Browse Source

Merge #9980: Fix mem access violation merkleblock

8276e70de Adding assert to avoid a memory access violation inside of PartialMerkleTree::CalcHash() (Chris Stewart)

Pull request description:

  Fixing a possible memory access violation in CPartialMerkleTree::CalcHash().

  This can happen if we some how a merkle tree with zero txids. I don't think this can happen in practice as we only send merkle block messages on the p2p network as of now -- we cannot receive them.

  This was found with #8469, specifically using this [generator]( which will cause a memory access violation on [this test case](

Tree-SHA512: b95904ec45ea3f082c7722161d93ee06b24c706fbffa909a6e995ed14788aed2830f91b626da6f0347660c45874a0735dab61c9440b59c949c690af4165c83fb
Pieter Wuille 4 years ago
No account linked to committer's email address
2 changed files with 5 additions and 0 deletions
  1. 3
  2. 2

+ 3
- 0
src/merkleblock.cpp View File

@@ -59,6 +59,9 @@ CMerkleBlock::CMerkleBlock(const CBlock& block, const std::set<uint256>& txids)

uint256 CPartialMerkleTree::CalcHash(int height, unsigned int pos, const std::vector<uint256> &vTxid) {
//we can never have zero txs in a merkle block, we always need the coinbase tx
//if we do not have this assert, we can hit a memory access violation when indexing into vTxid
assert(vTxid.size() != 0);
if (height == 0) {
// hash at height 0 is the txids themself
return vTxid[pos];

+ 2
- 0
src/merkleblock.h View File

@@ -121,6 +121,8 @@ public:
* Used to relay blocks as header + vector<merkle branch>
* to filtered nodes.
* NOTE: The class assumes that the given CBlock has *at least* 1 transaction. If the CBlock has 0 txs, it will hit an assertion.
class CMerkleBlock