[30.x] validation: correct lifetime of precomputed tx data #35211

pull darosior wants to merge 1 commits into bitcoin:30.x from darosior:2605_cleanup_CVE-2024-52911_v30 changing 1 files +1 −2
  1. darosior commented at 12:21 PM on May 5, 2026: member

    This backports #35209 to the version 30 branch.

  2. validation: correct lifetime of precomputed tx data
    This makes sure `txsdata` always outlives the Script check queue (since local
objects are destructed in reverse order of construction).

This is the root cause for a security vulnerability reported by Cory Fields in
2024 that could be exploited by crafting an invalid block to cause nodes to
read freed memory. The vulnerability was covertly fixed in commit
`492e1f09943fcb6145c21d470299305a19e17d8b`.

See security advisory for CVE-2024-52911 for more details.

Github-Pull: #35209
Rebased-From: 1ed799fb21db51a12cbd5579420a61b9b5b3ee7d
    17de6d2680
  3. DrahtBot added the label Backport on May 5, 2026
  4. DrahtBot commented at 12:21 PM on May 5, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35211.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK achow101

    If your review is incorrectly listed, please copy-paste <code>&lt;!--meta-tag:bot-skip--&gt;</code> into the comment that the bot should ignore.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

  5. fanquake added this to the milestone 30.3 on May 5, 2026
  6. fanquake renamed this:
    30.x backport: validation: correct lifetime of precomputed tx data
    [30.x] validation: correct lifetime of precomputed tx data
    on May 5, 2026
  7. achow101 commented at 9:26 AM on May 6, 2026: member

    ACK 17de6d2680db4cae63401d6d2964e5d8294f6ed6

  8. fanquake closed this on May 6, 2026
  9. fanquake reopened this on May 6, 2026
  10. fanquake merged this on May 7, 2026
  11. fanquake closed this on May 7, 2026
Contributors
darosiorDrahtBotachow101
Labels
Backport

Milestone
30.3

Linked (view graph)
#35209 validation: correct lifetime of precomputed tx data
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-11 12:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me