integer sanitizer warning, when running with -natpmp=1 enabled #33245

issue maflcko openend this issue on August 23, 2025
  1. maflcko commented at 9:51 am on August 23, 2025: member

    I haven’t looked here if this is a bug, but it would be good to either suppress this warning (if it is harmless) or change the code (if there is a bug).

    To reproduce, compile with clang and enable the integer sanitizer.

    Then, disable ipv6:

    0# sysctl -w net.ipv6.conf.all.disable_ipv6=1
1net.ipv6.conf.all.disable_ipv6 = 1

    Then, run bitcoind:

    # UBSAN_OPTIONS="suppressions=$(pwd)/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" ./bld-cmake/bin/bitcoind -regtest -noprinttoconsole=1 -natpmp=1

    It should fail with:

     0/root/b-c/src/common/netif.cpp:127:29: runtime error: unsigned integer overflow: 20 - 28 cannot be represented in type 'unsigned long'
 1    [#0](/bitcoin-bitcoin/0/) 0x5f8c692ea4b7 in (anonymous namespace)::QueryDefaultGatewayImpl(unsigned short) /root/b-c/bld-cmake/src/./common/netif.cpp:127:29
 2    [#1](/bitcoin-bitcoin/1/) 0x5f8c692ea4b7 in QueryDefaultGateway(Network) /root/b-c/bld-cmake/src/./common/netif.cpp:276:35
 3    [#2](/bitcoin-bitcoin/2/) 0x5f8c68c1b32a in ProcessPCP() /root/b-c/bld-cmake/src/./mapport.cpp:87:44
 4    [#3](/bitcoin-bitcoin/3/) 0x5f8c68c1b32a in ThreadMapPort() /root/b-c/bld-cmake/src/./mapport.cpp:125:9
 5    [#4](/bitcoin-bitcoin/4/) 0x5f8c6957772d in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:9
 6    [#5](/bitcoin-bitcoin/5/) 0x5f8c6957772d in util::TraceThread(std::basic_string_view<char, std::char_traits<char>>, std::function<void ()>) /root/b-c/bld-cmake/src/util/./util/thread.cpp:21:9
 7    [#6](/bitcoin-bitcoin/6/) 0x5f8c68c1cd4d in void std::__invoke_impl<void, void (*)(std::basic_string_view<char, std::char_traits<char>>, std::function<void ()>), char const*, void (*)()>(std::__invoke_other, void (*&&)(std::basic_string_view<char, std::char_traits<char>>, std::function<void ()>), char const*&&, void (*&&)()) /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/invoke.h:61:14
 8    [#7](/bitcoin-bitcoin/7/) 0x74eec02ecdb3  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xecdb3) (BuildId: ca77dae775ec87540acd7218fa990c40d1c94ab1)
 9    [#8](/bitcoin-bitcoin/8/) 0x74eebfe9caa3  (/lib/x86_64-linux-gnu/libc.so.6+0x9caa3) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
10    [#9](/bitcoin-bitcoin/9/) 0x74eebff29c3b  (/lib/x86_64-linux-gnu/libc.so.6+0x129c3b) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f)
11
12SUMMARY: UndefinedBehaviorSanitizer: unsigned-integer-overflow /root/b-c/src/common/netif.cpp:127:29

    Originally posted by @maflcko in #32345 (review)

  2. maflcko added the label CI failed on Aug 23, 2025
  3. maflcko added the label P2P on Aug 23, 2025
  4. Sjors commented at 8:46 am on August 25, 2025: member
    cc @laanwj
  5. achow101 commented at 9:46 pm on August 26, 2025: member
    It looks like this is being triggered by a NLMSG_DONE message and is something that we could avoid by checking hdr->nlmsg_type before doing NLMSG_DATA and RTM_PAYLOAD. This could be included in #32159 since that’s already touching this code.


maflcko Sjors achow101

Labels
P2P CI failed

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-09-02 12:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me