rpc: signed-integer-overflow in analyzepsbt[“estimated_feerate”] #27913

issue maflcko openend this issue on June 19, 2023
  1. maflcko commented at 1:09 pm on June 19, 2023: member

    Is there an existing issue for this?

    • I have searched the existing issues

    Current behaviour

    crash/UB in https://github.com/bitcoin/bitcoin/blob/f0758d8a6696657269d9c057e7aa079ffa9e1c16/src/rpc/rawtransaction.cpp#L1906

    Expected behaviour

    no crash

    Steps to reproduce

    • Compile with ubsan
    • UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" ./src/qt/bitcoin-qt
    • analyzepsbt cHNidP8BACkgICAgAAEgICAgIP8DABYgICAgICAgICAgICAgICAgICAgICAgICAgIAAA

    Relevant log output

    0    [#0](/bitcoin-bitcoin/0/) 0x55a94d97befd in CFeeRate::GetFee(unsigned int) const src/policy/feerate.cpp:29:63
1    [#1](/bitcoin-bitcoin/1/) 0x55a94d4648ca in CFeeRate::GetFeePerK() const src/./policy/feerate.h:65:41
2    [#2](/bitcoin-bitcoin/2/) 0x55a94d4648ca in analyzepsbt()::$_13::operator()(RPCHelpMan const&, JSONRPCRequest const&) const src/rpc/rawtransaction.cpp:1907:85
3...
4SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow policy/feerate.cpp:29:63 in

    How did you obtain Bitcoin Core

    Compiled from source

    What version of Bitcoin Core are you using?

    current master

    Operating system and version

    Linux

    Machine specifications

    No response

  2. maflcko added the label Bug on Jun 19, 2023
  3. maflcko added the label RPC/REST/ZMQ on Jun 19, 2023
  4. maflcko commented at 1:10 pm on June 19, 2023: member
    See also https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59951
  5. fanquake closed this on Jun 26, 2023
  6. sidhujag referenced this in commit 64e80e907c on Jun 26, 2023
  7. fanquake referenced this in commit cf4da5ec29 on Jul 7, 2023
  8. sidhujag referenced this in commit f6ab70052e on Jul 7, 2023
  9. BlackcoinDev referenced this in commit 931ac6f836 on Feb 5, 2024
  10. bitcoin locked this on Jun 25, 2024


maflcko

Labels
Bug RPC/REST/ZMQ

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-06-26 19:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me