Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v0.13.2.0-gentoo segfault on gentoo-hardened using multi-wallet functionality #3

Closed
grubles opened this issue Jan 13, 2017 · 2 comments
Closed

v0.13.2.0-gentoo segfault on gentoo-hardened using multi-wallet functionality #3

grubles opened this issue Jan 13, 2017 · 2 comments

Comments

@grubles
Copy link

grubles commented Jan 13, 2017

Built with the following USE flags:

net-p2p/bitcoin-qt wallet qt5 ljr qrcode

gcc:

gcc (Gentoo Hardened 4.9.4 p1.0, pie-0.6.4) 4.9.4

uname -a

Linux localhost 4.7.10-hardened #2 SMP PREEMPT Thu Dec 15 15:49:07 EST 2016 x86_64 AMD Phenom(tm) II X6 1090T Processor AuthenticAMD GNU/Linux

dmesg:

[2441401.344983] grsec: Segmentation fault occurred at 00000056ecf593c8 in /usr/bin/bitcoin-qt[bitcoin-qt:14637] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:14633] uid/euid:1000/1000 gid/egid:1000/1000
[2441401.345906] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/bitcoin-qt[bitcoin-qt:14637] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:14633] uid/euid:1000/1000 gid/egid:1000/1000
[2441642.920006] bitcoin-qt[14815]: segfault at 8a66973a4b ip 000003cb15d3843c sp 000003d8698d1d20 error 4 in libQt5Core.so.5.6.2[3cb15adc000+4e9000]
[2441642.920027] grsec: Segmentation fault occurred at 0000008a66973a4b in /usr/bin/bitcoin-qt[bitcoin-qt:14815] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:14812] uid/euid:1000/1000 gid/egid:1000/1000
[2441642.920188] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/bitcoin-qt[bitcoin-qt:14815] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:14812] uid/euid:1000/1000 gid/egid:1000/1000

associated debug.log output:

2017-01-13 22:04:07 GUI: PaymentServer::LoadRootCAs: Loaded  157  root certificates
2017-01-13 22:04:07 GUI: QObject::connect: No such slot RPCConsole::test() in qt/rpcconsole.cpp:909
2017-01-13 22:04:07 GUI: QObject::connect:  (receiver name: 'RPCConsole')

With two wallets configured in bitcoin.conf, -qt runs well. However, once a third wallet is added to bitcoin.conf, the above happens.
@grubles
Copy link
Author

grubles commented Jan 14, 2017
edited
Loading

backtrace (with three wallets):

#1  0x000003fff5d2a0dc in ?? () from /usr/lib64/libQt5Core.so.5
#2  0x000003fff69a6f04 in QTableView::setSortingEnabled(bool) () from /usr/lib64/libQt5Widgets.so.5
#3  0x000002aaaac397f6 in TransactionView::setModel(WalletModel*) ()
#4  0x000002aaaabd713e in WalletView::setWalletModel(WalletModel*) ()
#5  0x000002aaaabc1537 in WalletFrame::addWallet(QString const&, WalletModel*) ()
#6  0x000002aaaab436e1 in BitcoinGUI::addWallet(QString const&, WalletModel*) ()
#7  0x000002aaaab31246 in BitcoinApplication::initializeResult(int) ()
#8  0x000003fff5d8d28a in QObject::event(QEvent*) () from /usr/lib64/libQt5Core.so.5
#9  0x000003fff66a3f6d in QApplication::event(QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#10 0x000003fff66a0cf4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#11 0x000003fff66a5c96 in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#12 0x000003fff5d5b550 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib64/libQt5Core.so.5
#13 0x000003fff5d5e1ca in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/lib64/libQt5Core.so.5
#14 0x000003fff5db7036 in ?? () from /usr/lib64/libQt5Core.so.5
#15 0x000003fff18c1423 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#16 0x000003fff18c1728 in ?? () from /usr/lib64/libglib-2.0.so.0
#17 0x000003fff18c1831 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#18 0x000003fff5db70d3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib64/libQt5Core.so.5
#19 0x000003fff5d598c2 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#20 0x000003fff5d6296b in QCoreApplication::exec() () from /usr/lib64/libQt5Core.so.5
#21 0x000002aaaab20eee in main ()

luke-jr pushed a commit that referenced this issue Feb 18, 2017
Squashed 'src/univalue/' changes from daf1285..16a1f7f
2ca7faa 
16a1f7f Merge #3: Pull upstream
3f03bfd Merge pull request #27 from laanwj/2016_09_const_refs
5668ca3 Return const references from getKeys, getValues, get_str
cedda14 Merge pull request #28 from MarcoFalke/patch-1
9f0b997 [travis] Work around osx libtool issue

git-subtree-dir: src/univalue
git-subtree-split: 16a1f7f
luke-jr pushed a commit that referenced this issue Feb 18, 2017
@sipa
Merge bitcoin#9075: Decouple peer-processing-logic from block-connect…
9346f84 
…ion-logic (#3)

ae22357 Replace CValidationState param in ProcessNewBlock with BlockChecked (Matt Corallo)
7c98ce5 Remove pfrom parameter from ProcessNewBlock (Matt Corallo)
e2e069d Revert "RPC: Give more details when "generate" fails" (Matt Corallo)
@luke-jr
Copy link
Member

luke-jr commented Aug 18, 2017

Is this still an issue?

luke-jr pushed a commit that referenced this issue Mar 8, 2018
Squashed 'src/univalue/' changes from 16a1f7f..fe805ea
619bb05 
fe805ea Declare single-argument (non-converting) constructors "explicit"
8a2d6f1 Merge pull request #41 from jgarzik/get-obj-map
ba341a2 Add getObjMap() helper method.  Also, constify checkObject().
ceb1194 Handle .pushKV() and .checkObject() edge cases.
107db98 Add ::push_back(double) method for feature parity.
d415300 Move one-line implementation of UniValue::read() to header.
52e85b3 Move exception-throwing get_* methods into separate implementation module.
dac5296 README.md: update code quotes
3e31dcf README.md: close code quote
d09b842 Update README.md
f1b86ed Convert README to markdown style.
1dfe464 Import UniValue class unit tests from bitcoin project.
0d3e74d operator[] takes size_t index parameter (versus unsigned int)
640158f Private findKey() method becomes size_t clean, and returns bool on failure.
7099135 Merge pull request #36 from ryanofsky/pr/end-str
a31231b Version 1.0.3
4fd5444 Reject unterminated strings
81eba33 Merge pull request #26 from isle2983/pushBackHelpers
3640541 Merge PR bitcoin#32 from branch 'nul-not-special' of git://github.com/ryanofsky/univalue into merge
89bb073 Merge pull request #31 from ryanofsky/raw-literals
511008c Merge pull request #30 from ryanofsky/test-driver
77974f3 Merge pull request #34 from paveljanik/20161116_Wshadow_codepoint
a38fcd3 Do not shadow member variable codepoint.
fd32d1a Don't require nul-terminated string inputs
0bb1439 Support parsing raw literals in UniValue
28876d0 Merge pull request #29 from btcdrak/exportspace
839ccd7 Add test driver for JSONTestSuite
26ef3ff Remove trailing whitespace from JSON export
cfa0384 Convenience wrappers for push_back-ing integer types
REVERT: 16a1f7f Merge #3: Pull upstream
REVERT: daf1285 Merge pull request #2 from jgarzik/master
REVERT: f32df99 Merge branch '2016_04_unicode' into bitcoin
REVERT: 280b191 Merge remote-tracking branch 'jgarzik/master' into bitcoin
REVERT: 2740c4f Merge branch '2015_11_escape_plan' into bitcoin

git-subtree-dir: src/univalue
git-subtree-split: fe805ea
luke-jr pushed a commit that referenced this issue Mar 8, 2018
@laanwj
Merge bitcoin#11783: Fix shutdown in case of errors during initializa…
16fff80 
…tion

d31e5c1 Fix shutdown in case of errors during initialization (Wladimir J. van der Laan)

Pull request description:

  PR bitcoin#10286 introduced a few steps which are not robust to early shutdown in initialization.

  Stumbled upon this with bitcoin#11781, not sure if there are other scenarios that can trigger it, but it's good to harden against this in any case.

  E.g.
  ```
  $ src/bitcoind  -debuglogfile=/dfdf
  Error: Could not open debug log file /dfdf
  Program received signal SIGSEGV, Segmentation fault.
  UnregisterValidationInterface (pwalletIn=0x0) at /.../bitcoin/src/validationinterface.cpp:82
  82          g_signals.m_internals->BlockChecked.disconnect(boost::bind(&CValidationInterface::BlockChecked, pwalletIn, _1, _2));
  (gdb) bt
  #0  UnregisterValidationInterface (pwalletIn=0x0) at /.../bitcoin/src/validationinterface.cpp:82
  #1  0x00005555555a11fc in Shutdown () at /.../bitcoin/src/init.cpp:196
  #2  0x00005555555961cc in AppInit (argc=<optimized out>, argv=<optimized out>) at /.../bitcoin/src/bitcoind.cpp:183
  #3  0x0000555555596249 in main (argc=0, argv=0x555555ecf200) at /.../bitcoin/src/bitcoind.cpp:19
  ```

Tree-SHA512: 7dd9570a9803514a17781bfadf1edde47e96df4e852cce2f423cab422e005fb94d44e777af1a6ea5167b04a4d889e848ae7a61a7e0e94232247ddea32ee70fc8
luke-jr pushed a commit that referenced this issue Mar 8, 2018
Squashed 'src/univalue/' changes from fe805ea..07947ff
88411e9 
07947ff Merge #9: [tests] Fix BOOST_CHECK_THROW macro
ec849d9 [tests] Fix BOOST_CHECK_THROW macro
31bc9f5 Merge #8: Remove unused Homebrew workaround
fa04209 Remove HomeBrew workaround
a523e08 Merge #7: Declare single-argument (non-converting) constructors "explicit"
a9e53b3 Merge #4: Pull upstream
16a1f7f Merge #3: Pull upstream
daf1285 Merge pull request #2 from jgarzik/master
f32df99 Merge branch '2016_04_unicode' into bitcoin
280b191 Merge remote-tracking branch 'jgarzik/master' into bitcoin
2740c4f Merge branch '2015_11_escape_plan' into bitcoin

git-subtree-dir: src/univalue
git-subtree-split: 07947ff
luke-jr pushed a commit that referenced this issue Oct 13, 2019
Merge bitcoin#16143: tests: Mark unit test blockfilter_index_initial_…
6899ef3 
…sync as non-deterministic

c061be1 tests: Mark unit test blockfilter_index_initial_sync as non-deterministic (practicalswift)

Pull request description:

  Mark unit test `blockfilter_index_tests/blockfilter_index_initial_sync` as non-deterministic.

  Before this PR:

  ```
  $ contrib/devtools/test_deterministic_coverage.sh 500
  [2019-06-04 09:58:57] Measuring coverage, run #1 of 500
  [2019-06-04 10:00:33] Measuring coverage, run #2 of 500
  [2019-06-04 10:02:19] Measuring coverage, run #3 of 500

  The line coverage is non-deterministic between runs. Exiting.

  The test suite must be deterministic in the sense that the set of lines executed at least
  once must be identical between runs. This is a necessary condition for meaningful
  coverage measuring.

  --- gcovr.run-1.txt     2019-06-04 10:00:33.389059973 +0000
  +++ gcovr.run-3.txt     2019-06-04 10:03:45.619491207 +0000
  @@ -72,7 +72,7 @@
   hash.h                                        54      33    61%   71,74-77,82,85-89,111,113,128,147-148,175,178-181
   httprpc.cpp                                  120       3     2%   31,34-35,38-40,46,49,52,54,56,58,70,73-74,76,78-79,81,83-84,89,91,94-95,97,99-101,103,106-107,111-112,117-119,121-122,125,128,130,132,134-136,138-139,142,145,148,151-153,156-160,163-166,171,173-175,180-182,185,187,189-190,192,195,198-199,201,203-204,212,215,217,219-222,224,227-228,230,232,237,239-240,243-245,247-251,254,256,259,261-264,266-267 [* 205-206,208-209]
   httpserver.cpp                               312       6     1%   46,49-50,53,55,80-81,90,92-93,96-98,101,104,106-109,111-112,114,118,120-122,126,128-129,153,155,157-158,164,166-178,180,182,184-188,192,194-196,198-199,201-202,204-205,207-208,213,216-221,225,228-232,236-239,243-244,247-254,256-258,264-267,270-271,274,279,281-282,286,288-290,292-293,297,299-300,303-307,309-310,312-317,322-328,330,332,335,339,341-342,346,352-353,355,358,360,364,368-369,375,378,381-384,388-391,393-394,398-400,402,404-406,409,411-412,414,416,426,428-431,433-434,438,440-441,443,445-446,449,451-455,457-459,463-464,466-469,471-473,475-477,479,482,484,487,490-493,496-497,499-500,502,504,506,508-509,511,513-514,517,519,521-522,527,529-533,535,538,540-543,550-555,558,560-562,570,572-574,577-582,585-590,594-597,600,602-604,606-609,611,614,616,619,621,625-626,628-629,631-632,634-635,640,642-643,646,648-651,653,655-656
  -index/base.cpp                               149      94    63%   20,22-25,28,66,98,102-103,117-118,140-141,145-146,155,163,175,177-178,181-182,184-185,200-201,203,212,214-215,219-221,228-229,234,236,240,243-244,247-249,258-260,262,270,292-294,308-309 [* 263]
  +index/base.cpp                               149      97    65%   20,22-25,28,66,98,102-103,117-118,140-141,145-146,155,163,175,177-178,181-182,184-185,200-201,203,212,214-215,219-221,228-229,234,236,240,243-244,247-249,258-260,262,270,308-309 [* 263]
   index/base.h                                   3       2    66%   77
   index/blockfilterindex.cpp                   199     134    67%   70,79,81,84-88,91,122,139,142,179-181,184-185,188-189,193-194,201-202,207,233,258,262-263,265-266,268,271-272,274,277,279,284,286,288-289,294,301-302,304,322,329,332-333,350,371,373,438,440-441,444,446,449,455-456,459,461,464,466 [* 162-163]
   index/blockfilterindex.h                       4       4   100%
  @@ -358,7 +358,7 @@
   util/validation.cpp                            5       1    20%   12,15-17
   validation.cpp                              2167     808    37%   291,293,297-300,302,330,332,340,348,355-357,359,362,364-365,368,371,380,382-383,385-386,388-389,396,398-402,406-413,415,417,419,422-425,439-440,442-443,446,449,455-458,461-464,467,469-470,472,474,476,492,494-495,502-503,505-507,511-513,515,517,523,526,528,533,535,540,542-544,550,552-556,558-560,564,574,578-583,586,590-591,594-596,601-602,607-608,611-612,616-617,619-621,635-636,638,640,647-648,651,657-658,660-662,665-667,673,675,677-678,682-683,690,693,700-701,703-705,709-710,713-714,716,719-720,724-727,733-735,737-739,741-743,747-748,751-752,754,757-764,771,773-774,776-779,785-788,793-794,796-800,815-816,818-822,825,827,830,835,838-839,841-843,846-848,850,853,859,864-867,875,877-879,884-885,887-891,895,899-900,904-906,908-909,911,930-931,933,936,942,944-950,952,959,962,965-968,972,978,982-984,990-991,994-996,999,1003-1004,1011,1013,1015-1019,1022-1023,1026-1032,1056,1065,1079,1091,1108,1112,1114-1118,1125,1127-1130,1133-1135,1138-1139,1147,1149,1151-1152,1155,1197,1199-1201,1206-1209,1211-1212,1226,1230,1232-1234,1236,1238-1241,1245-1246,1256,1258,1260-1262,1264-1266,1268,1278-1280,1282-1283,1286,1289,1291-1292,1294-1302,1305-1311,1319-1323,1330,1332-1333,1336-1339,1379,1383-1384,1395,1401,1405-1407,1411-1414,1423-1428,1438-1440,1451,1455,1458,1471,1480,1497,1503,1519,1525,1527-1530,1532-1533,1536,1538-1539,1549,1551,1553,1555,1559-1562,1571,1573,1578,1580,1582-1584,1588-1589,1594-1597,1601-1606,1613-1616,1619-1623,1630,1632,1635,1637,1639-1640,1642-1646,1658,1660,1675,1688,1711,1713-1715,1742,1755,1760,1765,1769,1811,1815,1817,1841-1845,1855,1942,1946-1947,1956,1984-1986,1991-1992,1994,1996-1999,2005-2007,2010-2012,2022-2023,2028-2031,2038-2039,2042,2044,2049,2058-2061,2064,2114-2115,2117-2118,2120-2124,2152-2153,2156,2159-2163,2165-2169,2171-2172,2176-2178,2187-2188,2191-2194,2199,2207-2211,2215-2220,2224,2227-2230,2235,2237-2238,2261-2263,2265,2274,2278,2286,2301,2303-2304,2306-2309,2311,2313-2318,2320,2322,2325,2327-2328,2330,2332-2334,2338,2340,2343-2344,2407-2410,2430,2445-2447,2507-2509,2511-2514,2518,2520-2521,2523-2524,2561,2564,2590,2592-2593,2595-2598,2603,2620,2626,2658,2719,2724,2773,2776-2777,2779,2781,2783,2785-2788,2791,2793-2795,2799,2801-2802,2805,2807-2809,2813,2816,2818-2821,2825-2826,2832-2834,2841-2845,2848,2854,2858-2859,2861,2865-2868,2872-2875,2880,2884-2885,2890-2891,2894-2895,2897,2900-2906,2908,2910,2912,2918-2922,2924,2928-2929,2940,3002-3005,3009-3010,3026-3028,3036-3037,3039-3040,3045,3053,3056,3077,3080,3090,3112,3118,3129,3133,3135-3136,3141-3142,3150,3190-3193,3259,3268,3273,3277,3282-3285,3303,3314,3321-3324,3338-3341,3345-3346,3348-3350,3360,3372,3392,3397,3403,3406,3408,3435-3441,3443,3468-3469,3485,3487-3488,3492-3493,3534-3536,3542,3547-3549,3552,3565-3566,3601-3602,3610,3628,3630,3632,3645,3647,3649-3651,3653,3657,3659,3661-3669,3675-3680,3686-3687,3691,3693-3697,3702,3704,3706-3708,3711-3718,3720,3724,3726-3729,3748,3750-3752,3754,3758-3759,3763,3765,3767,3772,3774,3777-3778,3780-3781,3783,3787-3788,3790,3792-3794,3798-3800,3823,3825,3828,3830,3832,3836-3838,3841-3843,3845,3848,3850,3854-3856,3858-3859,3861-3862,3864-3867,3870-3873,3875-3876,3879,3882-3883,3886-3893,3899,3901,3905-3909,3911-3915,3922-3924,3926-3928,3931,3933-3934,3940-3942,3945-3947,3952,3954-3955,3957,3960-3961,3964,3966,3968-3972,3975,3977,3980,3982,3985,3987-3988,3992-3996,3998-4006,4008-4009,4011-4012,4014,4016,4019,4021-4022,4024-4026,4028-4032,4037-4041,4043-4045,4047,4050,4053-4054,4057,4060-4064,4066-4067,4069-4075,4079-4080,4086,4089-4091,4094-4097,4101,4106,4108,4110,4112-4114,4116-4117,4119,4121,4123-4124,4126,4128-4130,4132-4134,4138-4142,4144-4147,4154,4158-4163,4166-4169,4172-4173,4177,4179-4180,4183,4185,4187-4189,4191-4193,4195,4197-4201,4207-4208,4212,4220-4223,4230,4232-4233,4237,4240,4243,4247,4249,4251,4253-4255,4265-4266,4277,4279,4282,4285-4287,4292-4293,4296,4298,4302,4305-4306,4310-4311,4315-4318,4360,4363-4367,4370,4377,4397,4412,4415-4416,4418,4421-4422,4424,4426-4429,4433-4437,4439-4441,4448-4452,4454-4456,4458,4460,4462-4467,4471-4475,4477,4480-4481,4486-4488,4493,4496-4503,4505,4507-4511,4513-4514,4517-4519,4529-4531,4546,4600,4638-4639,4647,4653,4662-4664,4696,4703-4704,4718,4720,4723,4725,4727,4730,4732-4733,4736,4738-4739,4742,4744-4745,4750,4752-4757,4761-4765,4769-4770,4774-4776,4779-4781,4783-4785,4787-4790,4793-4794,4800-4801,4803,4807,4809-4810,4812-4813,4815-4816,4823,4827,4829,4831-4832,4834-4835,4838-4840,4842,4845,4848-4849,4853,4855-4856,4858-4863,4866-4872,4877,4891,4907 [* 1085-1086,1140-1141,1513-1514,2201-2202,2428,3569-3570,4400-4401,4442,4453,4504,4522-4523,4526-4527,4818-4819,4873-4874]
   validation.h                                  19       5    26%   338,350-352,356-363,366,484
  -validationinterface.cpp                       81      50    61%   78-82,85-86,112-113,116,119-120,123-124,126-128,130,133-136,151-153,163-165,169-171
  +validationinterface.cpp                       83      60    72%   78-82,85-86,112-113,116,133-136,151-153,163-165,169-171
   validationinterface.h                          9       4    44%   94,105,112,118,135
   versionbits.cpp                               92      27    29%   33,35-36,38-39,48-50,52-54,56-57,61-62,67-71,73,75-76,80,82-83,91,98,100,102-103,105,109-110,113-118,121-122,124,127,129-130,134,137,141,149,151,153-155,159,177,179,184,194,196,199,201,204,206 [* 26]
   versionbits.h                                  1       1   100%
  @@ -400,5 +400,5 @@
   zmq/zmqpublishnotifier.h                       5       0     0%   12,31,37,43,49
   zmq/zmqrpc.cpp                                23       3    13%   16,18,20,23,33-35,37,40-47,51,62,64-65
   ------------------------------------------------------------------------------
  -TOTAL                                      52472    7784    14%
  +TOTAL                                      52474    7797    14%
   ------------------------------------------------------------------------------
  $
  ```

  After this PR:

  ```
  $ contrib/devtools/test_deterministic_coverage.sh 500
  [2019-06-03 14:45:25] Measuring coverage, run #1 of 500
  [2019-06-03 14:48:15] Measuring coverage, run #2 of 500
  [2019-06-03 14:50:49] Measuring coverage, run #3 of 500
  [2019-06-03 14:52:20] Measuring coverage, run #4 of 500
  [2019-06-03 14:53:49] Measuring coverage, run #5 of 500
  …
  [2019-06-04 09:04:58] Measuring coverage, run bitcoin#496 of 500
  [2019-06-04 09:07:42] Measuring coverage, run bitcoin#497 of 500
  [2019-06-04 09:10:32] Measuring coverage, run bitcoin#498 of 500
  [2019-06-04 09:13:26] Measuring coverage, run bitcoin#499 of 500
  [2019-06-04 09:16:32] Measuring coverage, run bitcoin#500 of 500

  Coverage test passed: Deterministic coverage across 500 runs.
  $
  ```

ACKs for commit c061be:

Tree-SHA512: 00cd55b4371290d8587ab667c64249bc31d26cc9dc3dd519677eb91ddb9dbc5333dfbdef5e90c7a0d74eecd24757113e7ec3eda836859ddc033b1de715df81b6
luke-jr pushed a commit that referenced this issue Oct 13, 2019
Merge bitcoin#16225: tests: Make coins_tests/updatecoins_simulation_t…
98958c8 
…est deterministic

f899580 tests: Make coins_tests/updatecoins_simulation_test deterministic (practicalswift)

Pull request description:

  Make `coins_tests/updatecoins_simulation_test` deterministic.

  Before:

  ```
  $ contrib/devtools/test_deterministic_coverage.sh 1000
  [2019-06-15 05:36:20] Measuring coverage, run #1 of 1000
  [2019-06-15 05:38:05] Measuring coverage, run #2 of 1000
  [2019-06-15 05:39:49] Measuring coverage, run #3 of 1000
  [2019-06-15 05:41:38] Measuring coverage, run #4 of 1000
  [2019-06-15 05:43:16] Measuring coverage, run #5 of 1000
  ...
  [2019-06-16 18:25:23] Measuring coverage, run bitcoin#880 of 1000
  [2019-06-16 18:27:12] Measuring coverage, run bitcoin#881 of 1000
  [2019-06-16 18:29:33] Measuring coverage, run bitcoin#882 of 1000
  [2019-06-16 18:33:00] Measuring coverage, run bitcoin#883 of 1000
  [2019-06-16 18:35:32] Measuring coverage, run bitcoin#884 of 1000

  The line coverage is non-deterministic between runs. Exiting.

  The test suite must be deterministic in the sense that the set of lines executed at least
  once must be identical between runs. This is a necessary condition for meaningful
  coverage measuring.

  --- gcovr.run-1.txt     2019-06-15 05:38:05.282359029 +0200
  +++ gcovr.run-884.txt   2019-06-16 18:37:23.518298374 +0200
  @@ -269,7 +269,7 @@
   test/bloom_tests.cpp                         320     320   100%
   test/bswap_tests.cpp                          13      13   100%
   test/checkqueue_tests.cpp                    223     222    99%   169
  -test/coins_tests.cpp                         478     472    98%   52,68,344-345,511,524
  +test/coins_tests.cpp                         478     474    99%   52,68,511,524
   test/compilerbug_tests.cpp                    18      18   100%
   test/compress_tests.cpp                       27      27   100%
   test/crypto_tests.cpp                        268     268   100%
  @@ -401,5 +401,5 @@
   zmq/zmqpublishnotifier.h                       5       0     0%   12,31,37,43,49
   zmq/zmqrpc.cpp                                23       3    13%   16,18,20,23,33-35,37,40-47,51,62,64-65
   ------------------------------------------------------------------------------
  -TOTAL                                      53323   28305    53%
  +TOTAL                                      53323   28307    53%
   ------------------------------------------------------------------------------
  ```

  After:

  ```
  $ contrib/devtools/test_deterministic_coverage.sh 1000
  [2019-06-15 05:36:20] Measuring coverage, run #1 of 1000
  [2019-06-15 05:38:05] Measuring coverage, run #2 of 1000
  [2019-06-15 05:39:49] Measuring coverage, run #3 of 1000
  [2019-06-15 05:41:38] Measuring coverage, run #4 of 1000
  [2019-06-15 05:43:16] Measuring coverage, run #5 of 1000
  ...
  $
  ```

ACKs for commit f89958:
  MarcoFalke:
    ACK f899580 (checked that the randomness state of g_insecure_rand_ctx is the same after three test runs)

Tree-SHA512: 796d362b050c5750e351de1126b62f0f2c8e2d712cf01b6e1a3e2cc6ef92fa68439a32fc24c76d34bce4d553aee4ae4ea88a036c56eb9e25979649a19c59c3e5
@luke-jr luke-jr closed this as completed Mar 7, 2020
luke-jr pushed a commit that referenced this issue Jun 9, 2020
Merge bitcoin#17205: ci: Enable address sanitizer (ASan) stack-use-af…
4aaeb04 
…ter-return checking

8d22ab0 ci: Enable address sanitizer (ASan) stack-use-after-return checking (practicalswift)

Pull request description:

  Enable address sanitizer (ASan) stack-use-after-return checking (`detect_stack_use_after_return=1`).

  Example:

  ```
  #include <iostream>
  #include <string>

  const std::string& get_string(int i) {
      return std::to_string(i);
  }

  int main() {
      std::cout << get_string(41) << "\n";
  }
  ```

  Without address sanitizer (ASan) stack-use-after-return checking:

  ```
  $ ./stack-use-after-return

  $
  ```

  With address sanitizer (ASan) stack-use-after-return checking:

  ```
  $ ASAN_OPTIONS="detect_stack_use_after_return=1" ./stack-use-after-return
  =================================================================
  ==10400==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f7fa0400030 at pc 0x00000049d2cc bp 0x7ffcbd617070 sp 0x7ffcbd616820
  READ of size 2 at 0x7f7abbecd030 thread T0
      #0 0x439781 in fwrite
      #1 0x7f7ac0504cb3 in std::basic_ostream<char, std::char_traits<char> >& std::__ostream_insert<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x113cb3)
      #2 0x4f9b5f in main stack-use-after-return.cpp:9:15
      #3 0x7f7abf440b96 in __libc_start_main
      #4 0x41bbc9 in _start
  …
  $
  ```

Top commit has no ACKs.

Tree-SHA512: 6557a9ff184023380fd9aa433cdf413e01a928ea99dbc59ec138e5d69cb9e13592e8bb5951612f231ff17a37a895bec5c0940c8db5f328a5c840a5771bdeeba5
luke-jr pushed a commit that referenced this issue Jun 9, 2020
@laanwj
Merge bitcoin#17427: qt: Fix missing qRegisterMetaType for size_t
89e9313 
1828c6f refactor: Styling w/ clang-format, comment update (Hennadii Stepanov)
88a94f7 qt: Fix missing qRegisterMetaType for size_t (Hennadii Stepanov)

Pull request description:

  On master (a7aec7a) this connection https://github.com/bitcoin/bitcoin/blob/a7aec7ad97949a82f870c033d8fd8b65d772eacb/src/qt/rpcconsole.cpp#L587 fails due to `ClientModel::mempoolSizeChanged()` signal has unregistered parameter type `size_t`: https://github.com/bitcoin/bitcoin/blob/a7aec7ad97949a82f870c033d8fd8b65d772eacb/src/qt/clientmodel.h#L102

  More:
  ```
  $ QT_FATAL_WARNINGS=1 lldb src/qt/bitcoin-qt -- -debug=qt
  ...
  (lldb) bt
  * thread #17, name = 'QThread', stop reason = signal SIGABRT
    * frame #0: 0x00007ffff35fce97 libc.so.6`__GI_raise(sig=2) at raise.c:51
      frame #1: 0x00007ffff35fe801 libc.so.6`__GI_abort at abort.c:79
      frame #2: 0x00007ffff5901352 libQt5Core.so.5`QMessageLogger::warning(char const*, ...) const + 354
      frame #3: 0x00007ffff5b216fe libQt5Core.so.5`___lldb_unnamed_symbol2329$$libQt5Core.so.5 + 334
      frame #4: 0x00007ffff5b2456d libQt5Core.so.5`QMetaObject::activate(QObject*, int, int, void**) + 1933
      frame #5: 0x000055555566872e bitcoin-qt`ClientModel::mempoolSizeChanged(this=<unavailable>, _t1=<unavailable>, _t2=<unavailable>) at moc_clientmodel.cpp:260
  ...

  ```

  `debug.log`:
  ```
  [] GUI: QObject::connect: Cannot queue arguments of type 'size_t'
  (Make sure 'size_t' is registered using qRegisterMetaType().)
  ```

  This PR fixes it.

  Refs:
  - [Qt docs: qRegisterMetaType](https://doc.qt.io/qt-5/qmetatype.html#qRegisterMetaType)
  - bitcoin#16348

  ---

  Side NOTE: Also I believe this line https://github.com/bitcoin/bitcoin/blob/a7aec7ad97949a82f870c033d8fd8b65d772eacb/src/qt/bitcoin.cpp#L63 is redundant since long `CAmount` is a `typedef`.

ACKs for top commit:
  laanwj:
    Tested ACK 1828c6f

Tree-SHA512: 2c7f9fe6a5ae70f2e1dd86b07f95d4b00c85c5706a9d722f063f80beb71880d012ec46556963fb1544c2af53d006936c2f7612eae60d9193f67db62ba3d86129
luke-jr pushed a commit that referenced this issue Jun 9, 2020
Merge bitcoin#17674: tests: Add initialization order fiasco detection…
cf43f3f 
… in Travis

1f9d5af tests: Add initialization order fiasco detection in Travis (practicalswift)

Pull request description:

  Add initialization order fiasco detection in Travis :)

  Context: bitcoin#17670 (comment)

  This would have caught the `events_hasher` initialization order issue introduced in bitcoin#17573  and fixed in bitcoin#17670.

  Output in case of an initialization order fiasco:

  ```
  ==7934==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x557098d79200 at pc 0x55709796b9a3 bp 0x7ffde524dc30 sp 0x7ffde524dc28
  READ of size 8 at 0x557098d79200 thread T0
      #0 0x55709796b9a2 in CSHA256::Finalize(unsigned char*) src/crypto/sha256.cpp:667:25
      #1 0x5570978150e9 in SeedEvents(CSHA512&) src/random.cpp:462:19
      #2 0x5570978145e1 in SeedSlow(CSHA512&) src/random.cpp:482:5
      #3 0x5570978149a3 in SeedStartup(CSHA512&, (anonymous namespace)::RNGState&) src/random.cpp:527:5
      #4 0x55709781102d in ProcRand(unsigned char*, int, RNGLevel) src/random.cpp:571:9
      #5 0x557097810d19 in GetRandBytes(unsigned char*, int) src/random.cpp:576:59
      #6 0x557096c2f9d5 in (anonymous namespace)::CSignatureCache::CSignatureCache() src/script/sigcache.cpp:34:9
      #7 0x557096511977 in __cxx_global_var_init.7 src/script/sigcache.cpp:67:24
      #8 0x5570965119f8 in _GLOBAL__sub_I_sigcache.cpp src/script/sigcache.cpp
      #9 0x557097bba4ac in __libc_csu_init (src/bitcoind+0x18554ac)
      #10 0x7f214b1c2b27 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:266
      #11 0x5570965347d9 in _start (src/bitcoind+0x1cf7d9)

  0x557098d79200 is located 96 bytes inside of global variable 'events_hasher' defined in 'random.cpp:456:16' (0x557098d791a0) of size 104
    registered at:
      #0 0x557096545dfd in __asan_register_globals compiler-rt/lib/asan/asan_globals.cpp:360:3
      #1 0x557097817f8b in asan.module_ctor (src/bitcoind+0x14b2f8b)

  SUMMARY: AddressSanitizer: initialization-order-fiasco src/crypto/sha256.cpp:667:25 in CSHA256::Finalize(unsigned char*)
  ```

ACKs for top commit:
  promag:
    Tested ACK 1f9d5af, got
  MarcoFalke:
    ACK 1f9d5af 👔

Tree-SHA512: f24ac0a313df7549193bd7f4fcfdf9b72bdfc6a6ee31d0b08e6d0752e5108fbd532106b6c86377ae0641258c9adb4921872e5d9a0154c0284e03315e0777102c
luke-jr pushed a commit that referenced this issue Jun 9, 2020
Merge bitcoin#17685: tests: Fix bug in the descriptor parsing fuzzing…
bb03765 
… harness (descriptor_parse)

6338c02 tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift)

Pull request description:

  Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`).

  Background:

  When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`.

  The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :)

  Before:

  ```
  $ mkdir descriptors/
  $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input
  $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/
  …
  pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null
  secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here
      #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12
      #1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24
      #2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42
      #3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23
      #4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16
      #5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9
  …
  $
  ```

  After:

  ```
  $ mkdir descriptors/
  $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input
  $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/
  …
  Done 2 runs in 0 second(s)
  $
  ```

ACKs for top commit:
  paymog:
    ACK 6338c02
  MarcoFalke:
    ACK 6338c02 🕊

Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
luke-jr pushed a commit that referenced this issue Jun 9, 2020
@fanquake
Merge bitcoin#17695: gui: disable File->CreateWallet during startup
c8e65ad 
d65fafc gui: disable File->CreateWallet during startup (fanquake)

Pull request description:

  Same as bitcoin#16118. Early calls to Create Wallet will crash bitcoin-qt.

  ```bash
  lldb /Applications/Bitcoin-Qt.app/Contents/MacOS/Bitcoin-Qt -- --regtest -debug

  Process 18143 launched: '/Users/michael/github/bitcoin/src/qt/bitcoin-qt' (x86_64)
  2019-12-07 15:49:37.823867-0500 bitcoin-qt[18143:5696499] MessageTracer: Falling back to default whitelist
  Process 18143 stopped
  * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18)
      frame #0: 0x00000001000d2d9d bitcoin-qt`CreateWalletActivity::createWallet() + 381
  bitcoin-qt`CreateWalletActivity::createWallet:
  ->  0x1000d2d9d <+381>: movq   0x18(%rax), %r14
      0x1000d2da1 <+385>: movq   %r15, -0xa8(%rbp)
      0x1000d2da8 <+392>: leaq   -0xa0(%rbp), %r12
      0x1000d2daf <+399>: leaq   -0x80(%rbp), %rsi
  Target 0: (bitcoin-qt) stopped.
  (lldb) bt
  * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18)
    * frame #0: 0x00000001000d2d9d bitcoin-qt`CreateWalletActivity::createWallet() + 381
      frame #1: 0x0000000100833e6f bitcoin-qt`QMetaObject::activate(QObject*, int, int, void**) + 1631
      frame #2: 0x0000000100a1fc47 bitcoin-qt`QDialog::done(int) + 247
      frame #3: 0x0000000100833ef5 bitcoin-qt`QMetaObject::activate(QObject*, int, int, void**) + 1765
      frame #4: 0x00000001009e04c2 bitcoin-qt`QDialogButtonBoxPrivate::_q_handleButtonClicked() + 786
  ```

ACKs for top commit:
  jonasschnelli:
    utACK d65fafc
  promag:
    ACK d65fafc.

Tree-SHA512: 12d7f9e8772508bffbb0163849d9eceec5b1c80068c5d377a4d0973c713dc5f8ad38be8f793fec843d7fb604f0e60a72398b0c95f0a8b775dab39d25b29ac046
luke-jr pushed a commit that referenced this issue Oct 21, 2021
Merge bitcoin#21586: test: Add missing suppression for signed-integer…
590e49c 
…-overflow:txmempool.cpp

fad8a97 test: Add missing suppression for signed-integer-overflow:txmempool.cpp (MarcoFalke)

Pull request description:

  Otherwise the fuzzer will crash:

  ```
  txmempool.cpp:847:15: runtime error: signed integer overflow: 8138645194045128704 + 4611686018427387904 cannot be represented in type 'long'
      #0 0x558ff1838d4c in CTxMemPool::PrioritiseTransaction(uint256 const&, long const&) /root/fuzz_dir/scratch/fuzz_gen/code/src/txmempool.cpp:847:15
      #1 0x558ff196e723 in LoadMempool(CTxMemPool&, CChainState&, std::function<_IO_FILE* (boost::filesystem::path const&, char const*)>) /root/fuzz_dir/scratch/fuzz_gen/code/src/validation.cpp:5053:22
      #2 0x558ff13f37ab in validation_load_mempool_fuzz_target(Span<unsigned char const>) /root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/validation_load_mempool.cpp:32:11
      #3 0x558ff1083378 in std::_Function_handler<void (Span<unsigned char const>), void (*)(Span<unsigned char const>)>::_M_invoke(std::_Any_data const&, Span<unsigned char const>&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:300:2
      #4 0x558ff22a749d in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/std_function.h:688:14
      #5 0x558ff22a70e8 in LLVMFuzzerTestOneInput /root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz.cpp:63:5
      #6 0x558ff0f83543 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
      #7 0x558ff0f6d442 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
      #8 0x558ff0f7323a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
      #9 0x558ff0f9ef82 in main (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x196df82)
      #10 0x7f1237f310b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
      #11 0x558ff0f4816d in _start (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x191716d)

Top commit has no ACKs.

Tree-SHA512: 94c13771054b4acfb83e3dcfa09beb3f9d0ca0e025d3993cdf2e46df6456f227565b31fd4377b8dd86c567aeee800f293ac57a470c6f5f81e9177d460e7bd705
luke-jr pushed a commit that referenced this issue Mar 5, 2024
@fanquake
Merge bitcoin#28695: net: Sanity check private keys received from SAM…
ec5116a 
… proxy

5cf4d26 [test] Test i2p private key constraints (Vasil Dimov)
cf70a8d [net] Check i2p private key constraints (dergoegge)

Pull request description:

  Not sanity checking can lead to crashes or worse:

  ```
  ==1715589==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000055c2 at pc 0x5622ed66e7ad bp 0x7ffee547a2c0 sp 0x7ffee547a2b8
  READ of size 2 at 0x6140000055c2 thread T0 (b-test)
      #0 0x5622ed66e7ac in memcpy include/bits/string_fortified.h:29:10
      #1 0x5622ed66e7ac in i2p::sam::Session::MyDestination() const src/i2p.cpp:362:5
      #2 0x5622ed662e46 in i2p::sam::Session::CreateIfNotCreatedAlready() src/i2p.cpp:414:40
      #3 0x5622ed6619f2 in i2p::sam::Session::Listen(i2p::Connection&) src/i2p.cpp:143:9
  ```

ACKs for top commit:
  maflcko:
    code lgtm ACK 5cf4d26
  stickies-v:
    re-ACK 5cf4d26
  vasild:
    ACK 5cf4d26

Tree-SHA512: 3de3bd396538fa619de67957b9c8a58011ab911f0f51097c387e730c13908278b7322aa3357051fb245a20b15bef34b0e9fadcb1eff8ad751139d2aa634c78ad
luke-jr pushed a commit that referenced this issue Mar 5, 2024
@fanquake
Merge bitcoin#28966: test: Add missing CBlockPolicyEstimator::process…
453c9ca 
…BlockTx suppression

fa9dc92 test: Add missing CBlockPolicyEstimator::processBlockTx suppression (MarcoFalke)

Pull request description:

  Fixes bitcoin#28865 (comment)

  ```
  # FUZZ=policy_estimator UBSAN_OPTIONS="suppressions=/root/fuzz_dir/scratch/fuzz_gen/code/test/sanitizer_suppressions/ubsan:print_stacktrace=1:halt_on_error=1:report_error_type=1" ./src/test/fuzz/fuzz /tmp/crash-154b42214e70781a9c1ad72d3f2693913dcf8c06

  ...

  policy/fees.cpp:632:27: runtime error: implicit conversion from type 'unsigned int' of value 4294574080 (32-bit, unsigned) to type 'int' changed the value to -393216 (32-bit, signed)
      #0 0x55cbbe10daee in CBlockPolicyEstimator::processBlockTx(unsigned int, CTxMemPoolEntry const*) src/policy/fees.cpp:632:27
      #1 0x55cbbe10e361 in CBlockPolicyEstimator::processBlock(unsigned int, std::vector<CTxMemPoolEntry const*, std::allocator<CTxMemPoolEntry const*>>&) src/policy/fees.cpp:680:13
      #2 0x55cbbd84af48 in policy_estimator_fuzz_target(Span<unsigned char const>)::$_1::operator()() const src/test/fuzz/policy_estimator.cpp:69:40
      #3 0x55cbbd84af48 in unsigned long CallOneOf<policy_estimator_fuzz_target(Span<unsigned char const>)::$_0, policy_estimator_fuzz_target(Span<unsigned char const>)::$_1, policy_estimator_fuzz_target(Span<unsigned char const>)::$_2, policy_estimator_fuzz_target(Span<unsigned char const>)::$_3>(FuzzedDataProvider&, policy_estimator_fuzz_target(Span<unsigned char const>)::$_0, policy_estimator_fuzz_target(Span<unsigned char const>)::$_1, policy_estimator_fuzz_target(Span<unsigned char const>)::$_2, policy_estimator_fuzz_target(Span<unsigned char const>)::$_3) src/./test/fuzz/util.h:43:27
      #4 0x55cbbd84af48 in policy_estimator_fuzz_target(Span<unsigned char const>) src/test/fuzz/policy_estimator.cpp:38:9
      #5 0x55cbbda1cc18 in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:9
      #6 0x55cbbda1cc18 in LLVMFuzzerTestOneInput src/test/fuzz/fuzz.cpp:178:5
      #7 0x55cbbd26a944 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x190e944) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
      #8 0x55cbbd253916 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x18f7916) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
      #9 0x55cbbd25945a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x18fd45a) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
      #10 0x55cbbd284026 in main (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x1928026) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)
      #11 0x7fe4aa8280cf  (/lib/x86_64-linux-gnu/libc.so.6+0x280cf) (BuildId: 96ab1a8f3b2c9a2ed37c7388615e6a726d037e89)
      #12 0x7fe4aa828188 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28188) (BuildId: 96ab1a8f3b2c9a2ed37c7388615e6a726d037e89)
      #13 0x55cbbd24e494 in _start (/root/fuzz_dir/scratch/fuzz_gen/code/src/test/fuzz/fuzz+0x18f2494) (BuildId: ffb89e0b86c093ca3bdeae6f85537737a4e3b42d)

  SUMMARY: UndefinedBehaviorSanitizer: implicit-integer-sign-change policy/fees.cpp:632:27 in
  ```

  ```
  # base64 /tmp/crash-154b42214e70781a9c1ad72d3f2693913dcf8c06
  AQEAAAAAADkFlVwAAQEAAAAAADkFlZVcACTDSSsP3746IAZrH48khwMAAQEB/QEALQAACwAAAAAA
  FgAAAAAAAQAABgAAAAAAAAAAAAAAAAAAACcQAAAAAAAAAAAAAAAAAAAAAAD6AAAAOQWVXAABAQAA
  AAAAOQWVlVwAIMNJKw/fvjogBmsfjySHAwABAQH9AQAtAAALAAAAAAAAAAABAAAGAAAAAAAAAAAA
  AAAAAAAAJxAAAAAAAAAAAAAAAAAAAAAAAPr/AAAAAAAAAAAAAAQAAAAA/wAAAAAAAAAAAAAEAAAA
  AAEBAeAIAVwBXAAA/jbSBvwBKABSKBwBYgEB2wAEkvXInHYAAAAAAAAAvgAAAAAA/9//6v8e/xIk
  MgAlAiUAOw==

ACKs for top commit:
  fanquake:
    ACK fa9dc92
  dergoegge:
    utACK fa9dc92

Tree-SHA512: 3898c17c928ecc2bcc8c7086359e9ae00da2197b4d8e10c7bf6d12415326c9bca3ef6e1d8d3b83172ccfa604ce7e7371415262ba705225f9ea4da8b1a7eb0306
luke-jr pushed a commit that referenced this issue Mar 5, 2024
@fanquake
Merge bitcoin#28969: fuzz: Avoid signed-integer-overflow in wallet_no…
7bc8c53 
…tifications fuzz target

fab164f fuzz: Avoid signed-integer-overflow in wallet_notifications fuzz target (MarcoFalke)

Pull request description:

  Should avoid

  ```
  policy/feerate.cpp:29:63: runtime error: signed integer overflow: 77600710321911316 * 149 cannot be represented in type 'int64_t' (aka 'long')
      #0 0x563a1775ed66 in CFeeRate::GetFee(unsigned int) const src/policy/feerate.cpp:29:63
      #1 0x563a15913a69 in wallet::COutput::COutput(COutPoint const&, CTxOut const&, int, int, bool, bool, bool, long, bool, std::optional<CFeeRate>) src/./wallet/coinselection.h:91:57
      #2 0x563a16fa6a6d in wallet::FetchSelectedInputs(wallet::CWallet const&, wallet::CCoinControl const&, wallet::CoinSelectionParams const&) src/wallet/spend.cpp:297:17
      #3 0x563a16fc4512 in wallet::CreateTransactionInternal(wallet::CWallet&, std::vector<wallet::CRecipient, std::allocator<wallet::CRecipient>> const&, int, wallet::CCoinControl const&, bool) src/wallet/spend.cpp:1105:33
      #4 0x563a16fbec74 in wallet::CreateTransaction(wallet::CWallet&, std::vector<wallet::CRecipient, std::allocator<wallet::CRecipient>> const&, int, wallet::CCoinControl const&, bool) src/wallet/spend.cpp:1291:16
      #5 0x563a16fcf6df in wallet::FundTransaction(wallet::CWallet&, CMutableTransaction&, long&, int&, bilingual_str&, bool, std::set<int, std::less<int>, std::allocator<int>> const&, wallet::CCoinControl) src/wallet/spend.cpp:1361:16
      #6 0x563a1597b7b9 in wallet::(anonymous namespace)::FuzzedWallet::FundTx(FuzzedDataProvider&, CMutableTransaction) src/wallet/test/fuzz/notifications.cpp:162:15
      #7 0x563a15958240 in wallet::(anonymous namespace)::wallet_notifications_fuzz_target(Span<unsigned char const>)::$_0::operator()() const src/wallet/test/fuzz/notifications.cpp:228:23
      #8 0x563a15958240 in unsigned long CallOneOf<wallet::(anonymous namespace)::wallet_notifications_fuzz_target(Span<unsigned char const>)::$_0, wallet::(anonymous namespace)::wallet_notifications_fuzz_target(Span<unsigned char const>)::$_1>(FuzzedDataProvider&, wallet::(anonymous namespace)::wallet_notifications_fuzz_target(Span<unsigned char const>)::$_0, wallet::(anonymous namespace)::wallet_notifications_fuzz_target(Span<unsigned char const>)::$_1) src/./test/fuzz/util.h:43:27
      #9 0x563a15958240 in wallet::(anonymous namespace)::wallet_notifications_fuzz_target(Span<unsigned char const>) src/wallet/test/fuzz/notifications.cpp:196:9
      #10 0x563a15fdef0c in std::function<void (Span<unsigned char const>)>::operator()(Span<unsigned char const>) const /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:9
      #11 0x563a15fdef0c in LLVMFuzzerTestOneInput src/test/fuzz/fuzz.cpp:178:5
      #12 0x563a158032a4 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x19822a4) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)
      #13 0x563a15802999 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x1981999) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)
      #14 0x563a15804586 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x1983586) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)
      #15 0x563a15804aa7 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x1983aa7) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)
      #16 0x563a157f21fb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x19711fb) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)
      #17 0x563a1581c766 in main (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x199b766) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)
      #18 0x7f499e17b0cf  (/lib/x86_64-linux-gnu/libc.so.6+0x280cf) (BuildId: 96ab1a8f3b2c9a2ed37c7388615e6a726d037e89)
      #19 0x7f499e17b188 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28188) (BuildId: 96ab1a8f3b2c9a2ed37c7388615e6a726d037e89)
      #20 0x563a157e70c4 in _start (/ci_container_base/ci/scratch/build/bitcoin-x86_64-pc-linux-gnu/src/test/fuzz/fuzz+0x19660c4) (BuildId: 8acb42ad599d7f6d25b6f93e18fd564d80df7c06)

  SUMMARY: UndefinedBehaviorSanitizer: signed-integer-overflow policy/feerate.cpp:29:63 in
  MS: 0 ; base unit: 0000000000000000000000000000000000000000
  0x3f,0x0,0x2f,0x5f,0x5f,0x5f,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0x7d,0xff,0xff,0xff,0xff,0xff,0x53,0xff,0xff,0xff,0xff,0xff,0x0,0x0,0x0,0x0,0x0,0x0,0x13,0x5e,0x5f,0x5f,0x8,0x25,0x0,0x5f,0x5f,0x5f,0x5f,0x5f,0x5f,0x8,0x25,0xca,0x7f,0x5f,0x5f,0x5f,0x13,0x13,0x5f,0x5f,0x5f,0x2,0xdb,0xca,0x0,0x0,0xe7,0xe6,0x66,0x65,0x0,0x0,0x0,0x0,0x44,0x3f,0xa,0xa,0xff,0xff,0xff,0xff,0xff,0x61,0x76,0x6f,0x69,0x0,0xb5,0x15,
  ?\000/___}}}}}}}}}}}}}}}}}}}}\377\377\377\377\377S\377\377\377\377\377\000\000\000\000\000\000\023^__\010%\000______\010%\312\177___\023\023___\002\333\312\000\000\347\346fe\000\000\000\000D?\012\012\377\377\377\377\377avoi\000\265\025
  artifact_prefix='./'; Test unit written to ./crash-4d3bac8a64d4e58b2f0943e6d28e6e1f16328d7d
  Base64: PwAvX19ffX19fX19fX19fX19fX19fX19fX3//////1P//////wAAAAAAABNeX18IJQBfX19fX18IJcp/X19fExNfX18C28oAAOfmZmUAAAAARD8KCv//////YXZvaQC1FQ==

ACKs for top commit:
  dergoegge:
    ACK fab164f
  brunoerg:
    ACK fab164f

Tree-SHA512: f416828f4394aa7303ee437f141e9bbd23c0e0f1b830e4ef3932338858249ba68a811b9837c5b7ad8c6ab871b6354996434183597c1a910a8d8e8d829693e4b2
luke-jr pushed a commit that referenced this issue Aug 1, 2024
@luke-jr
refactor: Use spanparsing::Split to avoid a harmless unsigned-integer…
728bc25 
…-overflow

The previous commit added a test which would fail the
unsigned-integer-overflow sanitizer. The warning is harmless and can be
triggered on any commit, since the code was introduced.

For reference, the warning would happen when the separator `-` was not
present.

For example:

  GET /rest/getutxos/6a297bfa5cb8dd976ab0207a767d6cbfaa5e876f30081127ec8674c8c52b16c0_+1.json

would result in:

rest.cpp:792:77: runtime error: unsigned integer overflow: 18446744073709551615 + 1 cannot be represented in type 'size_type' (aka 'unsigned long')
    #0 0x55ad42c16931 in rest_getutxos(std::any const&, HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) src/rest.cpp:792:77
    #1 0x55ad4319e3c0 in std::function<bool (HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&)>::operator()(HTTPRequest*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> const&) const /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/bits/std_function.h:591:9
    #2 0x55ad4319e3c0 in HTTPWorkItem::operator()() src/httpserver.cpp:59:9
    #3 0x55ad431a3eea in WorkQueue<HTTPClosure>::Run() src/httpserver.cpp:114:13
    #4 0x55ad4318f961 in HTTPWorkQueueRun(WorkQueue<HTTPClosure>*, int) src/httpserver.cpp:403:12
    #5 0x7f078ebcbbb3  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xeabb3) (BuildId: 40b9b0d17fdeebfb57331304da2b7f85e1396ef2)
    #6 0x55ad4277e01c in asan_thread_start(void*) asan_interceptors.cpp.o
    #7 0x7f078e840a93  (/lib/x86_64-linux-gnu/libc.so.6+0x9ca93) (BuildId: 08134323d00289185684a4cd177d202f39c2a5f3)
    #8 0x7f078e8cdc3b  (/lib/x86_64-linux-gnu/libc.so.6+0x129c3b) (BuildId: 08134323d00289185684a4cd177d202f39c2a5f3)

SUMMARY: UndefinedBehaviorSanitizer: unsigned-integer-overflow rest.cpp:792:77

Github-Pull: bitcoin#30444
Rebased-From: fac932b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@luke-jr @grubles and others