phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-26 11:13:23 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix signed integer overflow in prioritisetransaction RPC

Browse source
This commit is contained in:
MarcoFalke 2021-11-02 21:59:39 +01:00 committed by MacroFake
parent fa52cf8e11
commit fa07f84e31
No known key found for this signature in database
GPG key ID: CE2B75697E69A548
2 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/txmempool.cpp
View file

@ -16,6 +16,7 @@
#include <reverse_iterator.h> #include <reverse_iterator.h>
#include <util/check.h> #include <util/check.h>
#include <util/moneystr.h> #include <util/moneystr.h>
#include <util/overflow.h>
#include <util/system.h> #include <util/system.h>
#include <util/time.h> #include <util/time.h>
#include <validationinterface.h> #include <validationinterface.h>
@ -93,9 +94,9 @@ CTxMemPoolEntry::CTxMemPoolEntry(const CTransactionRef& tx, CAmount fee,
void CTxMemPoolEntry::UpdateModifiedFee(CAmount fee_diff) void CTxMemPoolEntry::UpdateModifiedFee(CAmount fee_diff)
{ {
nModFeesWithDescendants += fee_diff; nModFeesWithDescendants = SaturatingAdd(nModFeesWithDescendants, fee_diff);
nModFeesWithAncestors += fee_diff; nModFeesWithAncestors = SaturatingAdd(nModFeesWithAncestors, fee_diff);
m_modified_fee += fee_diff; m_modified_fee = SaturatingAdd(m_modified_fee, fee_diff);
} }
void CTxMemPoolEntry::UpdateLockPoints(const LockPoints& lp) void CTxMemPoolEntry::UpdateLockPoints(const LockPoints& lp)
@ -437,7 +438,7 @@ void CTxMemPoolEntry::UpdateDescendantState(int64_t modifySize, CAmount modifyFe
{ {
nSizeWithDescendants += modifySize; nSizeWithDescendants += modifySize;
assert(int64_t(nSizeWithDescendants) > 0); assert(int64_t(nSizeWithDescendants) > 0);
nModFeesWithDescendants += modifyFee; nModFeesWithDescendants = SaturatingAdd(nModFeesWithDescendants, modifyFee);
nCountWithDescendants += modifyCount; nCountWithDescendants += modifyCount;
assert(int64_t(nCountWithDescendants) > 0); assert(int64_t(nCountWithDescendants) > 0);
} }
@ -446,7 +447,7 @@ void CTxMemPoolEntry::UpdateAncestorState(int64_t modifySize, CAmount modifyFee,
{ {
nSizeWithAncestors += modifySize; nSizeWithAncestors += modifySize;
assert(int64_t(nSizeWithAncestors) > 0); assert(int64_t(nSizeWithAncestors) > 0);
nModFeesWithAncestors += modifyFee; nModFeesWithAncestors = SaturatingAdd(nModFeesWithAncestors, modifyFee);
nCountWithAncestors += modifyCount; nCountWithAncestors += modifyCount;
assert(int64_t(nCountWithAncestors) > 0); assert(int64_t(nCountWithAncestors) > 0);
nSigOpCostWithAncestors += modifySigOps; nSigOpCostWithAncestors += modifySigOps;
@ -921,7 +922,7 @@ void CTxMemPool::PrioritiseTransaction(const uint256& hash, const CAmount& nFeeD
{ {
LOCK(cs); LOCK(cs);
CAmount &delta = mapDeltas[hash]; CAmount &delta = mapDeltas[hash];
delta += nFeeDelta; delta = SaturatingAdd(delta, nFeeDelta);
txiter it = mapTx.find(hash); txiter it = mapTx.find(hash);
if (it != mapTx.end()) { if (it != mapTx.end()) {
mapTx.modify(it, [&nFeeDelta](CTxMemPoolEntry& e) { e.UpdateModifiedFee(nFeeDelta); }); mapTx.modify(it, [&nFeeDelta](CTxMemPoolEntry& e) { e.UpdateModifiedFee(nFeeDelta); });

4
test/sanitizer_suppressions/ubsan
View file

@ -1,10 +1,10 @@
# -fsanitize=undefined suppressions # -fsanitize=undefined suppressions
# ================================= # =================================
# This would be `signed-integer-overflow:CTxMemPool::PrioritiseTransaction`, # The suppressions would be `sanitize-type:ClassName::MethodName`,
# however due to a bug in clang the symbolizer is disabled and thus no symbol # however due to a bug in clang the symbolizer is disabled and thus no symbol
# names can be used. # names can be used.
# See https://github.com/google/sanitizers/issues/1364 # See https://github.com/google/sanitizers/issues/1364
signed-integer-overflow:txmempool.cpp
# https://github.com/bitcoin/bitcoin/pull/21798#issuecomment-829180719 # https://github.com/bitcoin/bitcoin/pull/21798#issuecomment-829180719
signed-integer-overflow:policy/feerate.cpp signed-integer-overflow:policy/feerate.cpp