From 12c5474cf126f8bcb01a5cf90b582189f1297cb0 Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Tue, 12 Jun 2018 14:41:30 +0200
Subject: [PATCH] stricter tx deserialization: forbid negative output amount
 values

---
 lib/transaction.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/transaction.py b/lib/transaction.py
index c491f99b5..84d189613 100644
--- a/lib/transaction.py
+++ b/lib/transaction.py
@@ -536,6 +536,8 @@ def parse_output(vds, i):
     d['value'] = vds.read_int64()
     if d['value'] > TOTAL_COIN_SUPPLY_LIMIT_IN_BTC * COIN:
         raise SerializationError('invalid output amount (too large)')
+    if d['value'] < 0:
+        raise SerializationError('invalid output amount (negative)')
     scriptPubKey = vds.read_bytes(vds.read_compact_size())
     d['type'], d['address'] = get_address_from_output_script(scriptPubKey)
     d['scriptPubKey'] = bh2u(scriptPubKey)