wallet: fix segfault by avoiding invalid default-ctored `external_spk_managers` entry #23333

pull theStack wants to merge 1 commits into bitcoin:master from theStack:202110-wallet-fix_getwalletinfo_segfault_after_importing_descriptor changing 1 files +2 −1

theStack commented at 2:31 PM on October 21, 2021: member

Fixes #23321 (bug reported by Josef Vondrlik (josef-v)).

In the method CWallet::LoadActiveScriptPubKeyMan, the map external_spk_managers (or internal_spk_managers, if parameter internal is false) is accessed via std::map::operator[], which means that a default-ctored entry is created with a null-pointer as value, if the key doesn't exist. As soon as this value is dereferenced, a segmentation fault occurs, e.g. in CWallet::KeypoolCountExternalKeys.

The bevaviour can be reproduced by the following steps (starting with empty regtest datadir):

$ ./src/bitcoind -regtest -daemon
$ ./src/bitcoin-cli -regtest -named createwallet_name=wallet descriptors=true blank=true
$ cat regtest-descriptors.txt
[
  {
    "desc": "tr([e4445899/49'/1'/0']tprv8ZgxMBicQKsPd8jCeBWsYLEoWxbVgzJDatJ7XkwQ6G3uF4FsHuaziHQ5JZAW4K515nj6kVVwPaNWZSMEcR7aFCwL4tQqTcaoprMKTTtm6Zg/1/*)#mr3llm7f",
    "timestamp": 1634652324,
    "active": true,
    "internal": true,
    "range": [
      0,
      999
    ],
    "next": 0
  }
]
$ ./src/bitcoin-cli -regtest importdescriptors "$(cat regtest-descriptors.txt)"
[
  {
    "success": true
  }
]
$ ./src/bitcoin-cli -regtest getwalletinfo
error: timeout on transient error: Could not connect to the server 127.0.0.1:18443 (error code 1 - "EOF reached")

wallet: fix segfault by avoiding invalid default-ctored `external_spk_managers` entry

In the method `CWallet::LoadActiveScriptPubKeyMan`, the map
`external_spk_managers` (or `internal_spk_managers`, if parameter
`internal` is false) is accessed via std::map::operator[], which means
that a default-ctored entry is created with a null-pointer as value, if
the key doesn't exist.  As soon as this value is dereferenced, a
segmentation fault occurs, e.g. in `CWallet::KeypoolCountExternalKeys`.

The bevaviour can be reproduced by the following steps (starting with empty regtest datadir):

$ ./src/bitcoind -regtest -daemon
$ ./src/bitcoin-cli -regtest -named createwallet_name=wallet descriptors=true blank=true
$ cat regtest-descriptors.txt
[
  {
    "desc": "tr([e4445899/49'/1'/0']tprv8ZgxMBicQKsPd8jCeBWsYLEoWxbVgzJDatJ7XkwQ6G3uF4FsHuaziHQ5JZAW4K515nj6kVVwPaNWZSMEcR7aFCwL4tQqTcaoprMKTTtm6Zg/1/*)#mr3llm7f",
    "timestamp": 1634652324,
    "active": true,
    "internal": true,
    "range": [
      0,
      999
    ],
    "next": 0
  }
]
$ ./src/bitcoin-cli -regtest importdescriptors "$(cat regtest-descriptors.txt)"
[
  {
    "success": true
  }
]
$ ./src/bitcoin-cli -regtest getwalletinfo
error: timeout on transient error: Could not connect to the server 127.0.0.1:18443 (error code 1 - "EOF reached")

Bug reported by Josef Vondrlik (josef-v).

6911ab95f1

laanwj added the label Wallet on Oct 21, 2021
achow101 commented at 5:35 PM on October 21, 2021: member

Code Review ACK 6911ab95f19d2b1f60f2d0b2f3961fa6639d4f31
MarcoFalke added the label Needs backport (22.x) on Oct 21, 2021
MarcoFalke commented at 5:51 PM on October 21, 2021: member

Does this need backport to earlier than 22.x?
achow101 commented at 5:52 PM on October 21, 2021: member

Does this need backport to earlier than 22.x?

No, this is new in 22.x
lsilva01 approved
lsilva01 commented at 7:23 PM on October 21, 2021: contributor

Tested ACK 6911ab9 on Ubuntu 20.04. I was able to reproduce the error on the master branch and this PR fixes this.
fanquake requested review from instagibbs on Oct 22, 2021
instagibbs approved
instagibbs commented at 11:12 AM on October 22, 2021: member

ACK 6911ab95f19d2b1f60f2d0b2f3961fa6639d4f31
fanquake merged this on Oct 22, 2021
fanquake closed this on Oct 22, 2021
fanquake referenced this in commit 99a2470b74 on Oct 22, 2021
fanquake commented at 12:37 PM on October 22, 2021: member

Added to #23276 for backporting to 22.x
fanquake removed the label Needs backport (22.x) on Oct 22, 2021
sidhujag referenced this in commit 10c541073f on Oct 22, 2021
fanquake referenced this in commit 54b6ca3dbe on Feb 14, 2022
fanquake referenced this in commit 227ae65254 on Feb 15, 2022
fanquake referenced this in commit 9b5f674abb on Mar 1, 2022
DrahtBot locked this on Oct 30, 2022

Contributors

Labels

Linked (view graph)

#23276 [22.x] Backports for 22.x #23321 bitcoind segfault's while loading tr descriptor on regtest v22.0