From 78ad0496419338d4c77bac04f76feda04e247a81 Mon Sep 17 00:00:00 2001
From: yutianwu <wzxingbupt@gmail.com>
Date: Thu, 8 Jun 2023 14:40:10 +0800
Subject: [PATCH] fix: check integer overflow when decode crosschain payload
 (#1679)

---
 core/vm/lightclient/v2/lightclient.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/vm/lightclient/v2/lightclient.go b/core/vm/lightclient/v2/lightclient.go
index d5de960750..e1814bfd2f 100644
--- a/core/vm/lightclient/v2/lightclient.go
+++ b/core/vm/lightclient/v2/lightclient.go
@@ -194,6 +194,11 @@ func DecodeLightBlockValidationInput(input []byte) (*ConsensusState, *types.Ligh
 	}
 
 	csLen := binary.BigEndian.Uint64(input[consensusStateLengthBytesLength-uint64TypeLength : consensusStateLengthBytesLength])
+
+	if consensusStateLengthBytesLength+csLen < consensusStateLengthBytesLength {
+		return nil, nil, fmt.Errorf("integer overflow, csLen: %d", csLen)
+	}
+
 	if uint64(len(input)) <= consensusStateLengthBytesLength+csLen {
 		return nil, nil, fmt.Errorf("expected payload size %d, actual size: %d", consensusStateLengthBytesLength+csLen, len(input))
 	}