Fix potential overflow bug introduced in channel reserve check fix

author Matt Corallo <git@bluematt.me>

Sun, 3 Mar 2019 02:45:30 +0000 (21:45 -0500)

committer Matt Corallo <git@bluematt.me>

Fri, 22 Mar 2019 21:43:32 +0000 (17:43 -0400)
author Matt Corallo <git@bluematt.me>
Sun, 3 Mar 2019 02:45:30 +0000 (21:45 -0500)
committer Matt Corallo <git@bluematt.me>
Fri, 22 Mar 2019 21:43:32 +0000 (17:43 -0400)
diff --git a/src/ln/channel.rs b/src/ln/channel.rs

index 6a4c8613ba6f3557c63ee6ad354678c9e6092bb2..3745c11a1ae295b58ff8e2af23f43a52a9517f38 100644 (file)
--- a/src/ln/channel.rs
+++ b/src/ln/channel.rs
@@ -881,9 +881,14 @@ impl Channel {
                         }
                 }
  
-
                 let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
-               let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset;
+               assert!(value_to_self_msat >= 0);
+               // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
+               // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
+               // "violate" their reserve value by couting those against it. Thus, we have to convert
+               // everything to i64 before subtracting as otherwise we can overflow.
+               let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
+               assert!(value_to_remote_msat >= 0);
  
                 #[cfg(debug_assertions)]
                 {
author	Matt Corallo <git@bluematt.me>
	Sun, 3 Mar 2019 02:45:30 +0000 (21:45 -0500)
committer	Matt Corallo <git@bluematt.me>
	Fri, 22 Mar 2019 21:43:32 +0000 (17:43 -0400)