netcraft
/
litecoin
mirror of https://github.com/litecoin-project/litecoin
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge #20372: Avoid signed integer overflow when loading a mempool.dat file with a malformed time field

Browse Source 
ee11a412a5 Avoid signed integer overflow when loading a mempool.dat file with a malformed time field (practicalswift)

Pull request description:

  Avoid signed integer overflow when loading a `mempool.dat` file with a malformed time field.

  Avoid the following signed integer overflow:

  ```
  $ xxd -p -r > mempool.dat-crash-1 <<EOF
  0100000000000000000000000004000000000000000000000000ffffffff
  ffffff7f00000000000000000000000000
  EOF
  $ cp mempool.dat-crash-1 ~/.bitcoin/regtest/mempool.dat
  $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:report_error_type=1" src/bitcoind -regtest
  validation.cpp:5079:23: runtime error: signed integer overflow: 9223372036854775807 + 1209600 cannot be represented in type 'long'
      #0 0x5618d335197f in LoadMempool(CTxMemPool&) src/validation.cpp:5079:23
      #1 0x5618d3350df3 in CChainState::LoadMempool(ArgsManager const&) src/validation.cpp:4217:9
      #2 0x5618d2b9345f in ThreadImport(ChainstateManager&, std::vector<boost::filesystem::path, std::allocator<boost::filesystem::path> >, ArgsManager const&) src/init.cpp:762:33
      #3 0x5618d2b92162 in AppInitMain(util::Ref const&, NodeContext&, interfaces::BlockAndHeaderTipInfo*)::$_14::operator()() const src/init.cpp:1881:9
  ```

  This PR was broken out from PR #20089. Hopefully this PR is trivial to review.

  Fixes a subset of #19278.

ACKs for top commit:
  MarcoFalke:
    review ACK ee11a412a5
  Crypt-iQ:
    crACK ee11a412a5

Tree-SHA512: 227ab95cd7d22f62f3191693b455eacfa8e36534961bee12c622fc9090957cfb29992eabafa74d806a336e03385aa8f98b7ce734f04b0b400e33aa187d353337
pull/764/head
MarcoFalke 4 years ago
parent bcd142e479 ee11a412a5
commit 027e51f715
No known key found for this signature in database
GPG Key ID: D2EA4850E7528B25
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/validation.cpp
Unescape View File

@ -5084,7 +5084,7 @@ bool LoadMempool(CTxMemPool& pool)
pool.PrioritiseTransaction(tx->GetHash(), amountdelta);
}
TxValidationState state;
if (nTime + nExpiryTimeout > nNow) {
if (nTime > nNow - nExpiryTimeout) {
LOCK(cs_main);
AcceptToMemoryPoolWithTime(chainparams, pool, state, tx, nTime,
nullptr /* plTxnReplaced */, false /* bypass_limits */,

Write Preview
Loading…
Cancel
Save