Skip to content

Commit

Permalink
lightningd: fix crash with -O3 -flto.
Browse files Browse the repository at this point in the history 
It's foolish to ban passing NULL, 0 to memcpy, memset et al, but
it's been done.  At high level of optimization, GCC assumes this doesn't
happen, and yep, assumes "if (ctx)" inside tal_free() must be true.

So when a psbt is NULL, and psbt_get_bytes returns NULL, a crash ensues:

```
lightningd: FATAL SIGNAL 6 (version v0.12.0rc2-6-g47efa5d-modded)
0x5557dfc42fef send_backtrace
	common/daemon.c:33
0x5557dfc42fef crashdump
	common/daemon.c:46
0x7fe93ef5851f ???
	./signal/../sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c:0
0x7fe93efaca7c __pthread_kill_implementation
	./nptl/pthread_kill.c:44
0x7fe93efaca7c __pthread_kill_internal
	./nptl/pthread_kill.c:78
0x7fe93efaca7c __GI___pthread_kill
	./nptl/pthread_kill.c:89
0x7fe93ef58475 __GI_raise
	../sysdeps/posix/raise.c:26
0x7fe93ef3e7f2 __GI_abort
	./stdlib/abort.c:79
0x5557dfbb0c28 call_error
	ccan/ccan/tal/tal.c:93
0x5557dfbb0c34 check_bounds
	ccan/ccan/tal/tal.c:165
0x5557dfbb0c34 to_tal_hdr
	ccan/ccan/tal/tal.c:178
0x5557dfc7a1d3 tal_free
	ccan/ccan/tal/tal.c:482
0x5557dfc609d3 tal_free
	ccan/ccan/tal/tal.c:477
0x5557dfc609d3 towire_wally_psbt
	bitcoin/psbt.c:743
0x5557dfbc5dfc towire_dualopend_got_offer_reply
	openingd/dualopend_wiregen.c:358
0x5557dfbc5dfc openchannel2_hook_cb
	lightningd/dual_open_control.c:671
0x5557dfc22f4f plugin_hook_callback
	lightningd/plugin_hook.c:210
0x5557dfc1dfbe plugin_response_handle
	lightningd/plugin.c:591
0x5557dfc1dfbe plugin_read_json_one
	lightningd/plugin.c:702
0x5557dfc1dfbe plugin_read_json
	lightningd/plugin.c:747
0x5557dfc71756 next_plan
	ccan/ccan/io/io.c:59
0x5557dfc775d5 io_ready
	ccan/ccan/io/io.c:417
0x5557dfc775d5 io_loop
	ccan/ccan/io/poll.c:453
0x5557dfbdb1ce io_loop
	ccan/ccan/io/poll.c:380
0x5557dfbdb1ce io_loop_with_timers
	lightningd/io_loop_with_timers.c:22
0x5557dfbb37d1 main
	lightningd/lightningd.c:1195
0x7fe93ef3fd8f __libc_start_call_main
	../sysdeps/nptl/libc_start_call_main.h:58
0x7fe93ef3fe3f __libc_start_main_impl
	../csu/libc-start.c:392
0x5557dfbb6e84 ???
	???:0
0xffffffffffffffff ???
	???:0
```

Signed-off-by: Rusty Russell <[email protected]>
  • Loading branch information
@rustyrussell @cdecker
rustyrussell authored and cdecker committed Sep 12, 2022
1 parent 4ca1203 commit 2ac775f
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion wire/towire.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ void towire(u8 **pptr, const void *data, size_t len)
size_t oldsize = tal_count(*pptr);

tal_resize(pptr, oldsize + len);
memcpy(*pptr + oldsize, memcheck(data, len), len);
/* The C standards committee has a lot to answer for :( */
if (len)
memcpy(*pptr + oldsize, memcheck(data, len), len);
}

void towire_u8(u8 **pptr, u8 v)
Expand Down

0 comments on commit 2ac775f

Please sign in to comment.