From b6c4f8cd545a033859d3f7e91949f4883b856ed6 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Thu, 24 Sep 2020 15:16:44 +0000
Subject: fix a couple bugs found by OSS-fuzz

- index out of bounds when importing outputs
- accessing invalid CLSAG data
---
 src/ringct/rctTypes.h | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/ringct')

diff --git a/src/ringct/rctTypes.h b/src/ringct/rctTypes.h
index e073bb61b..00b72123a 100644
--- a/src/ringct/rctTypes.h
+++ b/src/ringct/rctTypes.h
@@ -368,6 +368,12 @@ namespace rct {
         template<bool W, template <bool> class Archive>
         bool serialize_rctsig_prunable(Archive<W> &ar, uint8_t type, size_t inputs, size_t outputs, size_t mixin)
         {
+          if (inputs >= 0xffffffff)
+            return false;
+          if (outputs >= 0xffffffff)
+            return false;
+          if (mixin >= 0xffffffff)
+            return false;
           if (type == RCTTypeNull)
             return ar.stream().good();
           if (type != RCTTypeFull && type != RCTTypeSimple && type != RCTTypeBulletproof && type != RCTTypeBulletproof2 && type != RCTTypeCLSAG)
-- 
cgit v1.2.3