txdb: handle malformed first coin cursor key #35191

pull ArtSabintsev wants to merge 1 commits into bitcoin:master from ArtSabintsev:codex/fix-txdb-cursor-malformed-key changing 2 files +23 −5
  1. ArtSabintsev commented at 1:47 AM on May 1, 2026: none

    Fixes #35172.

    I am still getting familiar with the codebase, so doing easy tickets for now. Thanks for bearing with me.

    What?

    CCoinsViewDB::Cursor() caches the first coin key after seeking into the chainstate DB. If the first DB_COIN entry is malformed, CDBIterator::GetKey() returns false, but the cursor warmup path ignored that return value.

    Because CoinEntry defaults its key marker to DB_COIN, a malformed key like just C could leave the cursor reporting Valid() == true and GetKey() == true even though the key was not decoded.

    This makes the warmup path match CCoinsViewDBCursor::Next(): if the iterator is invalid or the key cannot be decoded, invalidate the cached key.

    Scenario

    This would require an already-corrupted or manually modified local chainstate LevelDB where the first coin key is readable by LevelDB but not decodable as a CoinEntry.

    Normal node operation should not create this key shape, so this is a correctness/hardening fix rather than a common user-facing issue.

    Testing

    The regression test writes a single-byte C key, which enters the DB_COIN keyspace but is too short to decode as a CoinEntry. It then reopens the DB through CCoinsViewDB and checks that the returned cursor is invalid.

    cmake --build build --target test_bitcoin -j8
build/bin/test_bitcoin --run_test=coins_tests_dbbase/malformed_first_coin_key_cursor_invalid
build/bin/test_bitcoin --run_test=coins_tests_dbbase
  2. DrahtBot added the label UTXO Db and Indexes on May 1, 2026
  3. DrahtBot commented at 1:47 AM on May 1, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK junbyjun1238

    If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  4. ArtSabintsev force-pushed on May 1, 2026
  5. txdb: handle malformed first coin cursor key c02c4aea2a
  6. ArtSabintsev force-pushed on May 1, 2026
  7. ArtSabintsev marked this as ready for review on May 1, 2026
  8. junbyjun1238 commented at 6:19 AM on May 1, 2026: none

    utACK c02c4aea2a0c126f9defb255b3da695e2ee619bc

    Reviewed the diff. This makes the initial CCoinsViewDB::Cursor() warmup consistent with CCoinsViewDBCursor::Next() by invalidating the cached key when the first DB_COIN key cannot be decoded, instead of exposing the default DB_COIN marker as a valid cursor entry. The regression test covers the malformed first-key case. I did not run the tests.

Contributors
ArtSabintsevDrahtBotjunbyjun1238
Labels
UTXO Db and Indexes
Linked (view graph)
#35172 txdb: Cursor warmup accepts malformed first coin key
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-03 21:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me