Fix Memory Leak #2671

pull bytemaster wants to merge 2 commits into bitcoin:master from bytemaster:master changing 1 files +4 −0
  1. bytemaster commented at 4:48 PM on May 19, 2013: contributor

    See Subject.

  2. BitcoinPullTester commented at 5:22 PM on May 19, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/f584fc268e9efbfcfe524fc88b3a8cf818b2aff5 for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  3. Diapolo commented at 5:55 PM on May 19, 2013: none

    Can you be more detailed with your commit message like fix memory leak in CKey::SetCompactSignature()?

  4. BitcoinPullTester commented at 6:44 PM on May 19, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/e628e185fd524ffd8cf0f1bbd83d21f5e4bda2bb for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  5. Diapolo commented at 6:53 PM on May 19, 2013: none

    Alright, can you now please also squash those 3 commits into one.

  6. bytemaster commented at 6:58 PM on May 19, 2013: contributor

    Don't know how to do that...

    On May 19, 2013, at 2:53 PM, Philip Kaufmann notifications@github.com wrote:

    Alright, can you now please also squash those 3 commits into one.

    — Reply to this email directly or view it on GitHub.

  7. Diapolo commented at 7:00 PM on May 19, 2013: none

    git rebase origin -i replace pick with reword for the first commit and edit the commit message replace pick with squash for commit 2 and 3 git push origin master -f

    I'm just ensuring with my comments, that core devs will merge your commit :).

  8. fix memory leak in CKey::SetCompactSignature() 173601705c
  9. jgarzik commented at 7:24 PM on May 19, 2013: contributor

    Seems correct at first glance. I'd have to review the functions called in SetCompactSignature() before ACK'ing, to be 100% certain

  10. sipa commented at 7:29 PM on May 19, 2013: member

    ACK

  11. bytemaster commented at 7:31 PM on May 19, 2013: contributor

    I believe there is also a memory leak on Line 331 (same issue).

    I can roll that into this patch or create a new one.

    On May 19, 2013, at 3:29 PM, Pieter Wuille notifications@github.com wrote:

    ACK

    — Reply to this email directly or view it on GitHub.

  12. Diapolo commented at 7:44 PM on May 19, 2013: none

    @bytemaster If there are more leaks in key.cpp it would be fine to have fixes in this pull for them IMHO.

  13. Fix memory leak on exception in Key::SignCompact a9280652ce
  14. BitcoinPullTester commented at 8:18 PM on May 19, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/173601705ccf189fd83e3854f71f6a872c6faeda for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  15. BitcoinPullTester commented at 8:59 PM on May 19, 2013: none

    Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/a9280652ce61ddbbecfe16e18e1e464bb1f5d34d for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.

  16. laanwj commented at 10:26 AM on May 20, 2013: member

    ACK (though ideally we should be using RAII so that these kind of mistakes cannot be made)

  17. Diapolo commented at 3:34 PM on May 20, 2013: none

    @bytemaster How did you find these problems, just by browsing the code of via some tool?

  18. bytemaster commented at 5:23 PM on May 20, 2013: contributor

    I was using the source code as an example for creating my own ECC library.

    The real question is what kind of security implications are there? Could someone construct transactions to exploit these leaks? I doubt anyone could lose coins, but you could crash all of the nodes on the network with the right kind of trx spam.

    On Mon, May 20, 2013 at 11:34 AM, Philip Kaufmann notifications@github.comwrote:

    @bytemaster https://github.com/bytemaster How did you find these problems, just by browsing the code of via some tool?

    — Reply to this email directly or view it on GitHubhttps://github.com/bitcoin/bitcoin/pull/2671#issuecomment-18153974 .

  19. gmaxwell commented at 5:34 PM on May 20, 2013: contributor

    @bytemaster We only use key recovery for verifymessage (the manual message signing stuff), and we only sign in response to user/rpc request, never P2P. Unless I'm missing something here there is no such risk in these cases.

    (None the less— the fixes are fantastic and also point out the memleak testing I've been doing recently, which hasn't involved using sign message or creating transactions while under instrumentation, is inadequate. thanks!)

  20. sipa commented at 6:15 PM on May 20, 2013: member

    CompactSignature is indeed only used for message signing, so there is no remote vulnerability. Also, see #2600, which does a large refactor of the key.cpp code (it moved EC_KEY into an internal RAII wrapper, though not EC_SIG)

  21. Diapolo commented at 6:43 AM on May 23, 2013: none

    Wouldn't have hurt to pull this for 0.8.2 RC2 ;)?

  22. gmaxwell commented at 1:09 AM on May 24, 2013: contributor

    @Diapolo I'm not eager to pull a fix for a non-network triggerable leak that I can't (easily) reproduce right before a release.

  23. sipa referenced this in commit ec0004aca0 on May 30, 2013
  24. sipa merged this on May 30, 2013
  25. sipa closed this on May 30, 2013
  26. bitcoin locked this on Sep 8, 2021
Contributors
bytemasterBitcoinPullTesterDiapolojgarziksipalaanwjgmaxwell
Linked (view graph)
#2600 Refactor key.cpp/.h
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:55 UTC