From: Matt Corallo Date: Sun, 3 Mar 2019 02:45:30 +0000 (-0500) Subject: Fix potential overflow bug introduced in channel reserve check fix X-Git-Tag: v0.0.12~221^2 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=054530cfb9af7bffdf866f51510c9d24d9e08b49;p=rust-lightning Fix potential overflow bug introduced in channel reserve check fix Found by chanmon_fail_consistency fuzz test. --- diff --git a/src/ln/channel.rs b/src/ln/channel.rs index 6a4c8613b..3745c11a1 100644 --- a/src/ln/channel.rs +++ b/src/ln/channel.rs @@ -881,9 +881,14 @@ impl Channel { } } - let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset; - let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset; + assert!(value_to_self_msat >= 0); + // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie + // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to + // "violate" their reserve value by couting those against it. Thus, we have to convert + // everything to i64 before subtracting as otherwise we can overflow. + let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset; + assert!(value_to_remote_msat >= 0); #[cfg(debug_assertions)] {