rlp: fix integer overflow in list element size validation

It is not safe to add anything to s.size.
2015-04-14 00:54:12 +02:00
parent 56a48101dc
commit 2750ec47b7
2 changed files with 5 additions and 2 deletions
--- a/rlp/decode_test.go
+++ b/rlp/decode_test.go
@ -112,6 +112,9 @@ func TestStreamErrors(t *testing.T) {
 		{"BFFFFFFFFFFFFFFFFFFF", calls{"Bytes"}, nil, ErrValueTooLarge},
 		{"C801", calls{"List"}, nil, ErrValueTooLarge},

+		// Test for list element size check overflow.
+		{"CD04040404FFFFFFFFFFFFFFFFFF0303", calls{"List", "Uint", "Uint", "Uint", "Uint", "List"}, nil, ErrElemTooLarge},
+
 		// Test for input limit overflow. Since we are counting the limit
 		// down toward zero in Stream.remaining, reading too far can overflow
 		// remaining to a large value, effectively disabling the limit.