From 694955c98b7cc1896cfa636b56e9d4eefdc868b2 Mon Sep 17 00:00:00 2001
From: Oscar Guindzberg <oscar.guindzberg@gmail.com>
Date: Tue, 8 May 2018 14:10:31 -0300
Subject: [PATCH] Message.readBytes(): Fail fast if length is too large

---
 core/src/main/java/org/bitcoinj/core/Message.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/org/bitcoinj/core/Message.java b/core/src/main/java/org/bitcoinj/core/Message.java
index 38d19670..98dcf5cb 100644
--- a/core/src/main/java/org/bitcoinj/core/Message.java
+++ b/core/src/main/java/org/bitcoinj/core/Message.java
@@ -329,7 +329,7 @@ public abstract class Message {
     }
 
     protected byte[] readBytes(int length) throws ProtocolException {
-        if (length > MAX_SIZE) {
+        if ((length > MAX_SIZE) || (cursor + length > payload.length)) {
             throw new ProtocolException("Claimed value length too large: " + length);
         }
         try {