net: prevent signed integer overflow in AddLocal nScore update #34674

pull chriszeng1010 wants to merge 1 commits into bitcoin:master from chriszeng1010:fix-addlocal-nscore-overflow changing 1 files +2 −1
  1. chriszeng1010 commented at 10:46 PM on February 25, 2026: none

    When AddLocal() is called for an address already in mapLocalHost, it increments nScore by 1. If nScore is at INT_MAX, this is signed integer overflow (undefined behavior).

    Use SaturatingAdd from util/overflow.h to cap at INT_MAX instead.

    This is the same class of bug addressed for SeenLocal() in #34028, but in a different call site.

  2. net: use SaturatingAdd to prevent nScore overflow in AddLocal 99c1f6acf4
  3. DrahtBot added the label P2P on Feb 25, 2026
  4. DrahtBot commented at 10:46 PM on February 25, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  5. in src/net.cpp:298 in 99c1f6acf4 
     294 | @@ -294,7 +295,7 @@ bool AddLocal(const CService& addr_, int nScore)
 295 |          const auto [it, is_newly_added] = mapLocalHost.emplace(addr, LocalServiceInfo());
 296 |          LocalServiceInfo &info = it->second;
 297 |          if (is_newly_added || nScore >= info.nScore) {
 298 | -            info.nScore = nScore + (is_newly_added ? 0 : 1);
 299 | +            info.nScore = is_newly_added ? nScore : SaturatingAdd(nScore, 1);
    frankomosh commented at 4:25 PM on February 27, 2026:

    Are there realistic scenarios where nScore equals INT_MAX here?

    chriszeng1010 commented at 5:40 PM on February 27, 2026:

    This is a consistency fix. The same overflow pattern was already fixed in SeenLocal() via #34028, nScore would need billions of AddLocal() calls on the same address.

  6. maflcko commented at 4:31 PM on February 27, 2026: member

    Was this LLM generated? What are the steps to test this? What is the output before and after the changes here?

  7. chriszeng1010 commented at 5:41 PM on February 27, 2026: none

    @maflcko I used an LLM to help identify this. I noticed the prior fix in #34028 for SeenLocal() and checked whether the same pattern existed in AddLocal() — it does

  8. maflcko closed this on Feb 27, 2026
  9. maflcko commented at 5:45 PM on February 27, 2026: member

    Thx, but LLM output is not accepted if the author can not properly explain, test or could have written the change themselves.

Contributors
chriszeng1010DrahtBotfrankomoshmaflcko
Labels
P2P
Linked (view graph)
#34028 p2p: Prevent integer overflow in LocalServiceInfo::nScore
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 15:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me