net: prevent signed integer overflow in AddLocal nScore update #34674

pull chriszeng1010 wants to merge 1 commits into bitcoin:master from chriszeng1010:fix-addlocal-nscore-overflow changing 1 files +2 −1
  1. chriszeng1010 commented at 10:46 pm on February 25, 2026: none

    When AddLocal() is called for an address already in mapLocalHost, it increments nScore by 1. If nScore is at INT_MAX, this is signed integer overflow (undefined behavior).

    Use SaturatingAdd from util/overflow.h to cap at INT_MAX instead.

    This is the same class of bug addressed for SeenLocal() in #34028, but in a different call site.

  2. net: use SaturatingAdd to prevent nScore overflow in AddLocal 99c1f6acf4
  3. DrahtBot added the label P2P on Feb 25, 2026
  4. DrahtBot commented at 10:46 pm on February 25, 2026: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

  5. in src/net.cpp:298 in 99c1f6acf4 
    294@@ -294,7 +295,7 @@ bool AddLocal(const CService& addr_, int nScore)
295         const auto [it, is_newly_added] = mapLocalHost.emplace(addr, LocalServiceInfo());
296         LocalServiceInfo &info = it->second;
297         if (is_newly_added || nScore >= info.nScore) {
298-            info.nScore = nScore + (is_newly_added ? 0 : 1);
299+            info.nScore = is_newly_added ? nScore : SaturatingAdd(nScore, 1);
    frankomosh commented at 4:25 pm on February 27, 2026:
    Are there realistic scenarios where nScore equals INT_MAX here?
    chriszeng1010 commented at 5:40 pm on February 27, 2026:
    This is a consistency fix. The same overflow pattern was already fixed in SeenLocal() via #34028, nScore would need billions of AddLocal() calls on the same address.
  6. maflcko commented at 4:31 pm on February 27, 2026: member
    Was this LLM generated? What are the steps to test this? What is the output before and after the changes here?
  7. chriszeng1010 commented at 5:41 pm on February 27, 2026: none
    @maflcko I used an LLM to help identify this. I noticed the prior fix in #34028 for SeenLocal() and checked whether the same pattern existed in AddLocal() — it does
  8. maflcko closed this on Feb 27, 2026
  9. maflcko commented at 5:45 pm on February 27, 2026: member
    Thx, but LLM output is not accepted if the author can not properly explain, test or could have written the change themselves.


chriszeng1010 DrahtBot frankomosh maflcko

Labels
P2P

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-03-09 21:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me