New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
assumeutxo, blockstorage: Prevent core dump on invalid hash #28698
assumeutxo, blockstorage: Prevent core dump on invalid hash #28698
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
Concept ACK I think in practice the most likely scenario for triggering this condition is that a user first successfully loads an UTXO snapshot with AssumeUTXO hash H in release version Y, and at some later point runs an earlier release version X on that same datadir (i.e. X < Y and Y includes H in the AssumeUTXO parameters, but X doesn't yet). This will probably not happen too often, but nevertheless the crash should be fixed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK
caae1c9 looks good, just two suggestions
I haven't tried reproducing the crash or the fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review ACK caae1c9
Nice catch. It would be good to have a python test for this. A test can trigger the crash / error by just creating a chainstate_snapshot/base_blockhash
file in the datadir with a random block hash.
From the command line this is also easy to test by running:
mkdir ~/.bitcoin/regtest/chainstate_snapshot
dd bs=32 count=1 if=/dev/urandom of=~/.bitcoin/regtest/chainstate_snapshot/base_blockhash
bitcoin -regtest
I've written a test using this idea, based on this PR on commit theStack@fb4eb16 (branch https://github.com/theStack/bitcoin/commits/pr28698_test_followup), feel free to include it here @pablomartin4btc. |
True, tested it, thanks @ryanofsky!
|
caae1c9
to
3d7c103
Compare
Rebased. I've also included suggestions from @Sjors, @ryanofsky and functional test from @theStack. Thanks to all for reviewing! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review ACK 3d7c103. New test is nice and implementation is a little cleaner
Code review ACK 3d7c103 |
…rameters Co-authored-by: Russell Yanofsky <russ@yanofsky.org> Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
3d7c103
to
811067c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 811067c
nit, if you have to retouch: probably it would be good to also check for the specific error message ("Assumeutxo data not found for the given blockhash..."
) via assert_debug_log
, rather than only the generic "fatal internal error" one which goes to stderr.
Agree with @theStack's suggestion, forgot to say that yesterday. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review ACK 811067c.
Just suggested test simplifications since last review. I also agree the suggestion to check specifically for the right error message would be nice.
ACK 811067c |
Github-Pull: bitcoin#28698 Rebased-from: 4a5be10
…rameters Co-authored-by: Russell Yanofsky <russ@yanofsky.org> Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com> Github-Pull: bitcoin#28698 Reabsed-From: 811067c
Backported this to 26.x in #28754. |
Github-Pull: bitcoin#28698 Rebased-from: 4a5be10
…rameters Co-authored-by: Russell Yanofsky <russ@yanofsky.org> Co-authored-by: Sebastian Falbesoner <sebastian.falbesoner@gmail.com> Github-Pull: bitcoin#28698 Reabsed-From: 811067c
e4e8479 doc: update manual pages for v26.0rc2 (fanquake) 0b189a9 build: bump version to v26.0rc2 (fanquake) e097d4c gui: fix crash on selecting "Mask values" in transaction view (Sebastian Falbesoner) 05e8874 guix: update signapple (fanquake) deccc50 guix: Zip needs to include all files with time as SOURCE_DATE_EPOCH (Andrew Chow) fe57abd test: add coverage for snapshot chainstate not matching AssumeUTXO parameters (pablomartin4btc) b761a58 assumeutxo, blockstorage: prevent core dump on invalid hash (pablomartin4btc) d3ebf6e [test] Test i2p private key constraints (Vasil Dimov) 1f11784 [net] Check i2p private key constraints (dergoegge) 6544ffa bugfix: Mark CNoDestination and PubKeyDestination constructor explicit (MarcoFalke) Pull request description: Backports for v26.0rc2: * #28695 * #28698 * #28728 * #28757 * #28759 * bitcoin-core/gui#774 ACKs for top commit: josibake: ACK e4e8479 hebasto: re-ACK e4e8479, only a backport of bitcoin-core/gui#774 added since my [recent](#28754 (review)) review. TheCharlatan: Re-ACK e4e8479 Tree-SHA512: 4b95afd26b8bf91250cb883423de8b274cefa48dc474734f5900aeb756eee3a6c656116efcfa2caff3c250678c16b70cc6b7a5d840018dc7e2c1e8161622cd61
This is a follow-up on the invalid hash dump fix PR bitcoin#28698. bitcoin#28698 (review)
…bug_log on the assumeutxo invalid hash dump - follow-up #28698 7de7685 test, assumeutxo: Use assert_debug_log for error details (pablomartin4btc) Pull request description: This is a follow-up on the invalid hash dump fix #28698, [suggested](bitcoin/bitcoin#28698 (review)) by theStack and agreed by Sjors and ryanofsky. ACKs for top commit: Sjors: ACK 7de7685 maflcko: lgtm ACK 7de7685 Tree-SHA512: 036b3cef3084e3ead8923e8dcabe4fa7ebe97fb514d223aa38bc38df10337e3fe3113e42322178b58fb03fcd4511af4b5b56bceecbb7ded5b9758842c70db3f2
This is a follow-up on the invalid hash dump fix PR #28698. bitcoin/bitcoin#28698 (review)
While reviewing #27596 (ran
loadtxoutset
inmainnet
beforem_assumeutxo_data
is empty as currently in master - back to 1b1d711), got acore dumped
, so it seems there's a potential issue if new releases ever remove snapshot details or a semi-experienced user performs aloadtxoutset
on a different "customised" binary version (not sure if this is a real use case).This is also happening before IBD is completed (
background validation
still being performed as it can be seen in rpcgetchainstates
)Steps to reproduce the core dump error and its output:
loadtxoutset
inmainnet
on compiledbitcoind
adding the block hash from Sjors's commit.master
without any changes on top.bitcoind
, soon it'll crash with:After original change, error message output:
Alternative on error handling using
return error()
instead ofreturn FatalError()
used in this PR, which produces a different output and perhaps confusing:Current state (including ryanofsky suggestion), after code change, error message output: