diff options
| author | Pieter Wuille <pieter.wuille@gmail.com> | 2017-07-17 11:00:40 -0700 |
|---|---|---|
| committer | Pieter Wuille <pieter.wuille@gmail.com> | 2017-07-17 15:12:39 -0700 |
| commit | fee0d803fb55c8d85b5cd1ff69d799c5ad522e18 (patch) | |
| tree | 09ea2c2d3e2ae0c7973a9e90c7f62c73b6edc995 | |
| parent | 0b019357ff09e7a522307fc271d6b60562a7b890 (diff) | |
| parent | 8276e70de15c5c3a7525471ad619edd1237b424a (diff) | |
Merge #9980: Fix mem access violation merkleblock
8276e70de Adding assert to avoid a memory access violation inside of PartialMerkleTree::CalcHash() (Chris Stewart)
Pull request description:
Fixing a possible memory access violation in CPartialMerkleTree::CalcHash().
This can happen if we some how a merkle tree with zero txids. I don't think this can happen in practice as we only send merkle block messages on the p2p network as of now -- we cannot receive them.
This was found with #8469, specifically using this [generator](https://github.com/Christewart/bitcoin/blob/rapidcheck/src/test/gen/merkleblock_gen.h#L52-L77) which will cause a memory access violation on [this test case](https://github.com/Christewart/bitcoin/blob/rapidcheck/src/test/merkleblock_properties.cpp#L48).
Tree-SHA512: b95904ec45ea3f082c7722161d93ee06b24c706fbffa909a6e995ed14788aed2830f91b626da6f0347660c45874a0735dab61c9440b59c949c690af4165c83fb
| -rw-r--r-- | src/merkleblock.cpp | 3 | ||||
| -rw-r--r-- | src/merkleblock.h | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/src/merkleblock.cpp b/src/merkleblock.cpp index ba5f7b400c..f0abea0611 100644 --- a/src/merkleblock.cpp +++ b/src/merkleblock.cpp @@ -59,6 +59,9 @@ CMerkleBlock::CMerkleBlock(const CBlock& block, const std::set<uint256>& txids) } uint256 CPartialMerkleTree::CalcHash(int height, unsigned int pos, const std::vector<uint256> &vTxid) { + //we can never have zero txs in a merkle block, we always need the coinbase tx + //if we do not have this assert, we can hit a memory access violation when indexing into vTxid + assert(vTxid.size() != 0); if (height == 0) { // hash at height 0 is the txids themself return vTxid[pos]; diff --git a/src/merkleblock.h b/src/merkleblock.h index de4c5c8d29..f590c487de 100644 --- a/src/merkleblock.h +++ b/src/merkleblock.h @@ -121,6 +121,8 @@ public: /** * Used to relay blocks as header + vector<merkle branch> * to filtered nodes. + * + * NOTE: The class assumes that the given CBlock has *at least* 1 transaction. If the CBlock has 0 txs, it will hit an assertion. */ class CMerkleBlock { |