rpc: Fix implicit-integer-sign-change in gettxout #25095
pull MarcoFalke wants to merge 1 commits into bitcoin:master from MarcoFalke:2205-rpc-int-ubsan-😛 changing 1 files +1 −2-
MarcoFalke commented at 3:28 pm on May 9, 2022: member
-
MarcoFalke commented at 3:31 pm on May 9, 2022: member
Steps to reproduce after compiling with ubsan and loading the suppressions.
0export UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1"
Reproduce with fuzzing:
0$ echo 'Z2V0dHhvdXRclTuj7f07o239ensSAAAAAADPXv///////////////wAAAC4AAAAAAAAA//////9/BQWdbtUv/wJiZQ==' | base64 --decode > /tmp/crash_25095 1$ FUZZ=rpc ./src/test/fuzz/fuzz /tmp/crash_25095 2INFO: Running with entropic power schedule (0xFF, 100). 3INFO: Seed: 1406286977 4INFO: Loaded 1 modules (310988 inline 8-bit counters): 310988 [0x55d87dcdbe20, 0x55d87dd27cec), 5INFO: Loaded 1 PC tables (310988 PCs): 310988 [0x55d87dd27cf0,0x55d87e1e69b0), 6/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz: Running 1 inputs 1 time(s) each. 7Running: /root/fuzz_dir/scratch/fuzz_gen/code/crash-99578ec2fe87fa3602f8e029e32ef6a2016aed55 8rpc/blockchain.cpp:997:25: runtime error: implicit conversion from type 'int' of value -65536 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294901760 (32-bit, unsigned) 9 [#0](/bitcoin-bitcoin/0/) 0x55d87be6cc05 in gettxout()::$_15::operator()(RPCHelpMan const&, JSONRPCRequest const&) const src/./src/rpc/blockchain.cpp:997:25 10 [#1](/bitcoin-bitcoin/1/) 0x55d87be6cc05 in std::_Function_handler<UniValue (RPCHelpMan const&, JSONRPCRequest const&), gettxout()::$_15>::_M_invoke(std::_Any_data const&, RPCHelpMan const&, JSONRPCRequest const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:285:9 11 [#2](/bitcoin-bitcoin/2/) 0x55d87c744eac in std::function<UniValue (RPCHelpMan const&, JSONRPCRequest const&)>::operator()(RPCHelpMan const&, JSONRPCRequest const&) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14 12 [#3](/bitcoin-bitcoin/3/) 0x55d87c742cb3 in RPCHelpMan::HandleRequest(JSONRPCRequest const&) const src/./src/rpc/util.cpp:583:26 13 [#4](/bitcoin-bitcoin/4/) 0x55d87be4bb97 in CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)::operator()(JSONRPCRequest const&, UniValue&, bool) const src/./rpc/server.h:109:91 14 [#5](/bitcoin-bitcoin/5/) 0x55d87be4b7e2 in std::_Function_handler<bool (JSONRPCRequest const&, UniValue&, bool), CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)>::_M_invoke(std::_Any_data const&, JSONRPCRequest const&, UniValue&, bool&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:285:9 15 [#6](/bitcoin-bitcoin/6/) 0x55d87bcb46b4 in std::function<bool (JSONRPCRequest const&, UniValue&, bool)>::operator()(JSONRPCRequest const&, UniValue&, bool) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14 16 [#7](/bitcoin-bitcoin/7/) 0x55d87bfb5077 in ExecuteCommand(CRPCCommand const&, JSONRPCRequest const&, UniValue&, bool) src/./src/rpc/server.cpp:474:20 17 [#8](/bitcoin-bitcoin/8/) 0x55d87bfafb25 in ExecuteCommands(std::vector<CRPCCommand const*, std::allocator<CRPCCommand const*> > const&, JSONRPCRequest const&, UniValue&) src/./src/rpc/server.cpp:438:13 18 [#9](/bitcoin-bitcoin/9/) 0x55d87bfaf6b2 in CRPCTable::execute(JSONRPCRequest const&) const src/./src/rpc/server.cpp:458:13 19 [#10](/bitcoin-bitcoin/10/) 0x55d87b827478 in (anonymous namespace)::RPCFuzzTestingSetup::CallRPC(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) src/./src/test/fuzz/rpc.cpp:54:18 20 [#11](/bitcoin-bitcoin/11/) 0x55d87b827478 in rpc_fuzz_target(Span<unsigned char const>) src/./src/test/fuzz/rpc.cpp:361:28 21 [#12](/bitcoin-bitcoin/12/) 0x55d87b5a1e42 in std::_Function_handler<void (Span<unsigned char const>), void (*)(Span<unsigned char const>)>::_M_invoke(std::_Any_data const&, Span<unsigned char const>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:300:2 22 [#13](/bitcoin-bitcoin/13/) 0x55d87b8f511a in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14 23 [#14](/bitcoin-bitcoin/14/) 0x55d87b8f4d95 in LLVMFuzzerTestOneInput src/./src/test/fuzz/fuzz.cpp:154:5 24 [#15](/bitcoin-bitcoin/15/) 0x55d87b4c5e32 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13d3e32) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c) 25 [#16](/bitcoin-bitcoin/16/) 0x55d87b4b03df in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13be3df) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c) 26 [#17](/bitcoin-bitcoin/17/) 0x55d87b4b60a7 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13c40a7) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c) 27 [#18](/bitcoin-bitcoin/18/) 0x55d87b4ded62 in main (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13ecd62) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c) 28 [#19](/bitcoin-bitcoin/19/) 0x7fa1828480b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 29 [#20](/bitcoin-bitcoin/20/) 0x55d87b4aad1d in _start (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13b8d1d) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c) 30 31SUMMARY: UndefinedBehaviorSanitizer: implicit-integer-sign-change rpc/blockchain.cpp:997:25 in
-
MarcoFalke marked this as a draft on May 9, 2022
-
DrahtBot added the label RPC/REST/ZMQ on May 9, 2022
-
DrahtBot added the label Upstream on May 9, 2022
-
DrahtBot added the label Utils/log/libs on May 9, 2022
-
MarcoFalke removed the label Upstream on May 9, 2022
-
MarcoFalke removed the label Utils/log/libs on May 9, 2022
-
DrahtBot commented at 7:52 pm on May 10, 2022: member
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
Conflicts
No conflicts as of last run.
-
MarcoFalke marked this as ready for review on May 13, 2022
-
rpc: Fix implicit-integer-sign-change in gettxout fa347a9066
-
MarcoFalke force-pushed on May 13, 2022
-
theStack approved
-
theStack commented at 1:13 pm on May 16, 2022: member
Code-review ACK fa347a906685df1d44cafa3e6cc7fdd2ace68ff5
(didn’t review the recent introduction of
getInt
to univalue in detail)master:
0$ ./src/bitcoin-cli gettxout ad67150fdb94478b431a0bb2c5cdf3a4e249d1f1a50fdfb9aad415dfb869c4b1 -2000000000 1$ echo $? 20
PR:
0$ ./src/bitcoin-cli gettxout ad67150fdb94478b431a0bb2c5cdf3a4e249d1f1a50fdfb9aad415dfb869c4b1 -2000000000 1error code: -1 2error message: 3JSON integer out of range 4$ echo $? 51
-
fanquake merged this on May 16, 2022
-
fanquake closed this on May 16, 2022
-
MarcoFalke deleted the branch on May 16, 2022
-
sidhujag referenced this in commit 503c0fcb50 on May 28, 2022
-
DrahtBot locked this on May 16, 2023
Labels
RPC/REST/ZMQ
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 00:12 UTC
This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 00:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me
More mirrored repositories can be found on mirror.b10c.me