Avoid signed integer overflow when loading a mempool.dat file with a malformed time field #20372

pull practicalswift wants to merge 1 commits into bitcoin:master from practicalswift:load-mempool-time-integer-overflow changing 1 files +1 −1
  1. practicalswift commented at 2:46 PM on November 11, 2020: contributor

    Avoid signed integer overflow when loading a mempool.dat file with a malformed time field.

    Avoid the following signed integer overflow:

    $ xxd -p -r > mempool.dat-crash-1 <<EOF
0100000000000000000000000004000000000000000000000000ffffffff
ffffff7f00000000000000000000000000
EOF
$ cp mempool.dat-crash-1 ~/.bitcoin/regtest/mempool.dat
$ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1:report_error_type=1" src/bitcoind -regtest
validation.cpp:5079:23: runtime error: signed integer overflow: 9223372036854775807 + 1209600 cannot be represented in type 'long'
    [#0](/bitcoin-bitcoin/0/) 0x5618d335197f in LoadMempool(CTxMemPool&) src/validation.cpp:5079:23
    [#1](/bitcoin-bitcoin/1/) 0x5618d3350df3 in CChainState::LoadMempool(ArgsManager const&) src/validation.cpp:4217:9
    [#2](/bitcoin-bitcoin/2/) 0x5618d2b9345f in ThreadImport(ChainstateManager&, std::vector<boost::filesystem::path, std::allocator<boost::filesystem::path> >, ArgsManager const&) src/init.cpp:762:33
    [#3](/bitcoin-bitcoin/3/) 0x5618d2b92162 in AppInitMain(util::Ref const&, NodeContext&, interfaces::BlockAndHeaderTipInfo*)::$_14::operator()() const src/init.cpp:1881:9

    This PR was broken out from PR #20089. Hopefully this PR is trivial to review.

    Fixes a subset of #19278.

  2. Avoid signed integer overflow when loading a mempool.dat file with a malformed time field ee11a412a5
  3. DrahtBot added the label Validation on Nov 11, 2020
  4. MarcoFalke commented at 3:36 PM on November 11, 2020: member

    review ACK ee11a412a537f62aa46e8862678ce2069a2df5b7

  5. Crypt-iQ commented at 8:18 PM on November 11, 2020: contributor

    crACK ee11a412a537f62aa46e8862678ce2069a2df5b7

  6. MarcoFalke merged this on Nov 12, 2020
  7. MarcoFalke closed this on Nov 12, 2020
  8. sidhujag referenced this in commit b4151ac86c on Nov 12, 2020
  9. practicalswift deleted the branch on Apr 10, 2021
  10. Fabcien referenced this in commit 3610aa71da on Dec 23, 2021
  11. DrahtBot locked this on Aug 18, 2022
Contributors
practicalswiftMarcoFalkeCrypt-iQ
Labels
Validation
Linked (view graph)
#1 JSON-RPC support for mobile devices ("ultra-lightweight" clients)#2 Long-term, safe, store-of-value#3 Encrypt wallet#19278 Three UBSan warnings when loading corrupt mempool.dat files#20089 validation: Increase robustness when loading malformed mempool.dat files (LoadMempool)
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-16 15:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me