From 6b3f5c977aafb753a360830cd1a797430a76ae8a Mon Sep 17 00:00:00 2001
From: NikVolf <nikvolf@gmail.com>
Date: Thu, 3 Aug 2017 21:35:51 +0300
Subject: [PATCH] overflow check in addition

---
 util/rlp/src/error.rs         | 2 ++
 util/rlp/src/untrusted_rlp.rs | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/util/rlp/src/error.rs b/util/rlp/src/error.rs
index 6b15ea8a6..5113fdc17 100644
--- a/util/rlp/src/error.rs
+++ b/util/rlp/src/error.rs
@@ -30,6 +30,8 @@ pub enum DecoderError {
 	RlpInvalidIndirection,
 	/// Declared length is inconsistent with data specified after.
 	RlpInconsistentLengthAndData,
+	/// Declared length is invalid and results in overflow
+	RlpInvalidLength,
 	/// Custom rlp decoding error.
 	Custom(&'static str),
 }
diff --git a/util/rlp/src/untrusted_rlp.rs b/util/rlp/src/untrusted_rlp.rs
index 16714fe98..e7eb44f5d 100644
--- a/util/rlp/src/untrusted_rlp.rs
+++ b/util/rlp/src/untrusted_rlp.rs
@@ -371,7 +371,8 @@ impl<'a> BasicDecoder<'a> {
 				}
 				let len = decode_usize(&bytes[1..begin_of_value])?;
 
-				let last_index_of_value = begin_of_value + len;
+				let last_index_of_value = begin_of_value.overflowing_add(len)
+					.ok_or(DecoderError::RlpInvalidLength)?;
 				if bytes.len() < last_index_of_value {
 					return Err(DecoderError::RlpInconsistentLengthAndData);
 				}