From 76793dc969f5ee9feadb6827845c1682b11914a6 Mon Sep 17 00:00:00 2001
From: Satoshi Nakamoto <satoshin@gmx.com>
Date: Sun, 15 Aug 2010 23:09:29 +0000
Subject: [PATCH] fix for block 74638 overflow output transaction

---
 main.cpp    |  8 ++++++++
 main.h      | 11 ++++++++++-
 serialize.h |  2 +-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/main.cpp b/main.cpp
index cc263db28..b193536d3 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1006,6 +1006,14 @@ bool CTransaction::ConnectInputs(CTxDB& txdb, map<uint256, CTxIndex>& mapTestPoo
                 mapTestPool[prevout.hash] = txindex;
 
             nValueIn += txPrev.vout[prevout.n].nValue;
+
+            // Check for negative or overflow input values
+            if (txPrev.vout[prevout.n].nValue < 0)
+                return error("ConnectInputs() : txin.nValue negative");
+            if (txPrev.vout[prevout.n].nValue > MAX_MONEY)
+                return error("ConnectInputs() : txin.nValue too high");
+            if (nValueIn > MAX_MONEY)
+                return error("ConnectInputs() : txin total too high");
         }
 
         // Tally transaction fees
diff --git a/main.h b/main.h
index 3cedf841d..44db15d9b 100644
--- a/main.h
+++ b/main.h
@@ -18,6 +18,7 @@ static const unsigned int MAX_SIZE = 0x02000000;
 static const unsigned int MAX_BLOCK_SIZE = 1000000;
 static const int64 COIN = 100000000;
 static const int64 CENT = 1000000;
+static const int64 MAX_MONEY = 21000000 * COIN;
 static const int COINBASE_MATURITY = 100;
 
 static const CBigNum bnProofOfWorkLimit(~uint256(0) >> 32);
@@ -471,10 +472,18 @@ public:
         if (vin.empty() || vout.empty())
             return error("CTransaction::CheckTransaction() : vin or vout empty");
 
-        // Check for negative values
+        // Check for negative or overflow output values
+        int64 nValueOut = 0;
         foreach(const CTxOut& txout, vout)
+        {
             if (txout.nValue < 0)
                 return error("CTransaction::CheckTransaction() : txout.nValue negative");
+            if (txout.nValue > MAX_MONEY)
+                return error("CTransaction::CheckTransaction() : txout.nValue too high");
+            nValueOut += txout.nValue;
+            if (nValueOut > MAX_MONEY)
+                return error("CTransaction::CheckTransaction() : txout total too high");
+        }
 
         if (IsCoinBase())
         {
diff --git a/serialize.h b/serialize.h
index 89b5c2bef..a41c6a1a1 100644
--- a/serialize.h
+++ b/serialize.h
@@ -19,7 +19,7 @@ class CScript;
 class CDataStream;
 class CAutoFile;
 
-static const int VERSION = 309;
+static const int VERSION = 310;
 static const char* pszSubVer = ".0";