diff options
| author | Gregory Maxwell <greg@xiph.org> | 2012-10-24 01:41:52 -0400 |
|---|---|---|
| committer | Luke Dashjr <luke-jr+git@utopios.org> | 2012-11-12 22:47:09 +0000 |
| commit | 2857d51fea8a982e2229a4d7b36f56b2d24bf011 (patch) | |
| tree | 1ee9708059778ad0b27199b394ad578f85602c96 | |
| parent | 3e72516398298e205712fbcf307c45765c969949 (diff) | |
| download | bitcoin-2857d51fea8a982e2229a4d7b36f56b2d24bf011.tar.xz | |
Fixes a race condition in CreateNewBlock and a future null deref on testnet.
CreateNewBlock was reading pindexBest at the start before taking the lock
so it was possible to have the the block content not match the prevheader
and this can also trigger a newly added assert in ConnectBlock.
I noticed this during a code review after twobitcoins reported that ab91bf39
(BIP30 for all blocks) could cause a null dereference on a modified node
that mined during the IBD, or on testnet when it reached heights 91842 and
91880 due to CreateNewBlock calling ConnectBlock with pindex->phashBlock NULL.
| -rw-r--r-- | src/main.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/main.cpp b/src/main.cpp index 0524e7f835..1dcc4ad5fc 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -1416,7 +1416,8 @@ bool CBlock::ConnectBlock(CTxDB& txdb, CBlockIndex* pindex, bool fJustCheck) // Now that the whole chain is irreversibly beyond that time it is applied to all blocks except the // two in the chain that violate it. This prevents exploiting the issue against nodes in their // initial block download. - bool fEnforceBIP30 = !((pindex->nHeight==91842 && pindex->GetBlockHash() == uint256("0x00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec")) || + bool fEnforceBIP30 = (!pindex->phashBlock) || // Enforce on CreateNewBlock invocations which don't have a hash. + !((pindex->nHeight==91842 && pindex->GetBlockHash() == uint256("0x00000000000a4d0a398161ffc163c503763b1f4360639393e0e4c8e300e0caec")) || (pindex->nHeight==91880 && pindex->GetBlockHash() == uint256("0x00000000000743f190a18c5577a3c2d2a1f610ae9601ac046a38084ccb7cd721"))); // BIP16 didn't become active until Apr 1 2012 @@ -3460,7 +3461,6 @@ public: CBlock* CreateNewBlock(CReserveKey& reservekey) { - CBlockIndex* pindexPrev = pindexBest; // Create new block auto_ptr<CBlock> pblock(new CBlock()); @@ -3505,6 +3505,7 @@ CBlock* CreateNewBlock(CReserveKey& reservekey) int64 nFees = 0; { LOCK2(cs_main, mempool.cs); + CBlockIndex* pindexPrev = pindexBest; CTxDB txdb("r"); // Priority order to process transactions |