bitcoin-qt segfault on corrupt wallet #3333

issue RenaKunisaki opened this issue on November 30, 2013
  1. RenaKunisaki commented at 5:00 AM on November 30, 2013: none

    With a corrupt wallet.dat, bitcoin-qt segfaults:

    Bitcoin version v0.8.5.0-gef14a26-beta ()
Using OpenSSL version OpenSSL 1.0.1e 11 Feb 2013
Startup time: 2013-11-30 04:31:40
Default data directory /home/rena/.bitcoin
Using data directory /home/rena/.bitcoin
Using at most 7 connections (1024 file descriptors available)
Using 8 threads for script verification
init message: Verifying wallet...
dbenv.open LogDir=/home/rena/.bitcoin/database ErrorFile=/home/rena/.bitcoin/db.log
Bound to [::]:8333
Bound to 0.0.0.0:8333
init message: Loading block index...
Opening LevelDB in /home/rena/.bitcoin/blocks/index
Opened LevelDB successfully
Opening LevelDB in /home/rena/.bitcoin/chainstate
Opened LevelDB successfully
LoadBlockIndexDB(): last block file = 96
LoadBlockIndexDB(): last block file info: CBlockFileInfo(blocks=142, size=39190683, heights=272083...272223, time=2013-11-29...2013-11-30)
LoadBlockIndexDB(): transaction index disabled
LoadBlockIndexDB(): hashBestChain=0000000000000004a4f5b35063a4ff280d5caf21010edab52a5bb8d67bf873a6  height=272223 date=2013-11-30 04:17:49
init message: Verifying blocks...
Verifying last 288 blocks at level 3
No coin database inconsistencies in last 46 blocks (34503 transactions)
 block index            9900ms
init message: Loading wallet...
 wallet                 2010ms
init message: Rescanning...
Rescanning last 272223 blocks (from block 0)...
 rescan               360427ms
init message: Loading addresses...
Loaded 15456 addresses from peers.dat  79ms
mapBlockIndex.size() = 272226
nBestHeight = 272223
setKeyPool.size() = 100
mapWallet.size() = 4
mapAddressBook.size() = 2
dnsseed thread start
msghand thread start
opencon thread start
net thread start
upnp thread start
addcon thread start
dumpaddr thread start
Loading addresses from DNS seeds (could take a while)
init message: Done loading
ERROR: CTransaction::CheckTransaction() : vout empty
ERROR: CTxMemPool::accept() : CheckTransaction failed
ERROR: CTransaction::CheckTransaction() : vout empty
ERROR: CTxMemPool::accept() : CheckTransaction failed
ERROR: CTransaction::CheckTransaction() : vout empty
ERROR: CTxMemPool::accept() : CheckTransaction failed
ERROR: CTransaction::CheckTransaction() : vout empty
ERROR: CTxMemPool::accept() : CheckTransaction failed
refreshWallet
Nov 29 23:37:53 guilmon kernel: [2249560.460653] bitcoin-qt[28291]: segfault at 118 ip 00007f43141e1f74 sp 00007fff4fc99c50 error 4 in libpthread-2.17.so[7f43141d8000+17000]

    An (empty) wallet that triggers this issue is here: https://dl.dropboxusercontent.com/u/105169324/broken-wallet.dat

  2. sipa commented at 10:40 AM on November 30, 2013: member

    I wonder whether this is a wallet sending these empty transactions as observed in #3190.

  3. laanwj commented at 3:32 PM on December 16, 2013: member

    This is different from the vin problem. The provided wallet has a few corrupted tx records.

    Stack trace shows that GetDebit is called on a CWalletTx that has pwallet==0.

    [#6](/bitcoin-bitcoin/6/)  CWallet::GetDebit (this=this@entry=0x0, txin=...) at wallet.cpp:568
[#7](/bitcoin-bitcoin/7/)  0x000055555566ad6b in CWallet::GetDebit (this=0x0, tx=...) at ../../src/wallet.h:273
[#8](/bitcoin-bitcoin/8/)  0x000055555566c6bd in GetDebit (this=0x55555be2ec20) at ../../src/wallet.h:595
[#9](/bitcoin-bitcoin/9/)  TransactionRecord::decomposeTransaction (wallet=0x55555c092f20, wtx=...) at transactionrecord.cpp:35
[#10](/bitcoin-bitcoin/10/) 0x0000555555652ee9 in refreshWallet (this=0x555559acfc80) at transactiontablemodel.cpp:85
[#11](/bitcoin-bitcoin/11/) TransactionTableModel::TransactionTableModel (this=0x5555564797b0, wallet=<optimized out>, parent=<optimized out>)
at transactiontablemodel.cpp:236
[#12](/bitcoin-bitcoin/12/) 0x0000555555608f8f in WalletModel::WalletModel (this=0x55555a624bd0, wallet=0x55555c092f20, optionsModel=<optimized out>, 
    parent=<optimized out>) at walletmodel.cpp:37
[#13](/bitcoin-bitcoin/13/) 0x00005555555b2605 in main (argc=2, argv=<optimized out>) at bitcoin.cpp:326

    Hmm. Invalid CWalletTx should be deleted from the wallet on load immediately, but somehow that's not happening and they linger around with pwallet==0.

  4. laanwj referenced this in commit ab760075ca on Dec 16, 2013
  5. laanwj referenced this in commit 16ec9044d1 on Dec 16, 2013
  6. laanwj commented at 4:37 PM on December 16, 2013: member

    The problem is that the wallet transaction loading code is not exception safe.

    See #3426 for fix

  7. laanwj closed this on Jan 14, 2014
  8. luke-jr referenced this in commit 3127d6caf4 on Feb 12, 2014
  9. pooler referenced this in commit 49ce4dd1ea on Mar 26, 2014
  10. wtogami referenced this in commit dc7967950e on Mar 27, 2014
  11. wtogami referenced this in commit 5860707b6c on Apr 4, 2014
  12. MathyV referenced this in commit 5873fb5dc0 on May 9, 2014
  13. Bushstar referenced this in commit 87b6383278 on Apr 8, 2020
  14. DrahtBot locked this on Sep 8, 2021
Contributors
RenaKunisakisipalaanwj
Labels
BugWallet
Linked (view graph)
#3426 Don't create empty transactions when reading corrupted wallet
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 18:16 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me