mempool: Fix unintended unsigned integer wraparound in CTxMemPool::UpdateAncestorsOf(bool add, …) when add is false #14226
Conversation
practicalswift
changed the title
practicalswift
changed the title
|
Why did you decide to close this PR? After some digging I believe this change correctly fixes a bug, though I think the problem is not in the unsigned integer overflow (which is well-defined), but in casting the resulting unsigned integer to a signed type (which I have recently learned is not defined behavior, when the unsigned value would be negative). So I think this change, which casts to int64_t first before multiplying by -1, is exactly correct. |
|
@sdaftuar I received some feedback about my PR:s creating too much review work – that's the background to the close. But I'm happy to re-open :-) |
|
I haven't reviewed the claim that @sdaftuar makes, but I checked that on my machine the bitcoind compiled with clang doesn't change at all, and for gcc the objdump is the same. |
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
utACK @ryanofsky pointed me to this: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2013/n3690.pdf, from section 4.7.3
|
|
@sdaftuar @ryanofsky You might want to take a look at #11551 ( |
|
practicalswift
force-pushed
the
fix-integer-wraparound-in-calculation-of-updateSize-in-UpdateAncestorsOf
branch
2 times, most recently
from
a6de9e3
to
8b1b039
Compare
practicalswift
deleted the
fix-integer-wraparound-in-calculation-of-updateSize-in-UpdateAncestorsOf
branch
Fix unintended unsigned integer wraparound in
CTxMemPool::UpdateAncestorsOf(bool add, …)whenaddisfalse.