kernel: validate C API inputs #35340

pull fallintoplace wants to merge 1 commits into bitcoin:master from fallintoplace:kernel-c-api-validation changing 4 files +142 −21
  1. fallintoplace commented at 10:15 PM on May 20, 2026: none

    Fixes #35339.

    This hardens the experimental libbitcoinkernel C API so caller-provided invalid runtime inputs fail through documented return/status channels instead of assertions. Existing script verification status numeric values are preserved, and the new values are appended.

    Summary

    • Return nullptr for out-of-range transaction, block transaction, block spent-output, and transaction spent-output accessors.
    • Add script verification statuses for unsupported flag bits and out-of-range input indexes.
    • Reject malformed precomputed transaction data spent-output arrays at construction.
    • Document script verification failure statuses and precomputed spent-output array requirements.
    • Add focused kernel API tests for the new failure behavior, including nullable status output handling.

    Testing

    • git diff --check
    • cmake -B build-kernel-validation -DBUILD_KERNEL_LIB=ON -DBUILD_KERNEL_TEST=ON -DBUILD_TESTS=OFF -DBUILD_DAEMON=OFF -DBUILD_CLI=OFF -DBUILD_BITCOIN_BIN=OFF -DBUILD_TX=OFF -DBUILD_UTIL=OFF -DENABLE_WALLET=OFF -DENABLE_IPC=OFF
    • cmake --build build-kernel-validation --target test_kernel -j $(sysctl -n hw.ncpu)
    • build-kernel-validation/bin/test_kernel
  2. DrahtBot added the label Validation on May 20, 2026
  3. DrahtBot commented at 10:15 PM on May 20, 2026: contributor

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--006a51241073e994b41acfe9ec718e94-->

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35340.

    <!--021abf342d371248e50ceaed478a90ca-->

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

    <!--5faf32d7da4f0f540f40219e4f7537a3-->

    LLM Linter (✨ experimental)

    Possible places where named args for integral literals may be used (e.g. func(x, /*named_arg=*/0) in C++, and func(x, named_arg=0) in Python):

    • btck_precomputed_transaction_data_create(tx.get(), too_many_spent_outputs, 2) in src/test/kernel/test_kernel.cpp
    • btck_precomputed_transaction_data_create(tx.get(), nullptr, 1) in src/test/kernel/test_kernel.cpp
    • btck_precomputed_transaction_data_create(tx.get(), null_spent_outputs, 1) in src/test/kernel/test_kernel.cpp

    <sup>2026-05-20 22:20:57</sup>

  4. fallintoplace marked this as ready for review on May 20, 2026
  5. kernel: validate C API inputs 9de0fb351b
  6. fallintoplace force-pushed on May 20, 2026
  7. sedited commented at 7:20 AM on May 21, 2026: contributor

    This change seems to do the exact opposite that the changes in #35312 propose. You also seem to have used an LLM to assist you with most of your work. Since we have limited review resources, and LLMs are capable of generating endless work for reviewers, we ask authors to make an effort in demonstrating that they are capable of explaining their own changes and have a good understanding of their contribution. In this case, I'm going to close this PR and the accompanying issue, and ask you instead to provide review to #35312 if you believe that asserting on these inputs is an anti-pattern.

  8. sedited closed this on May 21, 2026
  9. maflcko commented at 2:08 PM on May 21, 2026: member

    Dupe of #33943?

Contributors
fallintoplaceDrahtBotseditedmaflcko
Labels
Validation
Linked (view graph)
#35339 kernel: fail closed on invalid C API caller inputs
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-06-10 04:51 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me