Fix assumeutxo crash due to missing base_blockhash #21582
Conversation
|
Introduced in #19806 |
|
Thanks for catching this. Why change behavior not to allow waiting for the headers to load? |
|
I couldn't find a code path that needs this behavior, so it seemed odd to keep the dead code. Note that in your parent PR the RPC does the waiting, so it doesn't have to be done again in validation. Edit: See |
fa64415 to
fafcddc
Compare
Oh good point. I guess if we add some flag that allows specifying a snapshot to load (absent RPC) we'll have to add some similar code to init, but we can cross that bridge when we come to it. In any case, concept ACK. Will test later today. |
Indeed, I was never a fan of the "idle-loop" inside validation (See #19806 (comment)), so moving it to the caller (if needed at all) seems the way to go. |
There was a problem hiding this comment.
Code review ACK fafcddc. All changes look good, but I don't know when the bug happens in practice or how it was discovered.
Also it would be nice to have just the minimal fix and test together in same commit so it is more clear how the bug can be triggered and how it is fixed. Then it would be good to have the other cleanups in separate commits. IIUC:
- The bugfix is the new
if (!snapshot_start_block)check in PopulateAndValidateSnapshot, triggered by the new test passing base hashuint256::ONE. - Assert in GetUTXOStats adds an additional check at the point where the segfault previously happened
- Removing the header wait loop is dead code removal and bit of a design change (good change breaking up a big function)
fafcddc to
fa9b74f
Compare
Thanks, force pushed so that the Assert is a separate commit, no code changes. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
There was a problem hiding this comment.
ACK fa9b74f (jamesob/ackr/21582.1.MarcoFalke.fix_assumeutxo_crash_due)
Looks good, thanks.
Show signature data
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
ACK fa9b74f5ea89624e052934c48391b5076a87ffef ([`jamesob/ackr/21582.1.MarcoFalke.fix_assumeutxo_crash_due`](https://github.com/jamesob/bitcoin/tree/ackr/21582.1.MarcoFalke.fix_assumeutxo_crash_due))
Looks good, thanks.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEGNRVI1NPYuZCSIrGepNdrbLETwUFAmBrT/QACgkQepNdrbLE
TwULqw//SIwBkIK7OsgTB1ycHuwVJnJqnbO67v0oG/KI/2483t7jBJvMCznX2ecT
at4FcfJ7HmyrWve4EKz5mpa7851s565ftUNMy+K6nGj53tr+ejXyioDmEamol/AT
KzYah/LQjtwdS/WbNs1JyXE3NQ0briscUhi6053tdYGDwmtc+bdh4wdkcySRWHFR
a7SLoASpQ4rj3c2VlSyDzXoUCLNtpvylO9aRxgINC/IOU8UKS/F51LjMIGmeNHHP
oDDJ8cZwQURfSqg8bIQWpVDFwGBhPdXAFrQdl2kBdqJa48yp4PEg7KIHkh+H3xKV
W4sn2xMghzwB+MtFOCUDTY6ggy7yuh/6w/ZLqBuwrQaZyepMu3OUJ8PnEH8mk4OV
ddVL43/iGoEf9lH+X3f6WykZFIDTeMy1Np0YGjrDcFzc3qxDpQip++dvcm3rblDP
BlaUUm1UucSU8ZafZZJpv5Jg0EpbPaNlAMb8qp1N73AD94ngYq/LIlgahu280obM
v7lAxApGzUpufGl0Fg5ARqvKPWpwEuS8FoM0EUkv8wNaJeNxZAuUgIJ3R8PmoffH
ffAgxlNS5Q6o3aAPsTin9hSR7Bfkzit4/Tm9xMHiH+WCHJPiML4mlO4h5DbSUjYn
dyxgaI1e32gJBrY/xroaiu8v+EmyJeHeuDlcbN+lP7AzhDN4XfU=
=Pv7n
-----END PGP SIGNATURE-----
Show platform data
Tested on Linux-4.19.0-10-amd64-x86_64-with-glibc2.28
Configured with ./configure LDFLAGS=-L/home/james/src/bitcoin/db4/lib/ -L/home/james/.local/lib CPPFLAGS=-I/home/james/src/bitcoin/db4/include/ -I/home/james/.local/include CXXFLAGS=-fPIE -pipe -O2 -g -Wthread-safety-analysis -Wall -Werror=sign-compare -Wsign-compare -Werror=thread-safety-analysis --enable-wallet --enable-debug --with-daemon --enable-natpmp-default --enable-multiprocess PKG_CONFIG_PATH=/home/james/.local/lib/pkgconfig CXX=/usr/bin/clang++ CC=/usr/bin/clang PYTHONPATH= --disable-shared --with-pic --enable-benchmark=no --with-bignum=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --disable-shared --with-pic --enable-benchmark=no --with-bignum=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --no-create --no-recursion
Compiled with /usr/bin/ccache /usr/bin/clang++ -std=c++17 -mavx -mavx2 -fPIE -pipe -O2 -g -Wthread-safety-analysis -Wall -Werror=sign-compare -Wsign-compare -Werror=thread-safety-analysis -O0 -g3 -ftrapv -Wstack-protector -fstack-protector-all -msse4 -msha -msse4.1 -msse4.2 i
Compiler version: clang version 7.0.1-8 (tags/RELEASE_701/final)
There was a problem hiding this comment.
Code review ACK fa9b74f with no code changes since last review, just splitting up combocommit a little.
This fixes an UB (which results in a crash with sanitizers enabled). Can be reproduced by cherry-picking the test without the other code changes.
Look good, though I'm curious if the crash was happening before the new test. Was the bug causing a different crash in another test? Or was it just discovered reading code?
This particular one was discovered by a fuzz target, which I wrote after I discovered a crash with code review: #21585 |
fa9b74f Fix assumeutxo crash due to missing base_blockhash (MarcoFalke) fa8fffe refactor: Prefer clean assert over UB in coinstats (MarcoFalke) Pull request description: This fixes an UB (which results in a crash with sanitizers enabled). Can be reproduced by cherry-picking the test without the other code changes. The fix: * Adds an `Assert` to transform the UB into a clean crash, even when sanitizers are disabled * Adds an early-fail condition to avoid the crash ACKs for top commit: jamesob: ACK fa9b74f ([`jamesob/ackr/21582.1.MarcoFalke.fix_assumeutxo_crash_due`](https://github.com/jamesob/bitcoin/tree/ackr/21582.1.MarcoFalke.fix_assumeutxo_crash_due)) ryanofsky: Code review ACK fa9b74f with no code changes since last review, just splitting up combocommit a little. Tree-SHA512: dd36808a09f49c647543a9eaa6fdb785b3f1109af48ba4cc983153b22a144da9ca61af22034dcfaa0e192a65b1ee7de744f187555079aff55bec0efa0ce87cd4
|
Post merge cr ACK fa9b74f
Nice fuzzing find! Fuzzing makes us: harder better faster^Wresilient stronger! 🎶 Don't forget to add your find to the growing list of trophies over at https://github.com/bitcoin-core/bitcoin-devwiki/wiki/Fuzz-Trophies :) |
Summary: bitcoin/bitcoin@769a1ef > test: Add tests with maleated snapshot data ---- https://github.com/bitcoin/bitcoin/pull/21681/files > validation: fix ActivateSnapshot to use hardcoded nChainTx > validation: remove nchaintx from assumeutxo metadata Only test related changes for these commits are in this revision ---- bitcoin/bitcoin@fa8fffe > refactor: Prefer clean assert over UB in coinstats ---- bitcoin/bitcoin@fa9b74f > Fix assumeutxo crash due to missing base_blockhash Only test related changes from this commit are in this revision. ---- bitcoin/bitcoin@fae33f9 > Fix assumeutxo crash due to invalid base_blockhash Only test related changes from this commit are in this revision. ---- This is a backport of [[bitcoin/bitcoin#19806 | core#19806]] [7/8] and test related changes from [[bitcoin/bitcoin#21681 | core#21681]], [[bitcoin/bitcoin#21582 | core#21582]] and [[bitcoin/bitcoin#21584 | core#21584]] Depends on D11240 Test Plan: `ninja check` With UBSAN: `ninja all check-all` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D11241
This fixes an UB (which results in a crash with sanitizers enabled). Can be reproduced by cherry-picking the test without the other code changes. The fix:
Assertto transform the UB into a clean crash, even when sanitizers are disabled