refactor: Use unsigned ignore() consistently #24194

pull MarcoFalke wants to merge 1 commits into bitcoin:master from MarcoFalke:2201-streamIgnore changing 2 files +1 −6
  1. MarcoFalke commented at 1:28 PM on January 28, 2022: member

    Currently CDataStream::ignore takes a signed value. However all other ignore() functions take an unsigned. This causes integer sanitizer issues when an unsigned value is passed to CDataStream::ignore.

    Fix this by accepting unsigned in all ignore() functions consistently.

    Also, simplify the code to remove the confusing "nSize negative` exception and fallback to the more meaningful "end of data" exception.

  2. refactor: Use unsigned ignore() consistently fafce2f4bc
  3. MarcoFalke added the label Refactoring on Jan 28, 2022
  4. MarcoFalke marked this as a draft on Jan 28, 2022
  5. MarcoFalke commented at 1:35 PM on January 28, 2022: member

    Sorry, this is wrong.

  6. MarcoFalke closed this on Jan 28, 2022
  7. sipa commented at 1:37 PM on January 28, 2022: member

    What was wrong about it?

  8. MarcoFalke commented at 1:40 PM on January 28, 2022: member

    I accidentally (partially) reverted #7933 (I think)

  9. MarcoFalke deleted the branch on Jan 28, 2022
  10. sipa commented at 1:43 PM on January 28, 2022: member

    I don't see how. nSize is unsigned there (and non-negative).

  11. MarcoFalke commented at 1:47 PM on January 28, 2022: member

    It is unsigned in compressor, but will be made signed in streams. A sufficiently large unsigned value will become negative once signed. The throw-on-negative is one way to avoid integer overflow later on. The throw-on-too-large alone is not sufficient to catch overflow.

    While overflow could still happen theoretically in the current code, I don't think it can practically. Unless there is really bad disk corruption.

  12. MarcoFalke commented at 1:54 PM on January 28, 2022: member

    I think there are two solutions:

    • Keep the code as-is, and document why the unsigned->signed conversion is intended
    • Make compressor throw directly instead of calling s.ignore(nSize) (and hoping for a throw), when nSize is larger than the maximum block size or so.
  13. MarcoFalke commented at 8:57 PM on February 1, 2022: member

    Created #24231 as third alternative

  14. DrahtBot locked this on Feb 1, 2023
Contributors
MarcoFalkesipa
Labels
Refactoring
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 06:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me