mirror of
https://github.com/XRPLF/rippled.git
synced 2026-04-29 15:37:57 +00:00
fe8403f9c4
- Fix signed integer overflow UB in negation operations by performing
negation in unsigned domain before casting back to signed. Applies to
IOUAmount, XRPAmount, MPTAmount, and throughout STAmount (operator+,
set, canonicalize, xrp/iou/mpt accessors, constructors).
- Fix post-decrement loop patterns that cause unsigned integer overflow
(e.g. `while(n--)`) by replacing with `while(n > 0) { --n; ... }` or
`for` loops in DecayingSample.h, varint.h, base64.cpp, BasicApp.cpp,
and yield_to.h.
- Add Counts::adjustCounter() helper in PeerFinder to safely adjust
size_t counters by signed values without triggering UBSan.
- Fix uninitialized member in ValidatorSite_test and remove
overflow-dependent initialization in LexicalCast_test.
- Drastically reduce ubsan.supp by removing broad per-file suppressions
now that the underlying issues are fixed. Keep only targeted
suppressions for external libraries (RocksDB, protobuf, gRPC, nudb,
snappy, abseil) and intentional unsigned wraps in rippled (STAmount
arithmetic, nft::cipheredTaxon).
- Remove UBSAN_OPTIONS runtime suppressions file from CI workflow.
- Enable UBSan builds for gcc-13 in addition to clang-20 in CI matrix.
- Add fPIC handling in conanfile.py when Address sanitizer is active.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
protocol
Classes and functions for handling data and values associated with the XRP Ledger protocol.
Serialized Objects
Objects transmitted over the network must be serialized into a canonical format. The prefix "ST" refers to classes that deal with the serialized format.
The term "Tx" or "tx" is an abbreviation for "Transaction", a commonly occurring object type.
Optional Fields
Our serialized fields have some "type magic" to make optional fields easier to read:
- The operation
x[sfFoo]means "return the value of 'Foo' if it exists, or the default value if it doesn't." - The operation
x[~sfFoo]means "return the value of 'Foo' if it exists, or nothing if it doesn't." This usage of the tilde/bitwise NOT operator is not standard outside of therippledcodebase.- As a consequence of this,
x[~sfFoo] = y[~sfFoo]assigns the value of Foo from y to x, including omitting Foo from x if it doesn't exist in y.
- As a consequence of this,
Typically, for things that are guaranteed to exist, you use
x[sfFoo] and avoid having to deal with a container that may
or may not hold a value. For things not guaranteed to exist,
you use x[~sfFoo] because you want such a container. It
avoids having to look something up twice, once just to see if
it exists and a second time to get/set its value.
(Real example)
The source of this "type magic" is in SField.h.