mirror of
https://github.com/monero-project/monero.git
synced 2024-12-26 13:39:28 +00:00
6bbc646e6f
The 98th percentile position in the agebytes map was incorrectly calculated: it assumed the transactions in the mempool all have unique timestamps at second-granularity. This commit fixes this by correctly finding the right cumulative number of transactions in the map suffix. This bug could lead to an out-of-bounds write in the rare case that all transactions in the mempool were received (and added to the mempool) at a rate of at least 50 transactions per second. (More specifically, the number of *unique* receive_time values, which have second- granularity, must be at most 2% of the number of transactions in the mempool for this crash to trigger.) If this condition is satisfied, 'it' points to *before* the agebytes map, 'delta' gets a nonsense value, and the value of 'i' in the first stats.histo-filling loop will be out of bounds of stats.histo. |
||
|---|---|---|
| .. | ||
| blockchain.cpp | ||
| blockchain.h | ||
| blockchain_storage_boost_serialization.h | ||
| CMakeLists.txt | ||
| cryptonote_core.cpp | ||
| cryptonote_core.h | ||
| cryptonote_tx_utils.cpp | ||
| cryptonote_tx_utils.h | ||
| tx_pool.cpp | ||
| tx_pool.h | ||
| tx_sanity_check.cpp | ||
| tx_sanity_check.h | ||