validation: Increase robustness when loading malformed mempool.dat files (LoadMempool)#20089
Closed
practicalswift wants to merge 2 commits intobitcoin:masterfrom
Closed
validation: Increase robustness when loading malformed mempool.dat files (LoadMempool)#20089practicalswift wants to merge 2 commits intobitcoin:masterfrom
practicalswift wants to merge 2 commits intobitcoin:masterfrom
Conversation
Contributor
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
promag
reviewed
Oct 7, 2020
Contributor
promag
left a comment
promag
left a comment
There was a problem hiding this comment.
Concept ACK, change looks good.
maflcko
approved these changes
Oct 8, 2020
Member
maflcko
left a comment
maflcko
left a comment
There was a problem hiding this comment.
ACK, seems fine to add checks against disk corruption
practicalswift
force-pushed
the
load-mempool-robustness
branch
2 times, most recently
from
6166a9f to
5693d5a
Compare
Member
|
review ACK 5693d5ad4a1ea862b82b25a3194569bfb66bc67d |
theStack
approved these changes
Oct 11, 2020
Contributor
theStack
left a comment
theStack
left a comment
There was a problem hiding this comment.
Code Review ACK 5693d5ad4a1ea862b82b25a3194569bfb66bc67d 🩺
As a potential follow-up, would it also make sense to notify the user in case the file is malformed (which is most likely caused by disk corruption), with a warning?
Contributor
Author
|
@theStack Now printing a log message. Please re-review :) |
theStack
reviewed
Oct 12, 2020
practicalswift
force-pushed
the
load-mempool-robustness
branch
from
89ab5c2 to
875a2c3
Compare
theStack
approved these changes
Oct 13, 2020
Contributor
theStack
left a comment
theStack
left a comment
There was a problem hiding this comment.
Code Review re-ACK 875a2c3149f6f94b198c7c24230375d27410f422
Member
|
review ACK 875a2c3149f6f94b198c7c24230375d27410f422 |
Contributor
Author
|
Could someone restart Cirrus please? :) |
luke-jr
suggested changes
Oct 24, 2020
src/amount.h
Outdated
Member
There was a problem hiding this comment.
Fee deltas outside MAX_MONEY are valid and have at least a conceptual use case (consider that fee rate is divided by transaction size: a larger transaction would need >MAX_MONEY feerate to go before a MAX_MONEY smaller tx).
Contributor
Author
There was a problem hiding this comment.
@luke-jr What is the valid fee delta range in your opinion?
Contributor
Author
There was a problem hiding this comment.
I'm not sure this is actionable unless we can establish what the valid range should be.
Member
There was a problem hiding this comment.
This is not a feerate, but an absolute amount in satoshis
practicalswift
force-pushed
the
load-mempool-robustness
branch
from
875a2c3 to
f044456
Compare
practicalswift
force-pushed
the
load-mempool-robustness
branch
from
f044456 to
8953ff9
Compare
maflcko
pushed a commit
that referenced
this pull request
Nov 12, 2020
…t file with a malformed time field ee11a41 Avoid signed integer overflow when loading a mempool.dat file with a malformed time field (practicalswift) Pull request description: Avoid signed integer overflow when loading a `mempool.dat` file with a malformed time field. Avoid the following signed integer overflow: ``` $ xxd -p -r > mempool.dat-crash-1 <<EOF 0100000000000000000000000004000000000000000000000000ffffffff ffffff7f00000000000000000000000000 EOF $ cp mempool.dat-crash-1 ~/.bitcoin/regtest/mempool.dat $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:report_error_type=1" src/bitcoind -regtest validation.cpp:5079:23: runtime error: signed integer overflow: 9223372036854775807 + 1209600 cannot be represented in type 'long' #0 0x5618d335197f in LoadMempool(CTxMemPool&) src/validation.cpp:5079:23 #1 0x5618d3350df3 in CChainState::LoadMempool(ArgsManager const&) src/validation.cpp:4217:9 #2 0x5618d2b9345f in ThreadImport(ChainstateManager&, std::vector<boost::filesystem::path, std::allocator<boost::filesystem::path> >, ArgsManager const&) src/init.cpp:762:33 #3 0x5618d2b92162 in AppInitMain(util::Ref const&, NodeContext&, interfaces::BlockAndHeaderTipInfo*)::$_14::operator()() const src/init.cpp:1881:9 ``` This PR was broken out from PR #20089. Hopefully this PR is trivial to review. Fixes a subset of #19278. ACKs for top commit: MarcoFalke: review ACK ee11a41 Crypt-iQ: crACK ee11a41 Tree-SHA512: 227ab95cd7d22f62f3191693b455eacfa8e36534961bee12c622fc9090957cfb29992eabafa74d806a336e03385aa8f98b7ce734f04b0b400e33aa187d353337
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Nov 12, 2020
…pool.dat file with a malformed time field ee11a41 Avoid signed integer overflow when loading a mempool.dat file with a malformed time field (practicalswift) Pull request description: Avoid signed integer overflow when loading a `mempool.dat` file with a malformed time field. Avoid the following signed integer overflow: ``` $ xxd -p -r > mempool.dat-crash-1 <<EOF 0100000000000000000000000004000000000000000000000000ffffffff ffffff7f00000000000000000000000000 EOF $ cp mempool.dat-crash-1 ~/.bitcoin/regtest/mempool.dat $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:report_error_type=1" src/bitcoind -regtest validation.cpp:5079:23: runtime error: signed integer overflow: 9223372036854775807 + 1209600 cannot be represented in type 'long' #0 0x5618d335197f in LoadMempool(CTxMemPool&) src/validation.cpp:5079:23 #1 0x5618d3350df3 in CChainState::LoadMempool(ArgsManager const&) src/validation.cpp:4217:9 #2 0x5618d2b9345f in ThreadImport(ChainstateManager&, std::vector<boost::filesystem::path, std::allocator<boost::filesystem::path> >, ArgsManager const&) src/init.cpp:762:33 #3 0x5618d2b92162 in AppInitMain(util::Ref const&, NodeContext&, interfaces::BlockAndHeaderTipInfo*)::$_14::operator()() const src/init.cpp:1881:9 ``` This PR was broken out from PR bitcoin#20089. Hopefully this PR is trivial to review. Fixes a subset of bitcoin#19278. ACKs for top commit: MarcoFalke: review ACK ee11a41 Crypt-iQ: crACK ee11a41 Tree-SHA512: 227ab95cd7d22f62f3191693b455eacfa8e36534961bee12c622fc9090957cfb29992eabafa74d806a336e03385aa8f98b7ce734f04b0b400e33aa187d353337
UdjinM6
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Apr 18, 2023
…pool.dat file with a malformed time field ee11a41 Avoid signed integer overflow when loading a mempool.dat file with a malformed time field (practicalswift) Pull request description: Avoid signed integer overflow when loading a `mempool.dat` file with a malformed time field. Avoid the following signed integer overflow: ``` $ xxd -p -r > mempool.dat-crash-1 <<EOF 0100000000000000000000000004000000000000000000000000ffffffff ffffff7f00000000000000000000000000 EOF $ cp mempool.dat-crash-1 ~/.bitcoin/regtest/mempool.dat $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:report_error_type=1" src/bitcoind -regtest validation.cpp:5079:23: runtime error: signed integer overflow: 9223372036854775807 + 1209600 cannot be represented in type 'long' #0 0x5618d335197f in LoadMempool(CTxMemPool&) src/validation.cpp:5079:23 #1 0x5618d3350df3 in CChainState::LoadMempool(ArgsManager const&) src/validation.cpp:4217:9 #2 0x5618d2b9345f in ThreadImport(ChainstateManager&, std::vector<boost::filesystem::path, std::allocator<boost::filesystem::path> >, ArgsManager const&) src/init.cpp:762:33 #3 0x5618d2b92162 in AppInitMain(util::Ref const&, NodeContext&, interfaces::BlockAndHeaderTipInfo*)::$_14::operator()() const src/init.cpp:1881:9 ``` This PR was broken out from PR bitcoin#20089. Hopefully this PR is trivial to review. Fixes a subset of bitcoin#19278. ACKs for top commit: MarcoFalke: review ACK ee11a41 Crypt-iQ: crACK ee11a41 Tree-SHA512: 227ab95cd7d22f62f3191693b455eacfa8e36534961bee12c622fc9090957cfb29992eabafa74d806a336e03385aa8f98b7ce734f04b0b400e33aa187d353337
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Increase robustness when loading malformed
mempool.datfiles.Avoids the following three signed integer overflows when loading malformed
mempool.datfiles:Fixes #19278.