From ad52495d723648948970850f01a9445d061e85f7 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Thu, 7 Nov 2013 20:25:03 +0100
Subject: [PATCH] Check for overflows when order is added at recovery

---
 src/impl/ecdsa.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/impl/ecdsa.h b/src/impl/ecdsa.h
index 3b7ffe2e..b001e263 100644
--- a/src/impl/ecdsa.h
+++ b/src/impl/ecdsa.h
@@ -123,8 +123,11 @@ int static secp256k1_ecdsa_sig_recover(const secp256k1_ecdsa_sig_t *sig, secp256
     secp256k1_num_t rx;
     secp256k1_num_init(&rx);
     secp256k1_num_copy(&rx, &sig->r);
-    if (recid & 2)
+    if (recid & 2) {
         secp256k1_num_add(&rx, &rx, &c->order);
+        if (secp256k1_num_cmp(&rx, &secp256k1_fe_consts->p) >= 0)
+            return 0;
+    }
     unsigned char brx[32];
     secp256k1_num_get_bin(brx, 32, &rx);
     secp256k1_num_free(&rx);