Skip to content

miniscript: Use ToIntegral instead of ParseInt64 #30577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
achow101 merged 1 commit into from
Aug 7, 2024
Merged

miniscript: Use ToIntegral instead of ParseInt64 #30577

achow101 merged 1 commit into from
Aug 7, 2024

Conversation

@brunoerg
Copy link
Contributor

@brunoerg brunoerg commented Aug 2, 2024

Currently, miniscript code uses ParseInt64 function for after, older, multi and thresh fragments. It means that a leading + or whitespace, among other things, are accepted into the fragments. However, these cases are not useful and cause Bitcoin Core to behave differently compared to other miniscript implementations (see bitcoinfuzz/bitcoinfuzz#34). This PR fixes it.

@DrahtBot
Copy link
Contributor

DrahtBot commented Aug 2, 2024
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK tdb3, danielabrozzoni, darosior, achow101

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

maflcko
maflcko reviewed Aug 3, 2024
View reviewed changes
Copy link
Member

@maflcko maflcko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't find a test vector in https://github.com/bitcoin/bips/blob/master/bip-0379.md#test-vectors, but it would be good to add one in this pull request at least?

tdb3
tdb3 reviewed Aug 5, 2024
View reviewed changes
Copy link
Contributor

@tdb3 tdb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approach ACK
Nice. Seems to make things safer.

Looks like after, older, multi, and thresh are exercised in the existing test/functional/wallet_miniscript.py.

I agree with maflko's comment about using string_view over string.

darosior
darosior reviewed Aug 5, 2024
View reviewed changes
Copy link
Member

@darosior darosior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK. Good catch, again.

This is not a breaking change for any hypothetical user who'd have imported such a descriptor to their wallet, since we use our own serialization to derive the descriptor id and store in the wallet database.

This is a minor breaking change of the RPC interface. But it's fine because it's corrective: i don't think anybody would be relying on this incorrect behaviour as it serves no additional purpose and there exists no compiler or software library that would produce such descriptors.

Let's cover those in the misc unit test?

diff --git a/src/test/miniscript_tests.cpp b/src/test/miniscript_tests.cpp
index c99a4594ce..b155adff85 100644
--- a/src/test/miniscript_tests.cpp
+++ b/src/test/miniscript_tests.cpp
@@ -698,6 +698,11 @@ BOOST_AUTO_TEST_CASE(fixed_tests)
     BOOST_CHECK(ms_ins && ms_ins->IsValid() && !ms_ins->IsSane());
     const auto insane_sub = ms_ins->FindInsaneSub();
     BOOST_CHECK(insane_sub && *insane_sub->ToString(wsh_converter) == "and_b(after(1),a:after(1000000000))");
+    // Numbers can't be prefixed by a sign.
+    BOOST_CHECK(!miniscript::FromString("after(-1)", wsh_converter));
+    BOOST_CHECK(!miniscript::FromString("after(+1)", wsh_converter));
+    BOOST_CHECK(!miniscript::FromString("thresh(-1,pk(03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204))", wsh_converter));
+    BOOST_CHECK(!miniscript::FromString("multi(+1,03cdabb7f2dce7bfbd8a0b9570c6fd1e712e5d64045e9d6b517b3d5072251dc204)", wsh_converter));
 
     // Timelock tests
     Test("after(100)", "?", "?", TESTMODE_VALID | TESTMODE_NONMAL); // only heightlock

@brunoerg brunoerg force-pushed the 2024-07-miniscript-tointegral branch from 95ef8a2 to 6714276 Compare August 5, 2024 11:34
@brunoerg
Copy link
Contributor Author

brunoerg commented Aug 5, 2024

Thanks @maflcko, @tdb3 and @darosior.

Force-pushed.
Changed that to use string_view and added the tests suggested by @darosior.

@brunoerg brunoerg mentioned this pull request Aug 5, 2024
Closed
tdb3
tdb3 approved these changes Aug 5, 2024
View reviewed changes
Copy link
Contributor

@tdb3 tdb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cr ACK 6714276
Ran unit/functionals locally (passed).

@DrahtBot DrahtBot requested a review from darosior August 5, 2024 13:41
@brunoerg brunoerg requested a review from maflcko August 5, 2024 14:40
danielabrozzoni
danielabrozzoni approved these changes Aug 5, 2024
View reviewed changes
Copy link
Member

@danielabrozzoni danielabrozzoni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tACK 6714276

darosior
darosior reviewed Aug 6, 2024
View reviewed changes
Copy link
Member

@darosior darosior left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 6714276

@achow101
Copy link
Member

achow101 commented Aug 7, 2024

ACK 6714276

@achow101 achow101 merged commit ce1c881 into bitcoin:master Aug 7, 2024
@maflcko maflcko mentioned this pull request Apr 28, 2025
Merged
achow101 added a commit that referenced this pull request Apr 29, 2025
@achow101
Merge #32365: descriptors: Reject + sign while parsing unsigned
51d7663 
fa655da test: [refactor] Use ToIntegral in CheckInferDescriptor (MarcoFalke)
fa55dd0 descriptors: Reject + sign when parsing multi threshold (MarcoFalke)
fa6f77e descriptors: Reject + sign in ParseKeyPathNum (MarcoFalke)

Pull request description:

  As a follow-up to #30577, reject `+` for unsigned values in key-path parsing and multi threshold parsing as well.

  Both of those are using unsigned, and Bitcoin Core would never serialize a descriptor string with a stray `+`. Accepting stray `+` signs could lead to checksum mismatches, or other incompatibilities later on.

  Just like #30577, both changes are breaking changes on the RPC interface, but hopefully no one should be relying on this behavior in production. Similarly, both changes should be fine for the wallet, because it normalizes the strings on import, see #30577 (review).

ACKs for top commit:
  achow101:
    ACK fa655da
  brunoerg:
    code review ACK fa655da
  janb84:
    tACK [fa655da](fa655da)

Tree-SHA512: d0c7262a167f7ba98b44ed8bf49ff4c15a1eb647cbac39a59b83c7cc379903c24dae3996e5f557497eb08e16d7121417916147058d97bdf168cd6eada57dceef
@bitcoin bitcoin locked and limited conversation to collaborators Aug 7, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@maflcko maflcko Awaiting requested review from maflcko

3 more reviewers

@darosior darosior darosior left review comments

@danielabrozzoni danielabrozzoni danielabrozzoni approved these changes

@tdb3 tdb3 tdb3 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Descriptors

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@brunoerg @DrahtBot @achow101 @maflcko @darosior @danielabrozzoni @tdb3