Don´t join the scripts in Transaction.join(Script a, Script b) without checking them separately for correctness!

[GoogleCodeExporter]

You should evaluate each script separately sharing only the stack (as in 
VerifyScript() in standard bitcoin client, or first check them for correctness.

I you join scripts without checking the correctness of each script separately, 
then ScriptSig can force the script interpreter to see ScriptPubKey as data 
bytes to push into the stack, by appending a OP_PUSHDATAx opcode to the last 
byte of ScriptSig.

Best regards,
 Sergio Demian Lerner.

Original issue reported on code.google.com by sergio.d...@gmail.com on 18 Jun 2011 at 3:21

[GoogleCodeExporter]

I = If

Original comment by sergio.d...@gmail.com on 18 Jun 2011 at 3:22

[GoogleCodeExporter]

The join method is leftover from the days when I actually did (try to) verify 
transactions. In SPV mode, scripts are just data structures you peer in to ... 
you don't actually run them. So I'm going to close this bug as it only affects 
dead code. We should delete it, I admit. But thanks for the careful review 
nonetheless.

Original comment by hearn@google.com on 6 Jul 2011 at 12:41

• Changed state: WontFix