EvalScript: avoid relying on undefined behavior for overflow check #2604

pull zeldovich wants to merge 1 commits into bitcoin:master from zeldovich:master changing 1 files +3 −2
  1. zeldovich commented at 8:49 PM on May 1, 2013: none

    In C/C++, signed integer overflow is undefined behavior, and some compilers (such as gcc) will optimize away checks like the one that was present in EvalScript; specifically:

    int nBegin = ...; int nEnd = nBegin + size; if (nBegin < 0 || nEnd < nBegin)

    will get compiled into:

    if (nBegin < 0 || size < 0)

    This patch changes the overflow check to avoid relying on the behavior of signed integer overflow, by checking for size > INT_MAX - nBegin (and computing nEnd after the check).

  2. EvalScript: avoid relying on undefined behavior for overflow check
    In C/C++, signed integer overflow is undefined behavior, and some
compilers (such as gcc) will optimize away checks like the one that
was present in EvalScript; specifically:

  int nBegin = ...;
  int nEnd = nBegin + size;
  if (nBegin < 0 || nEnd < nBegin)

will get compiled into:

  if (nBegin < 0 || size < 0)

This patch changes the overflow check to avoid relying on the behavior
of signed integer overflow, by checking for size > INT_MAX - nBegin
(and computing nEnd after the check).
    30b42fbbae
  3. BitcoinPullTester commented at 9:15 PM on May 1, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/30b42fbbae8a3e18d05db0e150c8fc4fbbb21e66 for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  4. gavinandresen commented at 4:59 PM on May 2, 2013: contributor

    OP_SUBSTR is one of the disabled opcodes.

    I think it is time to remove all code for the disabled opcodes. If we ever bring them back, we can resurrect the code from git history after writing extensive unit tests and looking for issues like this.

  5. gmaxwell commented at 5:28 PM on May 2, 2013: contributor

    @gavinandresen Agreed. It can't simply be brought back in any case, since they can't just be turned on without it being a hardfork relative to currently deployed nodes. (e.g. they'd have to be brought back inside a script v2 that looked like a NOOP to existing nodes)

  6. petertodd commented at 6:20 PM on May 2, 2013: contributor

    @gavinandresen ACK

  7. sipa commented at 7:00 PM on May 2, 2013: member

    ACK on removing them. Indeed, all these opcodes are effectively identical to immediate failure anyway, and nothing except a hard fork can change that, and at that point, there is no reason why they should get a meaning identical to what is (was) implemented.

  8. gavinandresen referenced this in commit bce697d7fa on May 2, 2013
  9. sipa referenced this in commit da7d3a6a56 on May 2, 2013
  10. sipa commented at 9:39 PM on May 3, 2013: member

    Closing this as superceded by #2610

  11. sipa closed this on May 3, 2013
  12. kyledrake referenced this in commit bb09283fbb on Jul 25, 2013
  13. laudney referenced this in commit c13b60b5dc on Mar 19, 2014
  14. unknown referenced this in commit 62b1820d7c on Oct 12, 2017
  15. Oizopower referenced this in commit 7ab4473238 on Nov 6, 2017
  16. Bushstar referenced this in commit b62db76180 on Apr 8, 2020
  17. DrahtBot locked this on Sep 8, 2021
Contributors
zeldovichBitcoinPullTestergavinandresengmaxwellpetertoddsipa
Linked (view graph)
#2610 Remove implementation of disabled opcodes
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-19 15:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me