Issue Details

Number

24049

Title

net: signed-integer-overflow in LocalServiceInfo

Description

`LocalServiceInfo` is defined as: https://github.com/bitcoin/bitcoin/blob/16781e1bc9f8ffc721ebea73434e0066957bc959/src/net.h#L228-L231 `nScore` is of type int which is signed and is 4 bytes wide on my machine (clang-12). `nScore` is incremented by `SeenLocal` during the version handshake here: https://github.com/bitcoin/bitcoin/blob/16781e1bc9f8ffc721ebea73434e0066957bc959/src/net_processing.cpp#L2603-L2606 So I believe this UB is peer-triggerable (I don't think the compiler can detect this), but I don't think it's a big deal unless there's a node out there compiled with UBSAN or ftrapv. It seems like `nScore` can just be changed to int64_t.

URL

https://github.com/bitcoin/bitcoin/issue/24049

Closed by

Notes

Attention of

Kill Factor (1-10)

Save

Back to List