Skip to content

Serialize node block in the requested form, stripping witness.#1069

Open
echennells wants to merge 1 commit into
libbitcoin:masterfrom
echennells:fix-block-serialize-non-witness
Open

Serialize node block in the requested form, stripping witness.#1069
echennells wants to merge 1 commit into
libbitcoin:masterfrom
echennells:fix-block-serialize-non-witness

Conversation

@echennells

Copy link
Copy Markdown

A peer requesting a block without witness (getdata MSG_BLOCK) crashes the node.

messages::block held the store's wire bytes plus an advisory witnessed_ flag, and serialize/size guarded on witness == witnessed_. The generic serializer calls serialize with the default witness = true, so the guard fails, serialize returns false, and the null payload is sent without a null check — any peer can trigger it (in debug the size() assert trips first).

The guard is the root error, but the witness argument must also function: a witness node servicing a non-witness peer must strip the witness on serialize, and the serializer cannot rely on the held object's form, because one object may be sent to peers with differing requirements.

The message now holds a system::chain::block_view instead of the wire bytes and delegates serialize/size to block.to_data(witness) / block.serialized_size(witness) — the view strips the witness when serialized without it. protocol_block_out_106 selects the form at read time. The incorrect guard and assert are removed.

messages::transaction carries the same guard, but nothing serializes it yet (transaction-out re-serializes from the parsed transaction), so it is left unchanged.

Depends on libbitcoin/libbitcoin-system#1905 — will not build without it.

Full node test suite green.

A peer requesting a block without witness (getdata MSG_BLOCK) crashes the
node. messages::block held the store's wire bytes plus an advisory witnessed_
flag, and serialize/size guarded on witness == witnessed_. The generic
serializer calls serialize with the default witness = true, so the guard
fails, serialize returns false, and the null payload is sent without a null
check. Any peer can trigger it.

The guard is the root error, but the witness argument must also function: a
witness node servicing a non-witness peer must strip the witness on serialize,
and the serializer cannot rely on the held object's form because one object
may be sent to peers with differing requirements. Hold a
system::chain::block_view instead of raw bytes and delegate serialize and size
to block.to_data(witness) and block.serialized_size(witness); the view strips
the witness when serialized without it. protocol_block_out_106 selects the
form at read time via get_wire_block(link, witness) and wraps the result in the
view.

messages::transaction carries the same guard but nothing serializes it yet
(transaction-out re-serializes from the parsed transaction), so it is left
unchanged.

Depends on the libbitcoin-system block_view and transaction_view to_data
implementation.
@echennells echennells force-pushed the fix-block-serialize-non-witness branch from db94fe2 to 627e27c Compare July 3, 2026 00:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant