rpc: signed-integer-overflow in analyzepsbt[“estimated_feerate”] #27913

1. 
   MarcoFalke commented at 1:09 pm on June 19, 2023: member

   Is there an existing issue for this?

   • I have searched the existing issues

   Current behaviour

   crash/UB in https://github.com/bitcoin/bitcoin/blob/f0758d8a6696657269d9c057e7aa079ffa9e1c16/src/rpc/rawtransaction.cpp#L1906

   Expected behaviour

   no crash

   Steps to reproduce

   • Compile with ubsan
   • UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" ./src/qt/bitcoin-qt
   • analyzepsbt cHNidP8BACkgICAgAAEgICAgIP8DABYgICAgICAgICAgICAgICAgICAgICAgICAgIAAA

   Relevant log output

   0    [#0](/bitcoin-bitcoin/0/) 0x55a94d97befd in CFeeRate::GetFee(unsigned int) const src/policy/feerate.cpp:29:63
   1    [#1](/bitcoin-bitcoin/1/) 0x55a94d4648ca in CFeeRate::GetFeePerK() const src/./policy/feerate.h:65:41
   2    [#2](/bitcoin-bitcoin/2/) 0x55a94d4648ca in analyzepsbt()::$_13::operator()(RPCHelpMan const&, JSONRPCRequest const&) const src/rpc/rawtransaction.cpp:1907:85
   3...
   4SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow policy/feerate.cpp:29:63 in 
   

   How did you obtain Bitcoin Core

   Compiled from source

   What version of Bitcoin Core are you using?

   current master

   Operating system and version

   Linux

   Machine specifications

   No response

2. MarcoFalke added the label Bug on Jun 19, 2023
3. MarcoFalke added the label RPC/REST/ZMQ on Jun 19, 2023
4. 
   MarcoFalke commented at 1:10 pm on June 19, 2023: member

   See also https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59951
5. fanquake closed this on Jun 26, 2023

   ---

Contributors
MarcoFalke

Labels
Bug RPC/REST/ZMQ