_testnet); const uint32_t nblocks = *p | ((*(p+1))<<8) | ((*(p+2))<<16) | ((*(p+3))<<24); + if (nblocks > (std::numeric_limits::max() - 4) / sizeof(hash)) + { + MERROR("Block hash data is too large"); + return; + } const size_t size_needed = 4 + nblocks * sizeof(crypto::hash); - if(nblocks > 0 && nblocks * HASH_OF_HASHES_STEP > m_db->height() && get_blocks_dat_size(m_testnet) >= size_needed) + if(nblocks > 0 && nblocks > (m_db->height() + HASH_OF_HASHES_STEP - 1) / HASH_OF_HASHES_STEP && get_blocks_dat_size(m_testnet) >= size_needed) { p += sizeof(uint32_t); m_blocks_hash_of_hashes.reserve(nblocks); -- cgit v1.2.3