diff options
| author | Gavin Andresen <gavinandresen@gmail.com> | 2012-09-18 14:30:47 -0400 |
|---|---|---|
| committer | Gavin Andresen <gavinandresen@gmail.com> | 2012-10-08 17:46:45 -0400 |
| commit | eed1785f701be93ac2464e854c2a7de1f748ef84 (patch) | |
| tree | 012b0bae35dfc7f35c10d341e50dd31fb88c6cf1 /src/db.h | |
| parent | 8d5f461cb6d4bb954fef5c3deebe2b2a7bdbfe27 (diff) | |
| download | bitcoin-eed1785f701be93ac2464e854c2a7de1f748ef84.tar.xz | |
Handle corrupt wallets gracefully.
Corrupt wallets used to cause a DB_RUNRECOVERY uncaught exception and a
crash. This commit does three things:
1) Runs a BDB verify early in the startup process, and if there is a
low-level problem with the database:
+ Moves the bad wallet.dat to wallet.timestamp.bak
+ Runs a 'salvage' operation to get key/value pairs, and
writes them to a new wallet.dat
+ Continues with startup.
2) Much more tolerant of serialization errors. All errors in deserialization
are reported by tolerated EXCEPT for errors related to reading keypairs
or master key records-- those are reported and then shut down, so the user
can get help (or recover from a backup).
3) Adds a new -salvagewallet option, which:
+ Moves the wallet.dat to wallet.timestamp.bak
+ extracts ONLY keypairs and master keys into a new wallet.dat
+ soft-sets -rescan, to recreate transaction history
This was tested by randomly corrupting testnet wallets using a little
python script I wrote (https://gist.github.com/3812689)
Diffstat (limited to 'src/db.h')
| -rw-r--r-- | src/db.h | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -50,6 +50,25 @@ public: ~CDBEnv(); void MakeMock(); bool IsMock() { return fMockDb; }; + + /* + * Verify that database file strFile is OK. If it is not, + * call the callback to try to recover. + * This must be called BEFORE strFile is opened. + * Returns true if strFile is OK. + */ + enum VerifyResult { VERIFY_OK, RECOVER_OK, RECOVER_FAIL }; + VerifyResult Verify(std::string strFile, bool (*recoverFunc)(CDBEnv& dbenv, std::string strFile)); + /* + * Salvage data from a file that Verify says is bad. + * fAggressive sets the DB_AGGRESSIVE flag (see berkeley DB->verify() method documentation). + * Appends binary key/value pairs to vResult, returns true if successful. + * NOTE: reads the entire database into memory, so cannot be used + * for huge databases. + */ + typedef std::pair<std::vector<unsigned char>, std::vector<unsigned char> > KeyValPair; + bool Salvage(std::string strFile, bool fAggressive, std::vector<KeyValPair>& vResult); + bool Open(boost::filesystem::path pathEnv_); void Close(); void Flush(bool fShutdown); @@ -58,6 +77,7 @@ public: bool GetDetach() { return fDetachDB; } void CloseDb(const std::string& strFile); + bool RemoveDb(const std::string& strFile); DbTxn *TxnBegin(int flags=DB_TXN_WRITE_NOSYNC) { |