From ec66ca9b1a379dabc2ff9a516e3ba9d46c451fb2 Mon Sep 17 00:00:00 2001
From: Daniel Cousens <github@dcousens.com>
Date: Wed, 4 Mar 2015 20:48:28 +1100
Subject: [PATCH] bufferutils/script: allow for invalid pushDatInts, fixes #367

---
 src/bufferutils.js | 3 +++
 src/script.js      | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/bufferutils.js b/src/bufferutils.js
index afe03e6..773e502 100644
--- a/src/bufferutils.js
+++ b/src/bufferutils.js
@@ -27,16 +27,19 @@ function readPushDataInt (buffer, offset) {
 
   // 8 bit
   } else if (opcode === opcodes.OP_PUSHDATA1) {
+    if (offset + 2 > buffer.length) return null
     number = buffer.readUInt8(offset + 1)
     size = 2
 
   // 16 bit
   } else if (opcode === opcodes.OP_PUSHDATA2) {
+    if (offset + 3 > buffer.length) return null
     number = buffer.readUInt16LE(offset + 1)
     size = 3
 
   // 32 bit
   } else {
+    if (offset + 5 > buffer.length) return null
     assert.equal(opcode, opcodes.OP_PUSHDATA4, 'Unexpected opcode')
 
     number = buffer.readUInt32LE(offset + 1)
diff --git a/src/script.js b/src/script.js
index b35bfdf..6ac9f15 100644
--- a/src/script.js
+++ b/src/script.js
@@ -38,8 +38,11 @@ Script.fromBuffer = function (buffer) {
     // data chunk
     if ((opcode > opcodes.OP_0) && (opcode <= opcodes.OP_PUSHDATA4)) {
       var d = bufferutils.readPushDataInt(buffer, i)
-      i += d.size
 
+      // did reading a pushDataInt fail? return non-chunked script
+      if (d === null) return new Script(buffer, [])
+
+      i += d.size
       var data = buffer.slice(i, i + d.number)
       i += d.number