Add nullptr-check to CChain::Contains(), tests #34416

pull optout21 wants to merge 3 commits into bitcoin:master from optout21:cchain-contains changing 3 files +160 −1
  1. optout21 commented at 5:25 am on January 27, 2026: contributor

    Add unit tests to the CChain class, and add a nullptr-check to CChain::Contains() to avoid potential memory access violation by nullptr dereference.

    The CChain::Contains() method (in src/chain.h) dereferences its input without checking. The Next() method also calls into this with a nullptr if invoked with nullptr. While most call sites have indirect guarantee that the input is not nullptr, it’s not easy to establish this to all call sites with high confidence. These methods are publicly available. There is no known high-level use case to trigger this error, but the fix is easy, and makes the code safer.

    Also, unit tests were added to the CChain class, filling a gap.

    Changes:

    • Add basic unit tests for CChain class methods
    • Add a nullptr-check to CChain::Contains()
    • Add unit tests for CChain::FindFork(). These are lengthier, and not closely related to the topic of the PR, could be removed, but kept for extra test coverage.

    Alternative. I have considered changing Contains() to take a reference instead of pointer, to better express that it cannot take a nullptr input. It’s a viable solution, requires update to only a handful of call sites (solution available on branch cchain-contains1). However, since most CChain logic operates with pointers and pointer comparison, it would break the style, so I dropped this solution.

    This change is remotely related to and partly triggered by #32875 .

  2. Add CChain basic tests 
    Add basic unit tests to the `CChain` class, filling a gap.
    84de184f7b
  3. Add CChain::FindFork() tests 
    Add (lengthier) unit tests for `CChain::FindFork()`.
    3f338133ce
  4. Add nullptr-check to CChain::Contains() 
    The `CChain::Contains()` method dereferences its input without checking,
potentially resulting in nullptr-dereference if invoked with `nullptr`.
The `Next()` method can also trigger this. Avoid the memory access
violation by adding an extra check for the `pindex` input.
The result is `false` for `nullptr` input.
    7f27d102ae
  5. DrahtBot commented at 5:25 am on January 27, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/34416.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.


optout21 DrahtBot

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-01-27 06:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me