You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While fuzzing the RPC interface I stumbled upon a signed integer overflow in CFeeRate::GetFee(…) which is reachable via the following analyzepsbt RPC call:
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --with-sanitizers=address,undefined
$ make
$ UBSAN_OPTIONS="print_stacktrace=1" src/bitcoind &
$ src/bitcoin-cli analyzepsbt cHNidP8BABMAAAYAAAFdAAAKAAIEAAAAAAAGAAA=
policy/feerate.cpp:26:34: runtime error: signed integer overflow: -59373636730022578 * 1000 cannot be represented in type 'long'
#0 0x55751767911b in CFeeRate::GetFee(unsigned long) const src/policy/feerate.cpp:26:34
#1 0x557516e2e6a0 in CFeeRate::GetFeePerK() const src/./policy/feerate.h:60:41
#2 0x557516e2e6a0 in analyzepsbt()::$_17::operator()(RPCHelpMan const&, JSONRPCRequest const&) const src/rpc/rawtransaction.cpp:1842:85
...
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior policy/feerate.cpp:26:34 in
{
"estimated_vsize": 19,
"estimated_feerate": -40334045.08893923,
"fee": -11280990.97870429,
"next": "extractor"
}
Nothing high priority of course, but still worth fixing :)
The text was updated successfully, but these errors were encountered:
While fuzzing the RPC interface I stumbled upon a signed integer overflow in
CFeeRate::GetFee(…)
which is reachable via the followinganalyzepsbt
RPC call:Nothing high priority of course, but still worth fixing :)
The text was updated successfully, but these errors were encountered: