Skip to content

Update wire to fix a potential use-after-free#2614

Merged
jrick merged 1 commit intodecred:masterfrom
jrick:wire_uaf
Feb 26, 2026
Merged

Update wire to fix a potential use-after-free#2614
jrick merged 1 commit intodecred:masterfrom
jrick:wire_uaf

Conversation

@jrick
Copy link
Member

@jrick jrick commented Feb 26, 2026
edited
Loading

MsgTx decoding could result in caller-provided scripts being incorrectly added to the script freelist when decoding errors. These scripts will be reused during later deserializations, overwriting the existing scripts caller previously provided. This is, in other words, the same as a use-after-free violation in languages with manual memory management.

wire v1.7.4 provides a mitigation for this issue, as well as other performance improvements and addrv2 message support that dcrwallet will eventually benefit from.

@jrick jrick mentioned this pull request Feb 26, 2026
Closed
@jrick
Update wire to fix a potential use-after-free
bb6e8b4 
MsgTx decoding could result in caller-provided scripts being incorrectly added
to the script freelist when decoding errors.  These scripts will be reused
during later deserializations, overwriting the existing scripts caller
previously provided.  This is, in other words, the same as a use-after-free
violation in languages with manual memory management.

wire v1.7.4 provides a mitigation for this issue, as well as other performance
improvements and addrv2 message support that dcrwallet will eventually benefit
from.
@jrick jrick merged commit bb6e8b4 into decred:master Feb 26, 2026
2 checks passed
@jrick jrick deleted the wire_uaf branch February 26, 2026 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davecgh davecgh davecgh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jrick @davecgh