HomePhabricator
Diffusion Bitcoin ABC 3610aa71daee

Avoid signed integer overflow when loading a mempool.dat file with a malformed…
3610aa71daee
Actions

Description

Avoid signed integer overflow when loading a mempool.dat file with a malformed time field

Summary: This is a backport of core#20372

Test Plan:
This causes an error before applying the commit, and it works after the change:

$ cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DENABLE_SANITIZERS=undefined
$ xxd -p -r > mempool.dat-crash-1 <<EOF
0100000000000000000000000004000000000000000000000000ffffffff
ffffff7f00000000000000000000000000
EOF
$ cp mempool.dat-crash-1 /bitcoinddata/regtest/mempool.dat
$ ninja
$ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:report_error_type=1" src/bitcoind -regtest
../src/validation.cpp:5853:23: runtime error: signed integer overflow: 9223372036854775807 + 1209600 cannot be represented in type 'long'
    #0 0x55f14103ffcd in LoadMempool(Config const&, CTxMemPool&) /home/pierre/dev/bitcoin-abc/build_ubsan/../src/validation.cpp:5853:23
    #1 0x55f14103fb65 in CChainState::LoadMempool(Config const&, ArgsManager const&) /home/pierre/dev/bitcoin-abc/build_ubsan/../src/validation.cpp:4821:9
...

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D10725

Details

Provenance
PiRKAuthored on Dec 22 2021, 16:10
PiRKPushed on Dec 23 2021, 07:14
Reviewer
Restricted Project
Differential Revision
D10725: Avoid signed integer overflow when loading a mempool.dat file with a malformed time field
Parents
rABCfb6c0e694a14: Remove references to CreateWalletFromFile
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
src/

rABC3610aa71daee

View Options

src/validation.cpp

Loading...