Skip to content

Fix integer sanitizer suppressions in validation.cpp #24196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 9, 2022
Merged

Fix integer sanitizer suppressions in validation.cpp #24196

merged 1 commit into from
Feb 9, 2022

Conversation

maflcko
Copy link
Member

@maflcko maflcko commented Jan 28, 2022
edited
Loading

It doesn't seem ideal to have an integer sanitizer enabled, but then disable it for the whole validation.cpp file.

Fix it with a refactor and remove the suppression.

@DrahtBot
Copy link
Contributor

DrahtBot commented Jan 29, 2022
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

@DrahtBot DrahtBot mentioned this pull request Jan 29, 2022
Merged
luke-jr
luke-jr approved these changes Jan 31, 2022
View reviewed changes
Copy link
Member

@luke-jr luke-jr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

int is only guaranteed to have a max value of 32768. In a 2 MB block, that's 61 bytes per input. Seems quite possible to hit it?

OTOH, I don't think we support/work on such platforms right now, so this probably isn't a real issue. So utACK anyway.

@maflcko
Copy link
Member Author

maflcko commented Jan 31, 2022

It wouldn't be possible to start Bitcoin Core if int max was 32768. See also:

src/compat/assumptions.h:static_assert(sizeof(short) == 2, "16-bit short assumed");
src/compat/assumptions.h:static_assert(sizeof(int) == 4, "32-bit int assumed");
src/compat/assumptions.h:static_assert(sizeof(unsigned) == 4, "32-bit unsigned assumed");
src/compat/assumptions.h:static_assert(sizeof(size_t) == 4 || sizeof(size_t) == 8, "size_t assumed to be 32-bit or 64-bit");

PastaPastaPasta
PastaPastaPasta reviewed Feb 1, 2022
View reviewed changes
PastaPastaPasta
PastaPastaPasta approved these changes Feb 1, 2022
View reviewed changes
Copy link
Contributor

@PastaPastaPasta PastaPastaPasta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK fa2d0c7 modulo nit

@maflcko maflcko marked this pull request as draft February 1, 2022 14:51
@maflcko maflcko mentioned this pull request Feb 7, 2022
Merged
@maflcko maflcko marked this pull request as ready for review February 7, 2022 14:30
@maflcko
Copy link
Member Author

maflcko commented Feb 7, 2022

Changed to a pure refactor, that doesn't change any types. Also, it doesn't change the binary with clang++ -O2 on my system, though with gcc it does. It is the same refactor that was used in ##24227

hebasto
hebasto approved these changes Feb 7, 2022
View reviewed changes
Copy link
Member

@hebasto hebasto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK fac6205, I have reviewed the code and it looks OK, I agree it can be merged.

ghost
ghost approved these changes Feb 7, 2022
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review ACK fac6205

@maflcko maflcko merged commit 8ac7997 into bitcoin:master Feb 9, 2022
@maflcko maflcko deleted the 2201-valInt branch February 9, 2022 07:33
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Feb 9, 2022
Merge bitcoin#24196: Fix integer sanitizer suppressions in validation…
89a770b 
….cpp
Fabcien pushed a commit to Bitcoin-ABC/bitcoin-abc that referenced this pull request Dec 9, 2022
@PiRK
remove integer sanitizer suppression in validation.cpp
295dde9 
Summary:
While looking at backporting [[bitcoin/bitcoin#24196 | core#24196]], I noticed that the offending code was already changed  in D359 (`unsigned int` -> `size_t`) and fixed in D1528 (removal of the `for (size_t j = tx.vin.size(); j-- > 0;)` loop)

Removing the file-wide suppression means that new UB can now be detected.

Test Plan:
With UBSAN
`ninja && ninja check check-functional`

Reviewers: #bitcoin_abc, Fabien

Reviewed By: #bitcoin_abc, Fabien

Differential Revision: https://reviews.bitcoinabc.org/D12821
@bitcoin bitcoin locked and limited conversation to collaborators Feb 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@hebasto hebasto hebasto approved these changes

+3 more reviewers

@luke-jr luke-jr luke-jr approved these changes

@PastaPastaPasta PastaPastaPasta PastaPastaPasta approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Refactoring
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@maflcko @DrahtBot @luke-jr @PastaPastaPasta @hebasto