From 054530cfb9af7bffdf866f51510c9d24d9e08b49 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Sat, 2 Mar 2019 21:45:30 -0500
Subject: [PATCH] Fix potential overflow bug introduced in channel reserve
 check fix

Found by chanmon_fail_consistency fuzz test.
---
 src/ln/channel.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/ln/channel.rs b/src/ln/channel.rs
index 6a4c8613b..3745c11a1 100644
--- a/src/ln/channel.rs
+++ b/src/ln/channel.rs
@@ -881,9 +881,14 @@ impl Channel {
 			}
 		}
 
-
 		let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
-		let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset;
+		assert!(value_to_self_msat >= 0);
+		// Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
+		// AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
+		// "violate" their reserve value by couting those against it. Thus, we have to convert
+		// everything to i64 before subtracting as otherwise we can overflow.
+		let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
+		assert!(value_to_remote_msat >= 0);
 
 		#[cfg(debug_assertions)]
 		{
-- 
2.39.5