[31.x] validation: correct lifetime of precomputed tx data #35210

pull darosior wants to merge 1 commits into bitcoin:31.x from darosior:2605_cleanup_CVE-2024-52911_v31 changing 1 files +1 −2
  1. darosior commented at 12:18 PM on May 5, 2026: member

    This backports #35209 to the version 31 branch.

  2. validation: correct lifetime of precomputed tx data
    This makes sure `txsdata` always outlives the Script check queue (since local
objects are destructed in reverse order of construction).

This is the root cause for a security vulnerability reported by Cory Fields in
2024 that could be exploited by crafting an invalid block to cause nodes to
read freed memory. The vulnerability was covertly fixed in commit
`492e1f09943fcb6145c21d470299305a19e17d8b`.

See security advisory for CVE-2024-52911 for more details.

Github-Pull: #35209
Rebased-From: 1ed799fb21db51a12cbd5579420a61b9b5b3ee7d
    0cedd6abf2
  3. DrahtBot added the label Backport on May 5, 2026
  4. DrahtBot commented at 12:18 PM on May 5, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35210.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK fanquake

    If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  5. fanquake added this to the milestone 31.1 on May 5, 2026
  6. fanquake renamed this:
    31.x backport: validation: correct lifetime of precomputed tx data
    [31.x] validation: correct lifetime of precomputed tx data
    on May 5, 2026
  7. DrahtBot added the label CI failed on May 5, 2026
  8. DrahtBot commented at 2:10 PM on May 5, 2026: contributor

    <!--85328a0da195eb286784d51f73fa0af9-->

    🚧 At least one of the CI tasks failed. <sub>Task i686, no IPC: https://github.com/bitcoin/bitcoin/actions/runs/25375874032/job/74411256296</sub> <sub>LLM reason (✨ experimental): CI failed because the sock_tests CTest case failed (ctest: 1 test failed, exit status 8).</sub>

    <details><summary>Hints</summary>

    Try to run the tests locally, according to the documentation. However, a CI failure may still happen due to a number of reasons, for example:

    • Possibly due to a silent merge conflict (the changes in this pull request being incompatible with the current code in the target branch). If so, make sure to rebase on the latest commit of the target branch.

    • A sanitizer issue, which can only be found by compiling with the sanitizer and running the affected test.

    • An intermittent issue.

    Leave a comment here, if you need help tracking down a confusing failure.

    </details>

  9. achow101 closed this on May 6, 2026
  10. achow101 reopened this on May 6, 2026
  11. DrahtBot removed the label CI failed on May 6, 2026
  12. fanquake commented at 9:37 AM on May 7, 2026: member

    ACK 0cedd6abf22866103ea852edb871d463f7ba1222

  13. fanquake merged this on May 7, 2026
  14. fanquake closed this on May 7, 2026
Contributors
darosiorDrahtBotfanquake
Labels
Backport

Milestone
31.1

Linked (view graph)
#35209 validation: correct lifetime of precomputed tx data
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-11 12:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me