-
Notifications
You must be signed in to change notification settings - Fork 35.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CExtKey::Unserialize and CExtPubKey::Unserialize throw std::runtime_error instead of the expected std::ios_base::failure #17130
Comments
Friendly ping @jonasschnelli :) Could you clarify? This is a fuzzing blocker I'd like to get rid of if possible :) |
Those messages are not sent over p2p, so fuzzing is nice to have, but not going to harden the protocol layer. I guess they might be written by the wallet? In that case, you might want to check if the wallet is handling those exceptions properly. |
The only use of bitcoin/src/test/bip32_tests.cpp Lines 122 to 136 in f2a0948
I cannot find any non-test usage. |
Maybe you can remove that logic then? |
I'm pretty sure serialization is used by the wallet for the |
@achow101 bitcoin/src/wallet/rpcdump.cpp Lines 802 to 813 in 46d6930
|
Hmm, so the actual serialization happens in Encode/Decode, not Serialize/Unserialize, and that's what #16463 uses. So in that case, I think it is fine to get rid of Serialize/Unserialize. |
Since #15814 + #15814 (comment) I'm a bit hesitant to touch dead code :) Perhaps we can put a "good first issue" tag on this one and let a newcomer take care of the removal. From a fuzzing perspective I've got my needs covered: if this code isn't used it doesn't matter if invalid deserialisation input makes it throw an unexpected exception type ( |
Ok, will add "good first issue" |
Removing is probably fine. If this will ever be needed, a simple |
…ization methods 5b44a75 refactor: Remove unused CExt{Pub,}Key (de)serialization methods (Sebastian Falbesoner) Pull request description: As pointed out in issue bitcoin#17130, the serialization/deserialization methods for the classes `CExtKey` and `CExtPubKey` are only used in the BIP32 unit tests and hence can be removed (see comments bitcoin#17130 (comment), bitcoin#17130 (comment) and bitcoin#17130 (comment)). ACKs for top commit: practicalswift: ACK 5b44a75 -- -60 LOC diff looks correct :) promag: ACK 5b44a75. MarcoFalke: unsigned ACK 5b44a75 fjahr: ACK 5b44a75 jonatack: Light ACK 5b44a75. Built, ran tests and bitcoind. `git blame` shows most of the last changes are from commit 90604f1 in 2015 to add bip32 pubkey serialization. Tree-SHA512: 6887573b76b9e54e117a076557407b6f7908719b2202fb9eea498522baf9f30198b3f78b87a62efcd17ad1ab0886196f099239992ce7cbbaee79979ffe9e5f2c
…ization methods 5b44a75 refactor: Remove unused CExt{Pub,}Key (de)serialization methods (Sebastian Falbesoner) Pull request description: As pointed out in issue bitcoin#17130, the serialization/deserialization methods for the classes `CExtKey` and `CExtPubKey` are only used in the BIP32 unit tests and hence can be removed (see comments bitcoin#17130 (comment), bitcoin#17130 (comment) and bitcoin#17130 (comment)). ACKs for top commit: practicalswift: ACK 5b44a75 -- -60 LOC diff looks correct :) promag: ACK 5b44a75. MarcoFalke: unsigned ACK 5b44a75 fjahr: ACK 5b44a75 jonatack: Light ACK 5b44a75. Built, ran tests and bitcoind. `git blame` shows most of the last changes are from commit 90604f1 in 2015 to add bip32 pubkey serialization. Tree-SHA512: 6887573b76b9e54e117a076557407b6f7908719b2202fb9eea498522baf9f30198b3f78b87a62efcd17ad1ab0886196f099239992ce7cbbaee79979ffe9e5f2c
…ization methods 5b44a75 refactor: Remove unused CExt{Pub,}Key (de)serialization methods (Sebastian Falbesoner) Pull request description: As pointed out in issue bitcoin#17130, the serialization/deserialization methods for the classes `CExtKey` and `CExtPubKey` are only used in the BIP32 unit tests and hence can be removed (see comments bitcoin#17130 (comment), bitcoin#17130 (comment) and bitcoin#17130 (comment)). ACKs for top commit: practicalswift: ACK 5b44a75 -- -60 LOC diff looks correct :) promag: ACK 5b44a75. MarcoFalke: unsigned ACK 5b44a75 fjahr: ACK 5b44a75 jonatack: Light ACK 5b44a75. Built, ran tests and bitcoind. `git blame` shows most of the last changes are from commit 90604f1 in 2015 to add bip32 pubkey serialization. Tree-SHA512: 6887573b76b9e54e117a076557407b6f7908719b2202fb9eea498522baf9f30198b3f78b87a62efcd17ad1ab0886196f099239992ce7cbbaee79979ffe9e5f2c
…ization methods 5b44a75 refactor: Remove unused CExt{Pub,}Key (de)serialization methods (Sebastian Falbesoner) Pull request description: As pointed out in issue bitcoin#17130, the serialization/deserialization methods for the classes `CExtKey` and `CExtPubKey` are only used in the BIP32 unit tests and hence can be removed (see comments bitcoin#17130 (comment), bitcoin#17130 (comment) and bitcoin#17130 (comment)). ACKs for top commit: practicalswift: ACK 5b44a75 -- -60 LOC diff looks correct :) promag: ACK 5b44a75. MarcoFalke: unsigned ACK 5b44a75 fjahr: ACK 5b44a75 jonatack: Light ACK 5b44a75. Built, ran tests and bitcoind. `git blame` shows most of the last changes are from commit 90604f1 in 2015 to add bip32 pubkey serialization. Tree-SHA512: 6887573b76b9e54e117a076557407b6f7908719b2202fb9eea498522baf9f30198b3f78b87a62efcd17ad1ab0886196f099239992ce7cbbaee79979ffe9e5f2c
…ization methods 5b44a75 refactor: Remove unused CExt{Pub,}Key (de)serialization methods (Sebastian Falbesoner) Pull request description: As pointed out in issue bitcoin#17130, the serialization/deserialization methods for the classes `CExtKey` and `CExtPubKey` are only used in the BIP32 unit tests and hence can be removed (see comments bitcoin#17130 (comment), bitcoin#17130 (comment) and bitcoin#17130 (comment)). ACKs for top commit: practicalswift: ACK 5b44a75 -- -60 LOC diff looks correct :) promag: ACK 5b44a75. MarcoFalke: unsigned ACK 5b44a75 fjahr: ACK 5b44a75 jonatack: Light ACK 5b44a75. Built, ran tests and bitcoind. `git blame` shows most of the last changes are from commit 90604f1 in 2015 to add bip32 pubkey serialization. Tree-SHA512: 6887573b76b9e54e117a076557407b6f7908719b2202fb9eea498522baf9f30198b3f78b87a62efcd17ad1ab0886196f099239992ce7cbbaee79979ffe9e5f2c
CExtKey::Unserialize(...)
andCExtPubKey::Unserialize(...)
throwstd::runtime_error
instead of the expectedstd::ios_base::failure
.Context (taken from an e-mail):
Code:
bitcoin/src/key.h
Lines 174 to 183 in 376638a
bitcoin/src/pubkey.h
Lines 240 to 249 in 78dae8c
FWIW the code paths in question are reachable by the fuzzers added in PR #17051 ("tests: Add deserialization fuzzing harnesses").
The text was updated successfully, but these errors were encountered: