rpc: Fix implicit-integer-sign-change in gettxout #25095

pull MarcoFalke wants to merge 1 commits into bitcoin:master from MarcoFalke:2205-rpc-int-ubsan-😛 changing 1 files +1 −2
  1. MarcoFalke commented at 3:28 pm on May 9, 2022: member
  2. MarcoFalke commented at 3:31 pm on May 9, 2022: member

    Steps to reproduce after compiling with ubsan and loading the suppressions.

    0export UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1"
    

    Reproduce with fuzzing:

     0$ echo 'Z2V0dHhvdXRclTuj7f07o239ensSAAAAAADPXv///////////////wAAAC4AAAAAAAAA//////9/BQWdbtUv/wJiZQ==' | base64 --decode > /tmp/crash_25095
     1$ FUZZ=rpc ./src/test/fuzz/fuzz /tmp/crash_25095
     2INFO: Running with entropic power schedule (0xFF, 100).
     3INFO: Seed: 1406286977
     4INFO: Loaded 1 modules   (310988 inline 8-bit counters): 310988 [0x55d87dcdbe20, 0x55d87dd27cec), 
     5INFO: Loaded 1 PC tables (310988 PCs): 310988 [0x55d87dd27cf0,0x55d87e1e69b0), 
     6/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz: Running 1 inputs 1 time(s) each.
     7Running: /root/fuzz_dir/scratch/fuzz_gen/code/crash-99578ec2fe87fa3602f8e029e32ef6a2016aed55
     8rpc/blockchain.cpp:997:25: runtime error: implicit conversion from type 'int' of value -65536 (32-bit, signed) to type 'uint32_t' (aka 'unsigned int') changed the value to 4294901760 (32-bit, unsigned)
     9    [#0](/bitcoin-bitcoin/0/) 0x55d87be6cc05 in gettxout()::$_15::operator()(RPCHelpMan const&, JSONRPCRequest const&) const src/./src/rpc/blockchain.cpp:997:25
    10    [#1](/bitcoin-bitcoin/1/) 0x55d87be6cc05 in std::_Function_handler<UniValue (RPCHelpMan const&, JSONRPCRequest const&), gettxout()::$_15>::_M_invoke(std::_Any_data const&, RPCHelpMan const&, JSONRPCRequest const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:285:9
    11    [#2](/bitcoin-bitcoin/2/) 0x55d87c744eac in std::function<UniValue (RPCHelpMan const&, JSONRPCRequest const&)>::operator()(RPCHelpMan const&, JSONRPCRequest const&) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14
    12    [#3](/bitcoin-bitcoin/3/) 0x55d87c742cb3 in RPCHelpMan::HandleRequest(JSONRPCRequest const&) const src/./src/rpc/util.cpp:583:26
    13    [#4](/bitcoin-bitcoin/4/) 0x55d87be4bb97 in CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)::operator()(JSONRPCRequest const&, UniValue&, bool) const src/./rpc/server.h:109:91
    14    [#5](/bitcoin-bitcoin/5/) 0x55d87be4b7e2 in std::_Function_handler<bool (JSONRPCRequest const&, UniValue&, bool), CRPCCommand::CRPCCommand(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, RPCHelpMan (*)())::'lambda'(JSONRPCRequest const&, UniValue&, bool)>::_M_invoke(std::_Any_data const&, JSONRPCRequest const&, UniValue&, bool&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:285:9
    15    [#6](/bitcoin-bitcoin/6/) 0x55d87bcb46b4 in std::function<bool (JSONRPCRequest const&, UniValue&, bool)>::operator()(JSONRPCRequest const&, UniValue&, bool) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14
    16    [#7](/bitcoin-bitcoin/7/) 0x55d87bfb5077 in ExecuteCommand(CRPCCommand const&, JSONRPCRequest const&, UniValue&, bool) src/./src/rpc/server.cpp:474:20
    17    [#8](/bitcoin-bitcoin/8/) 0x55d87bfafb25 in ExecuteCommands(std::vector<CRPCCommand const*, std::allocator<CRPCCommand const*> > const&, JSONRPCRequest const&, UniValue&) src/./src/rpc/server.cpp:438:13
    18    [#9](/bitcoin-bitcoin/9/) 0x55d87bfaf6b2 in CRPCTable::execute(JSONRPCRequest const&) const src/./src/rpc/server.cpp:458:13
    19    [#10](/bitcoin-bitcoin/10/) 0x55d87b827478 in (anonymous namespace)::RPCFuzzTestingSetup::CallRPC(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) src/./src/test/fuzz/rpc.cpp:54:18
    20    [#11](/bitcoin-bitcoin/11/) 0x55d87b827478 in rpc_fuzz_target(Span<unsigned char const>) src/./src/test/fuzz/rpc.cpp:361:28
    21    [#12](/bitcoin-bitcoin/12/) 0x55d87b5a1e42 in std::_Function_handler<void (Span<unsigned char const>), void (*)(Span<unsigned char const>)>::_M_invoke(std::_Any_data const&, Span<unsigned char const>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:300:2
    22    [#13](/bitcoin-bitcoin/13/) 0x55d87b8f511a in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14
    23    [#14](/bitcoin-bitcoin/14/) 0x55d87b8f4d95 in LLVMFuzzerTestOneInput src/./src/test/fuzz/fuzz.cpp:154:5
    24    [#15](/bitcoin-bitcoin/15/) 0x55d87b4c5e32 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13d3e32) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c)
    25    [#16](/bitcoin-bitcoin/16/) 0x55d87b4b03df in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13be3df) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c)
    26    [#17](/bitcoin-bitcoin/17/) 0x55d87b4b60a7 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13c40a7) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c)
    27    [#18](/bitcoin-bitcoin/18/) 0x55d87b4ded62 in main (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13ecd62) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c)
    28    [#19](/bitcoin-bitcoin/19/) 0x7fa1828480b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
    29    [#20](/bitcoin-bitcoin/20/) 0x55d87b4aad1d in _start (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x13b8d1d) (BuildId: aa1a8d81cff36c20e60c2ce5bf77057f6b27c54c)
    30
    31SUMMARY: UndefinedBehaviorSanitizer: implicit-integer-sign-change rpc/blockchain.cpp:997:25 in 
    
  3. MarcoFalke marked this as a draft on May 9, 2022
  4. DrahtBot added the label RPC/REST/ZMQ on May 9, 2022
  5. DrahtBot added the label Upstream on May 9, 2022
  6. DrahtBot added the label Utils/log/libs on May 9, 2022
  7. MarcoFalke removed the label Upstream on May 9, 2022
  8. MarcoFalke removed the label Utils/log/libs on May 9, 2022
  9. DrahtBot commented at 7:52 pm on May 10, 2022: member

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Conflicts

    No conflicts as of last run.

  10. MarcoFalke marked this as ready for review on May 13, 2022
  11. rpc: Fix implicit-integer-sign-change in gettxout fa347a9066
  12. MarcoFalke force-pushed on May 13, 2022
  13. theStack approved
  14. theStack commented at 1:13 pm on May 16, 2022: member

    Code-review ACK fa347a906685df1d44cafa3e6cc7fdd2ace68ff5

    (didn’t review the recent introduction of getInt to univalue in detail)

    master:

    0$ ./src/bitcoin-cli gettxout ad67150fdb94478b431a0bb2c5cdf3a4e249d1f1a50fdfb9aad415dfb869c4b1 -2000000000
    1$ echo $?
    20
    

    PR:

    0$ ./src/bitcoin-cli gettxout ad67150fdb94478b431a0bb2c5cdf3a4e249d1f1a50fdfb9aad415dfb869c4b1 -2000000000
    1error code: -1
    2error message:
    3JSON integer out of range
    4$ echo $?
    51
    
  15. fanquake merged this on May 16, 2022
  16. fanquake closed this on May 16, 2022

  17. MarcoFalke deleted the branch on May 16, 2022
  18. sidhujag referenced this in commit 503c0fcb50 on May 28, 2022
  19. DrahtBot locked this on May 16, 2023

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 00:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me