diff options
| author | Gregory Maxwell <greg@xiph.org> | 2012-10-24 01:41:52 -0400 |
|---|---|---|
| committer | Gregory Maxwell <greg@xiph.org> | 2012-10-24 02:13:03 -0400 |
| commit | faff50d129b6d4b9e6397ac989218e83a26ae692 (patch) | |
| tree | 45b7bdc6a35e44ffd248d6797c35243c15f05560 | |
| parent | 675a39fc4f24f9e0c9947e311a39efb6b7261c20 (diff) | |
Fixes a race condition in CreateNewBlock and a future null deref on testnet.
CreateNewBlock was reading pindexBest at the start before taking the lock
so it was possible to have the the block content not match the prevheader
and this can also trigger a newly added assert in ConnectBlock.
I noticed this during a code review after twobitcoins reported that ab91bf39
(BIP30 for all blocks) could cause a null dereference on a modified node
that mined during the IBD, or on testnet when it reached heights 91842 and
91880 due to CreateNewBlock calling ConnectBlock with pindex->phashBlock NULL.
| -rw-r--r-- | src/main.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/main.cpp b/src/main.cpp index be1e947ad3..08188f376a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1558,7 +1558,8 @@ bool CBlock::ConnectBlock(CBlockIndex* pindex, CCoinsViewCache &view, bool fJust // Now that the whole chain is irreversibly beyond that time it is applied to all blocks except the // two in the chain that violate it. This prevents exploiting the issue against nodes in their // initial block download. - bool fEnforceBIP30 = !((pindex->nHeight==91842 && pindex->GetBlockHash() == uint256("0x00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec")) || + bool fEnforceBIP30 = (!pindex->phashBlock) || // Enforce on CreateNewBlock invocations which don't have a hash. + !((pindex->nHeight==91842 && pindex->GetBlockHash() == uint256("0x00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec")) || (pindex->nHeight==91880 && pindex->GetBlockHash() == uint256("0x00000000000743f190a18c5577a3c2d2a1f610ae9601ac046a38084ccb7cd721"))); if (fEnforceBIP30) { for (unsigned int i=0; i<vtx.size(); i++) { @@ -3750,7 +3751,6 @@ CScript scriptDummy(std::vector<unsigned char>(pszDummy, pszDummy + sizeof(pszDu CBlock* CreateNewBlock(CReserveKey& reservekey) { - CBlockIndex* pindexPrev = pindexBest; // Create new block auto_ptr<CBlock> pblock(new CBlock()); @@ -3795,6 +3795,7 @@ CBlock* CreateNewBlock(CReserveKey& reservekey) int64 nFees = 0; { LOCK2(cs_main, mempool.cs); + CBlockIndex* pindexPrev = pindexBest; CCoinsViewCache view(*pcoinsTip, true); // Priority order to process transactions |