Script: clone tx before performing correctlySpends check. This prevents thread safety issues and corrupted transactions if validation fails.

core/src/main/java/com/google/bitcoin/core/Message.java

@@ -505,6 +505,11 @@ public abstract class Message implements Serializable {
         return cursor < bytes.length;
     }
 
+    /** Network parameters this message was created with. */
+    public NetworkParameters getParams() {
+        return params;
+    }
+
     public static class LazyParseException extends RuntimeException {
         private static final long serialVersionUID = 6971943053112975594L;
 

core/src/main/java/com/google/bitcoin/script/Script.java

@@ -1168,6 +1168,13 @@ public class Script {
      */
     public void correctlySpends(Transaction txContainingThis, long scriptSigIndex, Script scriptPubKey,
                                 boolean enforceP2SH) throws ScriptException {
+        // Clone the transaction because executing the script involves editing it, and if we die, we'll leave
+        // the tx half broken (also it's not so thread safe to work on it directly.
+        try {
+            txContainingThis = new Transaction(txContainingThis.getParams(), txContainingThis.bitcoinSerialize());
+        } catch (ProtocolException e) {
+            throw new RuntimeException(e);   // Should not happen unless we were given a totally broken transaction.
+        }
         if (getProgram().length > 10000 || scriptPubKey.getProgram().length > 10000)
             throw new ScriptException("Script larger than 10,000 bytes");