CExtKey::Unserialize and CExtPubKey::Unserialize throw std::runtime_error instead of the expected std::ios_base::failure #17130

issue practicalswift opened this issue on October 13, 2019
  1. practicalswift commented at 10:01 PM on October 13, 2019: contributor

    CExtKey::Unserialize(...) and CExtPubKey::Unserialize(...) throw std::runtime_error instead of the expected std::ios_base::failure.

    Context (taken from an e-mail):

    When fuzzing some deserialization code I noticed that CExtKey::Unserialize(...) and CExtPubKey::Unserialize(...) throw std::runtime_error instead of the std::ios_base::failure I expected in case of deserialization errors.

    I saw that this code was written by you originally: do you remember if there was a particular reason to go with std::runtime_error instead of std::ios_base::failure? If not, do you think it would be safe to change it? :)

    Code:

    https://github.com/bitcoin/bitcoin/blob/376638afcf945ec43089625d115286594ce0ab16/src/key.h#L174-L183

    https://github.com/bitcoin/bitcoin/blob/78dae8caccd82cfbfd76557f1fb7d7557c7b5edb/src/pubkey.h#L240-L249

    FWIW the code paths in question are reachable by the fuzzers added in PR #17051 ("tests: Add deserialization fuzzing harnesses").

  2. practicalswift added the label Bug on Oct 13, 2019
  3. practicalswift commented at 8:47 AM on October 16, 2019: contributor

    Friendly ping @jonasschnelli :)

    Could you clarify? This is a fuzzing blocker I'd like to get rid of if possible :)

  4. MarcoFalke commented at 12:15 PM on October 16, 2019: member

    Those messages are not sent over p2p, so fuzzing is nice to have, but not going to harden the protocol layer.

    I guess they might be written by the wallet? In that case, you might want to check if the wallet is handling those exceptions properly.

  5. practicalswift commented at 1:36 PM on October 18, 2019: contributor

    The only use of CExt{Pub,}Key serialisation/deserialisation appears to be in bip32_tests:

    https://github.com/bitcoin/bitcoin/blob/f2a094884d987465437a6300daa84de6f39c2322/src/test/bip32_tests.cpp#L122-L136

    I cannot find any non-test usage.

  6. MarcoFalke commented at 2:12 PM on October 18, 2019: member

    Maybe you can remove that logic then?

  7. achow101 commented at 2:31 PM on October 18, 2019: member

    I'm pretty sure serialization is used by the wallet for the dumpwallet rpc. Also, both are being used in #16463

  8. practicalswift commented at 2:49 PM on October 18, 2019: contributor

    @achow101 dumpwallet is using EncodeExtKey, no? :)

    https://github.com/bitcoin/bitcoin/blob/46d6930f8c7ba7cbcd7d86dd5d0117642fcbc819/src/wallet/rpcdump.cpp#L802-L813

  9. achow101 commented at 3:20 PM on October 18, 2019: member

    Hmm, so the actual serialization happens in Encode/Decode, not Serialize/Unserialize, and that's what #16463 uses. So in that case, I think it is fine to get rid of Serialize/Unserialize.

  10. practicalswift commented at 3:31 PM on October 18, 2019: contributor

    @MarcoFalke

    Maybe you can remove that logic then?

    Since #15814 + #15814 (comment) I'm a bit hesitant to touch dead code :)

    Perhaps we can put a "good first issue" tag on this one and let a newcomer take care of the removal.

    From a fuzzing perspective I've got my needs covered: if this code isn't used it doesn't matter if invalid deserialisation input makes it throw an unexpected exception type (std::runtime_error instead of the expected std::ios_base::failure). My job here is done :)

  11. MarcoFalke commented at 3:56 PM on October 18, 2019: member

    Ok, will add "good first issue"

  12. MarcoFalke added the label good first issue on Oct 18, 2019
  13. MarcoFalke commented at 4:11 PM on October 18, 2019: member

    Removing is probably fine. If this will ever be needed, a simple git revert $commit_that_removed_it should restore it.

  14. MarcoFalke referenced this in commit 773026044f on Oct 24, 2019
  15. practicalswift commented at 9:41 PM on October 30, 2019: contributor

    This was solved with the merge of #17212. Closing. Thanks @theStack! :)

  16. practicalswift closed this on Oct 30, 2019
  17. PastaPastaPasta referenced this in commit ae4e42b17d on Sep 11, 2021
  18. PastaPastaPasta referenced this in commit d8515fa191 on Sep 11, 2021
  19. PastaPastaPasta referenced this in commit 63e9dec6b3 on Sep 12, 2021
  20. PastaPastaPasta referenced this in commit 69ba1dc285 on Sep 12, 2021
  21. MarcoFalke locked this on Dec 16, 2021
Contributors
practicalswiftMarcoFalkeachow101
Labels
Buggood first issue
Linked (view graph)
#17051 tests: Add deserialization fuzzing harnesses#17212 refactor: Remove unused CExt{Pub,}Key (de)serialization methods
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me