fix: resolve signed integer overflow UB in CoinJoin priority and timeout

thepastaclaw · claude · thepastaclaw · commit 817234fa9453 · 2026-03-24T19:23:30.000-05:00
CalculateAmountPriority in common.h could overflow when assigning a
negated int64_t division result to an int return type with extreme
CAmount values. Add a MoneyRange guard to return 0 for out-of-range
inputs, as CoinJoin amounts are always within valid money range.

IsTimeOutOfBounds in coinjoin.cpp could overflow on signed subtraction
when current_time and nTime are extreme values. Add a guard rejecting
negative timestamps (which are always invalid) so the original
subtraction logic is safe for all remaining non-negative inputs.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/coinjoin/coinjoin.cpp b/src/coinjoin/coinjoin.cpp
@@ -57,6 +57,7 @@ bool CCoinJoinQueue::CheckSignature(const CBLSPublicKey& blsPubKey) const
 
 bool CCoinJoinQueue::IsTimeOutOfBounds(int64_t current_time) const
 {
+    if (current_time < 0 || nTime < 0) return true;
     return current_time - nTime > COINJOIN_QUEUE_TIMEOUT ||
            nTime - current_time > COINJOIN_QUEUE_TIMEOUT;
 }
diff --git a/src/coinjoin/common.h b/src/coinjoin/common.h
@@ -118,6 +118,7 @@ constexpr bool IsCollateralAmount(CAmount nInputAmount)
 
 constexpr int CalculateAmountPriority(CAmount nInputAmount)
 {
+    if (nInputAmount < 0 || nInputAmount > MAX_MONEY) return 0;
     if (auto optDenom = util::find_if_opt(GetStandardDenominations(),
                                           [&nInputAmount](const auto& denom) { return nInputAmount == denom; })) {
         return (float)COIN / *optDenom * 10000;

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,7 @@ bool CCoinJoinQueue::CheckSignature(const CBLSPublicKey& blsPubKey) const`
`57`	`57`
`58`	`58`	`bool CCoinJoinQueue::IsTimeOutOfBounds(int64_t current_time) const`
`59`	`59`	`{`
	`60`	`+ if (current_time < 0 \|\| nTime < 0) return true;`
`60`	`61`	`return current_time - nTime > COINJOIN_QUEUE_TIMEOUT \|\|`
`61`	`62`	`nTime - current_time > COINJOIN_QUEUE_TIMEOUT;`
`62`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -118,6 +118,7 @@ constexpr bool IsCollateralAmount(CAmount nInputAmount)`
`118`	`118`
`119`	`119`	`constexpr int CalculateAmountPriority(CAmount nInputAmount)`
`120`	`120`	`{`
	`121`	`+ if (nInputAmount < 0 \|\| nInputAmount > MAX_MONEY) return 0;`
`121`	`122`	`if (auto optDenom = util::find_if_opt(GetStandardDenominations(),`
`122`	`123`	`[&nInputAmount](const auto& denom) { return nInputAmount == denom; })) {`
`123`	`124`	`return (float)COIN / optDenom 10000;`