overflow check in inc_aggregate

Author: b-wagn

src/modules/schnorrsig/main_impl.h

@@ -351,10 +351,14 @@ int secp256k1_schnorrsig_inc_aggregate(const secp256k1_context *ctx, unsigned ch
         hashcopy = hash;
         /* 1.c) Finalize the copy to get zi*/
         secp256k1_sha256_finalize(&hashcopy, hashoutput);
+        /* Note: No need to check overflow, comes from hash */
         secp256k1_scalar_set_b32(&zi, hashoutput, NULL);
 
-        /* Step2: s := s + zi*si */
-        secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], NULL);
+        /* Step 2: s := s + zi*si */
+        secp256k1_scalar_set_b32(&si, &new_sigs64[(i-n_before)*64+32], &overflow);
+        if (overflow) {
+            return 0;
+        }
         secp256k1_scalar_mul(&si, &si, &zi);
         secp256k1_scalar_add(&s, &s, &si);
     }