From 0ae2af0bb8935fdcb239fea4b4d37de286a33c43 Mon Sep 17 00:00:00 2001
From: sech1 <sech1@sech1>
Date: Tue, 9 Sep 2025 16:46:57 +0200
Subject: [PATCH] Added more sanity checks

---
 src/zmq_reader.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/zmq_reader.cpp b/src/zmq_reader.cpp
index 6ad8721..1ed573d 100644
--- a/src/zmq_reader.cpp
+++ b/src/zmq_reader.cpp
@@ -338,6 +338,11 @@ static std::vector<uint8_t> construct_monero_block_blob(rapidjson::Value* value)
 
 	auto arr = outputs->value.GetArray();
 
+	if (arr.Empty()) {
+		LOGWARN(3, "construct_monero_block_blob: outputs array is empty");
+		return empty_blob;
+	}
+
 	writeVarint(arr.Size(), blob);
 
 	for (rapidjson::Value* i = arr.begin(); i != arr.end(); ++i) {
@@ -385,7 +390,7 @@ static std::vector<uint8_t> construct_monero_block_blob(rapidjson::Value* value)
 	}
 
 	std::vector<uint8_t> t;
-	if (!from_hex(extra.c_str(), extra.length(), t) || t.empty()) {
+	if (!from_hex(extra.c_str(), extra.length(), t) || (t.size() < HASH_SIZE + 1)) {
 		LOGWARN(3, "construct_monero_block_blob: invalid extra " << extra);
 		return empty_blob;
 	}