Fix assumeutxo crash due to invalid base_blockhash #21584

maflcko · 2021-04-03T14:49:27Z

Starting with commit d6af06d, a block hash of all-zeros is invalid and will lead to a crash of the node. Can be tested by cherry-picking the test changes without the other changes.

Stack trace (copied from #21584 (comment)):

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff583c8b1 in __GI_abort () at abort.c:79
#2  0x00007ffff582c42a in __assert_fail_base (fmt=0x7ffff59b3a38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x555556c8b450 "!hashBlock.IsNull()", file=file@entry=0x555556c8b464 "txdb.cpp", line=line@entry=89, 
    function=function@entry=0x555556c8b46d "virtual bool CCoinsViewDB::BatchWrite(CCoinsMap &, const uint256 &)") at assert.c:92
#3  0x00007ffff582c4a2 in __GI___assert_fail (assertion=0x555556c8b450 "!hashBlock.IsNull()", file=0x555556c8b464 "txdb.cpp", line=89, 
    function=0x555556c8b46d "virtual bool CCoinsViewDB::BatchWrite(CCoinsMap &, const uint256 &)") at assert.c:101
#4  0x000055555636738b in CCoinsViewDB::BatchWrite (this=0x5555577975c0, mapCoins=std::unordered_map with 110 elements = {...}, hashBlock=...) at txdb.cpp:89
#5  0x00005555564a2e80 in CCoinsViewBacked::BatchWrite (this=0x5555577975f8, mapCoins=std::unordered_map with 110 elements = {...}, hashBlock=...) at coins.cpp:30
#6  0x00005555564a43de in CCoinsViewCache::Flush (this=0x55555778eaf0) at coins.cpp:223
#7  0x00005555563fc11d in ChainstateManager::PopulateAndValidateSnapshot (this=0x55555740b038 <g_chainman>, snapshot_chainstate=..., coins_file=..., metadata=...)
    at validation.cpp:5422
#8  0x00005555563fab3d in ChainstateManager::ActivateSnapshot (this=0x55555740b038 <g_chainman>, coins_file=..., metadata=..., in_memory=true) at validation.cpp:5299
#9  0x0000555555e8c893 in validation_chainstatemanager_tests::CreateAndActivateUTXOSnapshot<validation_chainstatemanager_tests::chainstatemanager_activate_snapshot::test_method()::$_12>(NodeContext&, boost::filesystem::path, validation_chainstatemanager_tests::chainstatemanager_activate_snapshot::test_method()::$_12) (node=..., 
    root=..., malleation=...) at test/validation_chainstatemanager_tests.cpp:199
#10 0x0000555555e8877a in validation_chainstatemanager_tests::chainstatemanager_activate_snapshot::test_method (this=0x7fffffffc8d0)
    at test/validation_chainstatemanager_tests.cpp:262

maflcko · 2021-04-03T14:52:33Z

Introduced in #19806

DrahtBot · 2021-04-04T06:43:17Z

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

ChainstateManager locking improvements #21620 (ChainstateManager locking improvements by jamesob)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

ryanofsky

Code review ACK fae0997. This all looks good, and I especially like getting rid of the magic 0 block hashes.

One thing I'm not clear on is the motivation for moving the assume utxo block hash check earlier in fa8676b. Is it just supposed to be an optimization to fail faster if an unrecognized snapshot is loaded? Or is it actually still a crash fix after #21582?

src/chainparams.cpp

src/chainparams.h

src/validation.cpp

src/test/validation_chainstatemanager_tests.cpp

maflcko · 2021-04-13T08:54:54Z

Force pushed in an attempt to address feedback.

is it actually still a crash fix

Yes. You can check by running the added test without the fix and observing the crash.

ryanofsky

Code review ACK 3333a34. Since last review main change was to restore some previous code and no longer change the MapAssumeutxo definition.

Now that I understand the crash better, I will say I broadly agree with comments from Marco like #19806 (review), and it doesn't seem great that PopulateAndValidateSnapshot feeds untrusted data to CCoins code that wasn't necessarily written to handle it. (I'm imagining an assumeutxo snapshot file that doesn't load correctly, but does launch calc.exe on windows.) Maybe the assumeutxo data should include a simpler hash along with the CCoinsStats hash, that could be checked before the data is fed to CCoins.

jamesob

ACK 3333a34

Reviewed code on Github; haven't fetched/built locally.

Changes all look good, thanks for these. Using optional vs. IsNull() for the hashes is a lot better.

DrahtBot · 2021-05-03T09:32:34Z

🕵️ @jamesob @sipa have been requested to review this pull request as specified in the REVIEWERS file.

laanwj · 2021-05-05T13:08:34Z

Code review ACK, haven't tested the fix but it is much better to use std::optional instead of special-casing a hash value.
Needs rebase, though.

Can be reviewed with --color-moved=dimmed-zebra

This avoids accidentally mixing it up with other hashes (like block hashes).

Can be reviewed with --color-moved=dimmed-zebra --color-moved-ws=ignore-all-space

Just use std::optional

maflcko · 2021-05-11T09:54:52Z

Rebased. Should be trivial to re-ACK

jamesob

ACK fa340b8 (jamesob/ackr/21584.1.MarcoFalke.fix_assumeutxo_crash_due)

Built, ran tests locally. Change looks good; not only fixes the crash
bug, but removes special-case interpretation of 0000... as null
blockhash value.

Show signature data

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ACK fa340b87944764ea4e8e04038fe7471fd452bc23 ([`jamesob/ackr/21584.1.MarcoFalke.fix_assumeutxo_crash_due`](https://github.com/jamesob/bitcoin/tree/ackr/21584.1.MarcoFalke.fix_assumeutxo_crash_due))

Built, ran tests locally. Change looks good; not only fixes the crash
bug, but removes special-case interpretation of `0000...` as null
blockhash value.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEGNRVI1NPYuZCSIrGepNdrbLETwUFAmCcB70ACgkQepNdrbLE
TwXO6hAAlqvcS4gXI4Q702FfwOMO3Kmp2ZAbZy9yW6sIIJVkAcYxV8+CXf8UdWu5
dzQFKWWbGA9+Kbis1sva71OVWarBNQLVeUvZ8PHlfVLRLDXQ7YzOPUjidYKHNLtN
B3t4WhOLnUKVXtC1J98beaE4ZyaWtTvk7000xVEepiA73BSVCgAQA05pajBWGxdA
m9sgoaivixkNZbew+Twy6svmTBzUK6SQmODG6dHZhSKgc8DCzXSffgQFTPRoYfsL
e0YZJfrsnh/8UePIrA8FHDmEeupE9L36byg51W5E3ubHj1zMB4ZZTBhd7JX7+jPJ
gEjYU9JMkbSpZmOjmbnf/JMTpIrhjxzKGpcO+KEG4XmzYaaZ5S5VxYv/7Ym2PJKH
sDdhj9xaX79ATveyC+QN6fnk6/+/MedqQBRAFcnZubfe9+J4885lJj5AKFEZBZUu
V+hePUsSL22M/eMLVwJAzpXZ3TUU4ga3r1epdOtIpaLqg1YUH39pDV0YBZSdCIpR
27IfbnUsHGCfT8ddPIdjp/EViAAKl/9WS28GOT9GYF7ig39Voi/ropPiEbdv/IpQ
o2ilsAyS5jehtzZrLFw3/XcvM0/+KmXuE4hPreHEZoQbjpkmi+Kw4eMLtZaGEn6u
PWOUUghFNQJhR5qJqByWgkGPfCBYUB1xLsISiYJdOD8v11jvLS4=
=2I/H
-----END PGP SIGNATURE-----

Show platform data

Tested on Linux-4.19.0-16-amd64-x86_64-with-glibc2.28

Configured with ./configure LDFLAGS=-L/home/james/src/bitcoin/db4/lib/ CPPFLAGS=-I/home/james/src/bitcoin/db4/include/ CXXFLAGS=-fPIE -pipe -O2 -g -Wthread-safety-analysis -Wall -Werror=sign-compare -Wsign-compare -Werror=thread-safety-analysis --enable-wallet --enable-debug --with-daemon --enable-natpmp-default CXX=/usr/local/bin/clang++ CC=/usr/local/bin/clang PYTHONPATH= --disable-shared --with-pic --enable-benchmark=no --with-bignum=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --disable-shared --with-pic --enable-benchmark=no --with-bignum=no --enable-module-recovery --enable-module-schnorrsig --enable-experimental --no-create --no-recursion

Compiled with /usr/bin/ccache /usr/local/bin/clang++ -std=c++17 -mavx -mavx2 -fPIE -pipe -O2 -g -Wthread-safety-analysis -Wall -Werror=sign-compare -Wsign-compare -Werror=thread-safety-analysis -O0 -g3 -ftrapv -fdebug-prefix-map=$(abs_srcdir)=.  -Wstack-protector -fstack-protector-all -fcf-protection=full -fstack-clash-protection -msse4 -msha -msse4.1 -msse4.2  i

Compiler version: Debian clang version 11.1.0-++20210405104510+1fdec59bffc1-1~exp1~20210405085125.161

laanwj · 2021-05-12T18:59:17Z

Code review re-ACK fa340b8

Summary: Can be reviewed with --color-moved=dimmed-zebra This is a partial backport of [[bitcoin/bitcoin#21584 | core#21584]] bitcoin/bitcoin@faa921f Test Plan: `ninja all check-all` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D11330

Summary: Values for mainnet and testnet will be specified in a follow-up PR that can be scrutinized accordingly. This structure is required for use in snapshot activation logic. This is a backport of [[bitcoin/bitcoin#19806 | core#19806]] [4/8] and [[bitcoin/bitcoin#21584 | core#21584]] [2 & 3/5] bitcoin/bitcoin@7a6c46b bitcoin/bitcoin@0000007 bitcoin/bitcoin@fa5668b (partial) Notes: - The new circular dependency was added by core in a later commit. We already need it here. - We also check the allowed hashes in a functional test reproducing the deterministic regtest chain and allowed hashes. Depends on D11328 Test Plan: `ninja all check-all` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D11238

Summary: bitcoin/bitcoin@769a1ef > test: Add tests with maleated snapshot data ---- https://github.com/bitcoin/bitcoin/pull/21681/files > validation: fix ActivateSnapshot to use hardcoded nChainTx > validation: remove nchaintx from assumeutxo metadata Only test related changes for these commits are in this revision ---- bitcoin/bitcoin@fa8fffe > refactor: Prefer clean assert over UB in coinstats ---- bitcoin/bitcoin@fa9b74f > Fix assumeutxo crash due to missing base_blockhash Only test related changes from this commit are in this revision. ---- bitcoin/bitcoin@fae33f9 > Fix assumeutxo crash due to invalid base_blockhash Only test related changes from this commit are in this revision. ---- This is a backport of [[bitcoin/bitcoin#19806 | core#19806]] [7/8] and test related changes from [[bitcoin/bitcoin#21681 | core#21681]], [[bitcoin/bitcoin#21582 | core#21582]] and [[bitcoin/bitcoin#21584 | core#21584]] Depends on D11240 Test Plan: `ninja check` With UBSAN: `ninja all check-all` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D11241

Summary: Just use std::optional This concludes backport of [[bitcoin/bitcoin#21584 | core#21584]] bitcoin/bitcoin@fa340b8 Depends on D11334 and D11241 Test Plan: `ninja all check-all` Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D11331

maflcko mentioned this pull request Apr 3, 2021

Fix assumeutxo crash due to truncated file #21585

Merged

DrahtBot added the Validation label Apr 3, 2021

maflcko force-pushed the 2104-assumeutxoCrash02 branch from 804156f to 06bd064 Compare April 4, 2021 06:17

DrahtBot mentioned this pull request Apr 4, 2021

Fix assumeutxo crash due to missing base_blockhash #21582

Merged

maflcko mentioned this pull request Apr 4, 2021

validation: UTXO snapshot activation #19806

Merged

This was referenced Apr 6, 2021

Coinstats Index #19521

Merged

ChainstateManager locking improvements #21620

Closed

maflcko force-pushed the 2104-assumeutxoCrash02 branch 4 times, most recently from d370f20 to fae0997 Compare April 9, 2021 19:41

maflcko marked this pull request as ready for review April 9, 2021 19:42

DrahtBot mentioned this pull request Apr 10, 2021

Add fee_est tool for debugging fee estimation code #10443

Closed

ryanofsky approved these changes Apr 12, 2021

View reviewed changes

src/chainparams.cpp Outdated Show resolved Hide resolved

src/chainparams.h Outdated Show resolved Hide resolved

src/validation.cpp Outdated Show resolved Hide resolved

src/test/validation_chainstatemanager_tests.cpp Show resolved Hide resolved

maflcko force-pushed the 2104-assumeutxoCrash02 branch from fae0997 to fa19a40 Compare April 13, 2021 08:49

maflcko force-pushed the 2104-assumeutxoCrash02 branch from fa19a40 to 3333a34 Compare April 13, 2021 10:09

ryanofsky approved these changes Apr 13, 2021

View reviewed changes

jamesob approved these changes Apr 14, 2021

View reviewed changes

DrahtBot added the Needs rebase label Apr 30, 2021

MarcoFalke added 4 commits May 11, 2021 10:38

move-only: Add util/hash_type

faa921f

Can be reviewed with --color-moved=dimmed-zebra

refactor: Remove unused code

0000007

refactor: Use type-safe assumeutxo hash

fa5668b

This avoids accidentally mixing it up with other hashes (like block hashes).

Fix assumeutxo crash due to invalid base_blockhash

fae33f9

Can be reviewed with --color-moved=dimmed-zebra --color-moved-ws=ignore-all-space

maflcko force-pushed the 2104-assumeutxoCrash02 branch from 3333a34 to fa9b802 Compare May 11, 2021 08:41

DrahtBot removed the Needs rebase label May 11, 2021

refactor: Avoid magic value of all-zeros in assumeutxo base_blockhash

fa340b8

Just use std::optional

maflcko force-pushed the 2104-assumeutxoCrash02 branch from fa9b802 to fa340b8 Compare May 11, 2021 09:21

jamesob approved these changes May 12, 2021

View reviewed changes

laanwj merged commit ee9befe into bitcoin:master May 12, 2021

maflcko deleted the 2104-assumeutxoCrash02 branch May 12, 2021 19:27

sidhujag pushed a commit to syscoin/syscoin that referenced this pull request May 13, 2021

Merge bitcoin#21584: Fix assumeutxo crash due to invalid base_blockhash

86b8f4d

jnewbery mentioned this pull request Sep 13, 2021

test: add addpeeraddress "tried", test addrman checks on restart with asmap #22831

Merged

gwillen pushed a commit to ElementsProject/elements that referenced this pull request Jun 1, 2022

Merge ee9befe into merged_master (Bitc 7E00 oin PR bitcoin/bitcoin#21584)

1fd44e5

bitcoin locked as resolved and limited conversation to collaborators Aug 16, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix assumeutxo crash due to invalid base_blockhash #21584

Fix assumeutxo crash due to invalid base_blockhash #21584

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Fix assumeutxo crash due to invalid base_blockhash #21584

Fix assumeutxo crash due to invalid base_blockhash #21584

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Conflicts

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!