Fix invalid checks (NULL checks after dereference, redundant checks, etc.) #10898

practicalswift · 2017-07-21T19:49:19Z

Contains:

Remove redundant NULL checks after throwing new
Remove redundant check (!ecc is always true)
Remove duplicate uriParts.size() > 0 check
Use two boolean literals instead of re-using variable

benma · 2017-07-24T07:27:04Z

src/rest.cpp

        //inputs is sent over URI scheme (/rest/getutxos/checkmempool/txid1-n/txid2-n/...)
-        if (uriParts.size() > 0 && uriParts[0] == "checkmempool")
+        if (uriParts[0] == "checkmempool")
            fCheckMemPool = true;


add braces or put on same line according do the dev notes.

benma · 2017-07-24T07:30:18Z

src/net_processing.cpp

-                connman.ForNode(lNodesAnnouncingHeaderAndIDs.front(), [&connman, fAnnounceUsingCMPCTBLOCK, nCMPCTBLOCKVersion](CNode* pnodeStop){
-                    connman.PushMessage(pnodeStop, CNetMsgMaker(pnodeStop->GetSendVersion()).Make(NetMsgType::SENDCMPCT, fAnnounceUsingCMPCTBLOCK, nCMPCTBLOCKVersion));
+                connman.ForNode(lNodesAnnouncingHeaderAndIDs.front(), [&connman, nCMPCTBLOCKVersion](CNode* pnodeStop) {
+                    connman.PushMessage(pnodeStop, CNetMsgMaker(pnodeStop->GetSendVersion()).Make(NetMsgType::SENDCMPCT, false, nCMPCTBLOCKVersion));


Now the code is less readable, as I have to guess or look up what false means here. I'd restore the var in this case (same issue below).

Fixed by adding two comments :-)

benma · 2017-07-24T07:39:21Z

src/bitcoin-tx.cpp

@@ -687,18 +687,18 @@ static void MutateTx(CMutableTransaction& tx, const std::string& command,
    else if (command == "outaddr")
        MutateTxAddOutAddr(tx, commandVal);
    else if (command == "outpubkey") {
-        if (!ecc) { ecc.reset(new Secp256k1Init()); }
+        ecc.reset(new Secp256k1Init());


A bit off-topic (removing the !ecc check looks good):

The usage of Secp256k1Init is pretty obscure here. Why is it needed for those few commands but not others?

Would it be a better idea to move the Secp256k1Init into the functions that are called? As close as possible to where it is actually required, which is not hard to see now.

Pinging @sipa, the author of this.

Some libsecp256k1 calls require a context, and some don't. The secp256k1.h header explains which ones, but perhaps that information should be duplicated into at least the pubkey.h/key.h interfaces?

benma · 2017-07-24T07:45:56Z

src/qt/walletview.cpp

@@ -122,11 +122,12 @@ void WalletView::setWalletModel(WalletModel *_walletModel)
    overviewPage->setWalletModel(_walletModel);
    receiveCoinsPage->setModel(_walletModel);
    sendCoinsPage->setModel(_walletModel);
-    usedReceivingAddressesPage->setModel(_walletModel->getAddressTableModel());
-    usedSendingAddressesPage->setModel(_walletModel->getAddressTableModel());

    if (_walletModel)


After a quick research it looks like _walletModel is never passed as NULL. So it would be good to change the argument from a pointer to a reference and remove this check.

practicalswift · 2017-07-24T14:17:10Z

@benma Thanks for reviewing! Good feedback. All items addressed. Looks good? :-)

benma · 2017-07-24T20:38:10Z

src/net_processing.cpp

-                connman.ForNode(lNodesAnnouncingHeaderAndIDs.front(), [&connman, fAnnounceUsingCMPCTBLOCK, nCMPCTBLOCKVersion](CNode* pnodeStop){
-                    connman.PushMessage(pnodeStop, CNetMsgMaker(pnodeStop->GetSendVersion()).Make(NetMsgType::SENDCMPCT, fAnnounceUsingCMPCTBLOCK, nCMPCTBLOCKVersion));
+                connman.ForNode(lNodesAnnouncingHeaderAndIDs.front(), [&connman, nCMPCTBLOCKVersion](CNode* pnodeStop){
+                    connman.PushMessage(pnodeStop, CNetMsgMaker(pnodeStop->GetSendVersion()).Make(NetMsgType::SENDCMPCT, /*fAnnounceUsingCMPCTBLOCK=*/false, nCMPCTBLOCKVersion));


I am not sure whether I like this 😆

Maybe nicer to define two constants for true/false, or an enum?

I commend the effort to reduce the number of lines, but in some cases, being descriptive is worth it.

utACK anyway, I'll leave the decision to you.

benma · 2017-07-24T20:38:33Z

utACK da5f591c03e04cfc159aa9d8ed1036576f51aa25

practicalswift · 2017-08-14T15:49:17Z

Rebased!

practicalswift · 2017-09-10T19:11:50Z

Rebased! :-)

laanwj · 2017-10-02T13:31:05Z

src/qt/walletview.h

@@ -48,7 +48,7 @@ class WalletView : public QStackedWidget
        The wallet model represents a bitcoin wallet, and offers access to the list of transactions, address book and sending
        functionality.
    */
-    void setWalletModel(WalletModel *walletModel);
+    void setWalletModel(WalletModel& walletModel);


Please don't change the setWalletModel() interface. It is supposed to be consistent over all objects, and setting a NULL model is meaningful: it should be possible to use the view classes without a model for simple testing.

practicalswift · 2017-10-02T14:00:53Z

@laanwj I've now removed the Move NULL check prior to dereference commit.

Please note that setting a NULL model will result in a null pointer dereference in current master. Should I fix that?

What about:

diff --git a/src/qt/walletview.cpp b/src/qt/walletview.cpp
index 971f5e0..a56a400 100644
--- a/src/qt/walletview.cpp
+++ b/src/qt/walletview.cpp
@@ -122,8 +122,8 @@ void WalletView::setWalletModel(WalletModel *_walletModel)
     overviewPage->setWalletModel(_walletModel);
     receiveCoinsPage->setModel(_walletModel);
     sendCoinsPage->setModel(_walletModel);
-    usedReceivingAddressesPage->setModel(_walletModel->getAddressTableModel());
-    usedSendingAddressesPage->setModel(_walletModel->getAddressTableModel());
+    usedReceivingAddressesPage->setModel(_walletModel ? _walletModel->getAddressTableModel() : nullptr);
+    usedSendingAddressesPage->setModel(_walletModel ? _walletModel->getAddressTableModel() : nullptr);

laanwj · 2017-10-02T15:03:04Z

@practicalshift Yes that should be fixed, looks good to me!

…lid)

practicalswift · 2017-10-02T18:34:02Z

@laanwj I've now added a NULL check for _walletModel. Looks good now? :-)

ryanofsky

utACK 76fed83

@practicalswift, how are you finding these changes? Are you using a linter tool? Or methodically going through the source code in some way and reviewing it?

practicalswift · 2017-10-04T14:11:53Z

@ryanofsky I use a combination of manual code review, static analysis and fuzzing to find potential issues. In the Apple Swift project most of my results have been from fuzzing (using my own compiler fuzzer): see my apple/swift contributions here.

ryanofsky · 2017-10-04T14:38:31Z

Thanks. It could be educational (and also nice to give credit) if you mentioned the specific static analysis & fuzzing tools were that used in your commit messages and PR descriptions.

promag · 2017-10-04T14:45:07Z

Agree with @ryanofsky, also for useful when reviewing!

JeremyRubin · 2017-10-04T14:50:23Z

Echoing @ryanofsky, would even be useful to fill this info in on already merged PRs (people often refer to them long after the fact).

practicalswift · 2017-10-04T15:34:38Z

@ryanofsky @promag @JeremyRubin Sure! Thanks for showing interest! That is appreciated.

Here are pointers to some of the open source tools that I use regularly:

clang's Thread Safety Analysis - see PR [WIP] Add Clang thread safety analysis annotations: GUARDED_BY(lock) / EXCLUSIVE_LOCKS_REQUIRED(lock) #11226 (please review!) + Fix -Wthread-safety-analysis warnings. Compile with -Wthread-safety-analysis if available. #10866 (please review!)
libFuzzer - see PR [tests] Add libFuzzer support #10440 (please review!)
afl-fuzz - see PR [tests] Speed up fuzzing by ~200x when using afl-fuzz #10415 and [tests] Add fuzz testing for BlockTransactions and BlockTransactionsRequest #10409
valgrind - see PR [contrib] Add Valgrind suppressions file #11035 (please review!)
clang-tidy - see PR Avoid static analyzer warnings regarding uninitialized arguments #10735
clang-format - see PR Make clang-format use C++11 features (e.g. A<A<int>> instead of A<A<int> >) #10602
pycodestyle - see PR Remove unused Python imports #9508
clang's AddressSanitizer (ASan: -fsanitize=address)
clang's LeakSanitizer (LSan: -fsanitize=leak)
clang's MemorySanitizer (MSan: -fsanitize=memory)
clang's ThreadSanitizer (TSan: -fsanitize=thread)
clang's UndefinedBehaviorSanitizer (UBSan: -fsanitize=undefined)
flintpp
oclint
cppcheck

The list is not at all exhaustive - I try to use as many tools as possible to increase diversity in the classes of issues covered. In addition to the above I use some custom/proprietary analysis tools/scripts, but they are not that interesting or general.

If you want to help, please review the open PR:s mentioned above to increase the chance of them getting merged :-)

ryanofsky · 2017-10-12T18:19:28Z

Can this be merged? Has two utACKs and is a small, minor change.

laanwj · 2017-10-12T21:55:33Z

Looks good to me, utACK 76fed83

…ndant checks, etc.) 76fed83 Avoid NULL pointer dereference when _walletModel is NULL (which is valid) (practicalswift) 4971a9a Use two boolean literals instead of re-using variable (practicalswift) b5fb339 Remove duplicate uriParts.size() > 0 check (practicalswift) 7466991 Remove redundant check (!ecc is always true) (practicalswift) 55224af Remove redundant NULL checks after new (practicalswift) Pull request description: Contains: * Remove redundant `NULL` checks after throwing `new` * Remove redundant check (`!ecc` is always true) * Remove duplicate `uriParts.size() > 0` check * Use two boolean literals instead of re-using variable Tree-SHA512: 30e9af8a9d5c8184836f8267b492aeb4e26eca171a3be08f634b3f39b3055b9fa9f06623f6c69b294ca13bf99743f7645cfac2b25e014ff74687bd085a997895

…e, redundant checks, etc.) 76fed83 Avoid NULL pointer dereference when _walletModel is NULL (which is valid) (practicalswift) 4971a9a Use two boolean literals instead of re-using variable (practicalswift) b5fb339 Remove duplicate uriParts.size() > 0 check (practicalswift) 7466991 Remove redundant check (!ecc is always true) (practicalswift) 55224af Remove redundant NULL checks after new (practicalswift) Pull request description: Contains: * Remove redundant `NULL` checks after throwing `new` * Remove redundant check (`!ecc` is always true) * Remove duplicate `uriParts.size() > 0` check * Use two boolean literals instead of re-using variable Tree-SHA512: 30e9af8a9d5c8184836f8267b492aeb4e26eca171a3be08f634b3f39b3055b9fa9f06623f6c69b294ca13bf99743f7645cfac2b25e014ff74687bd085a997895

7a5d181 Use the character based overload for std::string::find. (Alin Rus) c19401b Don't use pass by reference to const for cheaply-copied types (bool, char, etc.). (practicalswift) 4c5fe36 [Refactor] Remove unused fQuit var from checkqueue.h (donaloconnor) fda7a5f Cleanup: remove unneeded header includes (random-zebra) ac2476c Add test cases covering the relevant key length boundaries: 64 bytes +/- 1 byte for HMAC-SHA256 and 128 bytes +/- 1 byte for HMAC-SHA512 (practicalswift) a346262 Fix code constness in CBlockIndex::GetAncestor() overloads (Dan Raviv) 65e3f4e Refactor: More range-based for loops (random-zebra) dd3d3c4 Use range-based for loops (C++11) when looping over map elements (practicalswift) 5a7750a Move RPC registration out of AppInitParameterInteraction (Russell Yanofsky) 402b4c4 Use compile-time constants instead of unnamed enumerations (practicalswift) bbac2d0 [Trivial] Fix indentation in coins.cpp (random-zebra) e539c62 Small refactor of CCoinsViewCache::BatchWrite() (Dan Raviv) ec91759 Use MakeUnique<T>(...) instead of std::unique_ptr<T>(new T(...)) (random-zebra) 93487b1 Use unique_ptr for pcoinscatcher/pcoinsdbview/pcoinsTip/pblocktree (random-zebra) ff43d69 Use unique_ptr for pdbCopy (Db) and fix potential memory leak (practicalswift) b4d9641 Use unique_ptr for dbenv (DbEnv) (practicalswift) 36108b9 Use unique_ptr for pfilter (CBloomFilter) (practicalswift) ff1c454 Use unique_ptr for sem{Addnode,Outbound} (CSemaphore) (practicalswift) 93daf17 Use unique_ptr for httpRPCTimerInterface (HTTPRPCTimerInterface) (practicalswift) 020ac16 Init: Remove redundant exit(EXIT_FAILURE) instances and replace with (random-zebra) b9f5d1f Remove duplicate uriParts.size() > 0 check (practicalswift) 440d961 Remove redundant check (!ecc is always true) (practicalswift) bfd295b Remove redundant NULL checks after new (practicalswift) 97aad32 Make fUseCrypto atomic (MeshCollider) 2711f78 Consistent parameter names in txdb.h (MeshCollider) d40df3a Fix race for mapBlockIndex in AppInitMain (random-zebra) 03b7766 Cleanup: remove unused functions to Hash the concat of 4 or more objects (random-zebra) c520e0f Remove some unused functions and methods (Pieter Wuille) 508f1a1 range-based loops and const qualifications in net.cpp (Marko Bencun) 79b1e50 Refactor: implement CPubKey::data() (random-zebra) 614d26c Refactor: more &vec[0] to vec.data() (random-zebra) 02b6337 Changing &vec[0] to vec.data(), what 9804 missed (MeshCollider) c1c8b05 Ensure that data types are consistent (jjz) 732bb9d Fix potential null dereferences (MeshCollider) 80f35f9 Remove unreachable code (practicalswift) Pull request description: This is a collection of simple refactorings coming from upstream Bitcoin v0.16 (adapting/extending to PIVX-specific code where needed). Pull requests backported: - bitcoin#10845 (practicalswift) - bitcoin#11238 (MeshCollider) - bitcoin#11232 (jjz) - bitcoin#10793 (MeshCollider) - bitcoin#10888 (benma) - ~~bitcoin#11351 (danra)~~ [edit: removed - included in #2423] - bitcoin#11385 (sipa) - bitcoin#11107 (MeshCollider) - bitcoin#10898 (practicalswift) - bitcoin#11511 (donaloconnor) - bitcoin#11043 (practicalswift) - bitcoin#11353 (danra) - bitcoin#10749 (practicalswift) - bitcoin#11603 (ryanofsky) - bitcoin#10493 (practicalswift) - bitcoin#11337 (danra) - bitcoin#11516 (practicalswift) - bitcoin#10574 (practicalswift) - bitcoin#12108 (donaloconnor) - bitcoin#10839 (practicalswift) - bitcoin#12159 (kekimusmaximus) ACKs for top commit: Fuzzbawls: ACK 7a5d181 furszy: re-ACK 7a5d181 after rebase, no code changes. Merging.. Tree-SHA512: d92f5df47f443391a6531274a2efb9a4882c62d32eff628f795b3abce703f108c8b40ec80ac841cde6c5fdd5c9ff2b6056a31546ac2edda279f5f18fccc99c32

…e, redundant checks, etc.) 76fed83 Avoid NULL pointer dereference when _walletModel is NULL (which is valid) (practicalswift) 4971a9a Use two boolean literals instead of re-using variable (practicalswift) b5fb339 Remove duplicate uriParts.size() > 0 check (practicalswift) 7466991 Remove redundant check (!ecc is always true) (practicalswift) 55224af Remove redundant NULL checks after new (practicalswift) Pull request description: Contains: * Remove redundant `NULL` checks after throwing `new` * Remove redundant check (`!ecc` is always true) * Remove duplicate `uriParts.size() > 0` check * Use two boolean literals instead of re-using variable Tree-SHA512: 30e9af8a9d5c8184836f8267b492aeb4e26eca171a3be08f634b3f39b3055b9fa9f06623f6c69b294ca13bf99743f7645cfac2b25e014ff74687bd085a997895

fanquake added the Refactoring label Jul 21, 2017

benma suggested changes Jul 24, 2017

View reviewed changes

practicalswift force-pushed the invalid-logic branch 2 times, most recently from 6d77efe to da5f591 Compare July 24, 2017 12:32

benma reviewed Jul 24, 2017

View reviewed changes

practicalswift force-pushed the invalid-logic branch from da5f591 to 0770629 Compare August 14, 2017 15:49

practicalswift force-pushed the invalid-logic branch from 0770629 to 3509b82 Compare September 10, 2017 19:11

laanwj reviewed Oct 2, 2017

View reviewed changes

practicalswift added 4 commits October 2, 2017 15:47

Remove redundant NULL checks after new

55224af

Remove redundant check (!ecc is always true)

7466991

Remove duplicate uriParts.size() > 0 check

b5fb339

Use two boolean literals instead of re-using variable

4971a9a

practicalswift force-pushed the invalid-logic branch from 3509b82 to 4971a9a Compare October 2, 2017 13:54

Avoid NULL pointer dereference when _walletModel is NULL (which is va…

76fed83

…lid)

ryanofsky reviewed Oct 3, 2017

View reviewed changes

laanwj merged commit 76fed83 into bitcoin:master Oct 12, 2017

dagurval mentioned this pull request May 21, 2018

[REST] Handle UTXO retrieval when ignoring the mempool bitcoinxt/bitcoinxt#430

Merged

practicalswift deleted the invalid-logic branch April 10, 2021 19:32

random-zebra mentioned this pull request Jun 29, 2021

[Refactoring] Bitcoin 0.16 cherries PIVX-Project/PIVX#2462

Merged

bitcoin locked as resolved and limited conversation to collaborators Aug 18, 2022

Fix invalid checks (NULL checks after dereference, redundant checks, etc.) #10898

Fix invalid checks (NULL checks after dereference, redundant checks, etc.) #10898

Uh oh!

Conversation

practicalswift commented Jul 21, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

benma Jul 24, 2017

Choose a reason for hiding this comment

Uh oh!

benma Jul 24, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

practicalswift Jul 24, 2017

Choose a reason for hiding this comment

Uh oh!

benma Jul 24, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

sipa Jul 24, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

benma Jul 24, 2017

Choose a reason for hiding this comment

Uh oh!

practicalswift commented Jul 24, 2017

Uh oh!

benma Jul 24, 2017

Choose a reason for hiding this comment

Uh oh!

benma commented Jul 24, 2017

Uh oh!

practicalswift commented Aug 14, 2017

Uh oh!

practicalswift commented Sep 10, 2017

Uh oh!

laanwj Oct 2, 2017

Choose a reason for hiding this comment

Uh oh!

practicalswift commented Oct 2, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

laanwj commented Oct 2, 2017

Uh oh!

practicalswift commented Oct 2, 2017

Uh oh!

ryanofsky left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

practicalswift commented Oct 4, 2017

Uh oh!

ryanofsky commented Oct 4, 2017

Uh oh!

promag commented Oct 4, 2017

Uh oh!

JeremyRubin commented Oct 4, 2017

Uh oh!

practicalswift commented Oct 4, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ryanofsky commented Oct 12, 2017

Uh oh!

laanwj commented Oct 12, 2017

Uh oh!

Uh oh!

practicalswift commented Jul 21, 2017 •

edited

Loading

benma Jul 24, 2017 •

edited

Loading

benma Jul 24, 2017 •

edited

Loading

sipa Jul 24, 2017 •

edited

Loading

practicalswift commented Oct 2, 2017 •

edited

Loading

ryanofsky left a comment •

edited

Loading

practicalswift commented Oct 4, 2017 •

edited

Loading