From 48c79776d36d571afd768c8e6de384cf4d992aa9 Mon Sep 17 00:00:00 2001
From: joshuayabut <yabut.joshua@gmail.com>
Date: Sun, 7 May 2017 01:03:19 -0400
Subject: [PATCH] #12 - Bugfix for out of bounds read.

---
 src/script/standard.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/script/standard.cpp b/src/script/standard.cpp
index f9e4649e..9986a8a9 100644
--- a/src/script/standard.cpp
+++ b/src/script/standard.cpp
@@ -322,14 +322,20 @@ public:
     bool operator()(const CKeyID &keyID) const {
         script->clear();
         CBlockIndex *currentBlock = chainActive.Tip();
-        *script << OP_DUP << OP_HASH160 << ToByteVector(keyID) << OP_EQUALVERIFY << OP_CHECKSIG << ToByteVector(chainActive[currentBlock->nHeight - 300]->GetBlockHash()) << chainActive[currentBlock->nHeight - 300]->nHeight << OP_CHECKBLOCKATHEIGHT;
+        int blockIndex = currentBlock->nHeight - 300;
+        if (blockIndex < 0)
+            blockIndex = 0;
+        *script << OP_DUP << OP_HASH160 << ToByteVector(keyID) << OP_EQUALVERIFY << OP_CHECKSIG << ToByteVector(chainActive[blockIndex]->GetBlockHash()) << chainActive[blockIndex]->nHeight << OP_CHECKBLOCKATHEIGHT;
         return true;
     }
 
     bool operator()(const CScriptID &scriptID) const {
         script->clear();
         CBlockIndex *currentBlock = chainActive.Tip();
-        *script << OP_HASH160 << ToByteVector(scriptID) << OP_EQUAL << ToByteVector(chainActive[currentBlock->nHeight - 300]->GetBlockHash()) << chainActive[currentBlock->nHeight - 300]->nHeight << OP_CHECKBLOCKATHEIGHT;
+        int blockIndex = currentBlock->nHeight - 300;
+        if (blockIndex < 0)
+            blockIndex = 0;
+        *script << OP_HASH160 << ToByteVector(scriptID) << OP_EQUAL << ToByteVector(chainActive[blockIndex]->GetBlockHash()) << chainActive[blockIndex]->nHeight << OP_CHECKBLOCKATHEIGHT;
         return true;
     }
 #endif