No longer ever reuse keypool indexes #10795

pull TheBlueMatt wants to merge 1 commits into bitcoin:master from TheBlueMatt:2017-07-wallet-keypool-overwrite changing 2 files +9 −10
  1. TheBlueMatt commented at 4:18 PM on July 11, 2017: contributor

    This fixes an issue where you could reserve a keypool entry, then top up the keypool, writing out a new key at the given index, then return they key from the pool. This isnt likely to cause issues, but given there is no reason to ever re-use keypool indexes (they're 64 bits...), best to avoid it alltogether.

    Builds on #10235, should probably get a 15 tag.

  2. laanwj added this to the milestone 0.15.0 on Jul 11, 2017
  3. laanwj added the label Wallet on Jul 11, 2017
  4. TheBlueMatt force-pushed on Jul 11, 2017
  5. TheBlueMatt cross-referenced this on Jul 11, 2017 from issue Track keypool entries as internal vs external in memory by TheBlueMatt
  6. TheBlueMatt force-pushed on Jul 11, 2017
  7. bitcoin deleted a comment on Jul 11, 2017
  8. TheBlueMatt force-pushed on Jul 12, 2017
  9. morcos commented at 8:19 PM on July 12, 2017: member

    utACK 1c01ea6

    bugfix needed for 0.15

  10. in src/wallet/wallet.cpp:3180 in 1c01ea6f78 outdated 
    3145 | -            }
3146 | -            if (!setExternalKeyPool.empty()) {
3147 | -                nEnd = std::max(nEnd, *(setExternalKeyPool.rbegin()) + 1);
3148 | -            }
3149 | +            int64_t index = ++m_max_keypool_index;
3150 | +            assert(index >= 0); // How in the hell did you use so many keys?
    sipa commented at 12:35 AM on July 13, 2017:

    Signed overflow is undefined behaviour, so the compiler is allowed to optimize this assert out (it can assume overflow never happens).

    morcos commented at 5:29 PM on July 13, 2017:

    heh, i almost commented that it would be clearer to check against max

    TheBlueMatt commented at 3:14 PM on July 14, 2017:

    Heh, but in practice it doesnt, plus its just an assert, so whatever :).

    gmaxwell commented at 6:27 AM on July 17, 2017:

    Code like this makes me go "wtf were the authors of this smoking": asserts like this are usually optimized out, so the code looks like it's saying that the author thought the signed overflow was kosher and that they thought it could happen here.

    laanwj commented at 7:42 AM on July 17, 2017:

    Would be better (non-UB, but also more clear to read) to check against std::numeric_limits<int64_t>::max() before the increase.

    TheBlueMatt commented at 3:01 PM on July 17, 2017:

    Done

  11. sipa commented at 12:37 AM on July 13, 2017: member

    utACK 1c01ea6f780ba1fff12f03cc14b24f70541e3cc8

  12. sipa commented at 12:39 AM on July 16, 2017: member

    Needs rebase.

  13. TheBlueMatt force-pushed on Jul 16, 2017
  14. TheBlueMatt commented at 10:51 PM on July 16, 2017: contributor

    Rebased.

  15. laanwj commented at 7:45 AM on July 17, 2017: member

    LGTM, what a foresight Satoshi had to use 64 bit numbers for keypool indexes in walletdb.

  16. morcos commented at 10:20 AM on July 17, 2017: member

    re-utACK 44d0996

  17. TheBlueMatt force-pushed on Jul 17, 2017
  18. gmaxwell commented at 3:31 PM on July 17, 2017: contributor

    @TheBlueMatt plz2rebase

  19. No longer ever reuse keypool indexes
    This fixes an issue where you could reserve a keypool entry, then
top up the keypool, writing out a new key at the given index, then
return they key from the pool. This isnt likely to cause issues,
but given there is no reason to ever re-use keypool indexes
(they're 64 bits...), best to avoid it alltogether.
    1fc8c3de0c
  20. TheBlueMatt commented at 4:12 PM on July 17, 2017: contributor

    Rebased.

  21. TheBlueMatt force-pushed on Jul 17, 2017
  22. morcos commented at 5:51 PM on July 17, 2017: member

    re-re-utACK 1fc8c3d (one more and I think git will do it for me)

  23. laanwj merged this on Jul 18, 2017
  24. laanwj closed this on Jul 18, 2017
  25. laanwj referenced this in commit 7b6e8bc442 on Jul 18, 2017
  26. jonasschnelli commented at 8:25 AM on July 18, 2017: contributor

    post merge ACK

  27. PastaPastaPasta referenced this in commit 4bab9cb2d0 on Sep 16, 2019
  28. PastaPastaPasta referenced this in commit b8c1d66fb9 on Sep 18, 2019
  29. barrystyle referenced this in commit 9e562ac2a1 on Jan 22, 2020
  30. bitcoin locked this on Sep 8, 2021
Contributors
TheBlueMattmorcossipagmaxwelllaanwjjonasschnelli
Labels
Wallet

Milestone
0.15.0

Linked (view graph)
#10235 Track keypool entries as internal vs external in memory
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:55 UTC