Skip to content

Commit d4c6b90

Browse files
non-github-bitcoinnon-github-bitcoin
committed
fix for block 74638 overflow output transaction
git-svn-id: https://bitcoin.svn.sourceforge.net/svnroot/bitcoin/trunk@132 1a98c847-1fd6-4fd8-948a-caf3550aa51b
1 parent 4bd188c commit d4c6b90

File tree

3 files changed

+19
-2
lines changed

3 files changed

+19
-2
lines changed

main.cpp

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1006,6 +1006,14 @@ bool CTransaction::ConnectInputs(CTxDB& txdb, map<uint256, CTxIndex>& mapTestPoo
10061006
mapTestPool[prevout.hash] = txindex;
10071007

10081008
nValueIn += txPrev.vout[prevout.n].nValue;
1009+
1010+
// Check for negative or overflow input values
1011+
if (txPrev.vout[prevout.n].nValue < 0)
1012+
return error("ConnectInputs() : txin.nValue negative");
1013+
if (txPrev.vout[prevout.n].nValue > MAX_MONEY)
1014+
return error("ConnectInputs() : txin.nValue too high");
1015+
if (nValueIn > MAX_MONEY)
1016+
return error("ConnectInputs() : txin total too high");
10091017
}
10101018

10111019
// Tally transaction fees

main.h

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ static const unsigned int MAX_SIZE = 0x02000000;
1818
static const unsigned int MAX_BLOCK_SIZE = 1000000;
1919
static const int64 COIN = 100000000;
2020
static const int64 CENT = 1000000;
21+
static const int64 MAX_MONEY = 21000000 * COIN;
2122
static const int COINBASE_MATURITY = 100;
2223

2324
static const CBigNum bnProofOfWorkLimit(~uint256(0) >> 32);
@@ -471,10 +472,18 @@ class CTransaction
471472
if (vin.empty() || vout.empty())
472473
return error("CTransaction::CheckTransaction() : vin or vout empty");
473474

474-
// Check for negative values
475+
// Check for negative or overflow output values
476+
int64 nValueOut = 0;
475477
foreach(const CTxOut& txout, vout)
478+
{
476479
if (txout.nValue < 0)
477480
return error("CTransaction::CheckTransaction() : txout.nValue negative");
481+
if (txout.nValue > MAX_MONEY)
482+
return error("CTransaction::CheckTransaction() : txout.nValue too high");
483+
nValueOut += txout.nValue;
484+
if (nValueOut > MAX_MONEY)
485+
return error("CTransaction::CheckTransaction() : txout total too high");
486+
}
478487

479488
if (IsCoinBase())
480489
{

serialize.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class CScript;
1919
class CDataStream;
2020
class CAutoFile;
2121

22-
static const int VERSION = 309;
22+
static const int VERSION = 310;
2323
static const char* pszSubVer = ".0";
2424

2525

0 commit comments

Comments
 (0)