lightningd, openingd: remove active code inside assert().

We don't compile with NDEBUG defined, but if we did, this code would vanish. I did a quick audit, inspired by @ZmnSCPxj. I actually hacked up something to compile with NDEBUG (many unused vars resulted, and of course unit tests are allowed to rely on assert()), and after this the testsuite still passes. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-01-18 05:12:45 +01:00 · 2020-02-13 16:01:04 +10:30 · 2020-02-13 16:01:04 +10:30 · 11149ef5a1
commit 11149ef5a1
parent dd334df80d
2 changed files with 10 additions and 3 deletions
--- a/lightningd/notification.c
+++ b/lightningd/notification.c
@ -191,8 +191,9 @@ static void forward_event_notification_serialize(struct json_stream *stream,
 		cur->channel_out = *scid_out;
 		if (amount_out) {
 			cur->msat_out = *amount_out;
-			assert(amount_msat_sub(&cur->fee,
-					       in->msat, *amount_out));
+			if (!amount_msat_sub(&cur->fee,
+					     in->msat, *amount_out))
+				abort();
 		} else {
 			cur->msat_out = AMOUNT_MSAT(0);
 			cur->fee = AMOUNT_MSAT(0);
--- a/openingd/openingd.c
+++ b/openingd/openingd.c
@ -852,7 +852,13 @@ static u8 *funder_channel_complete(struct state *state)

 	/* We recalculate the local_msat from cached values; should
 	 * succeed because we checked it earlier */
-	assert(amount_sat_sub_msat(&local_msat, state->funding, state->push_msat));
+	if (!amount_sat_sub_msat(&local_msat, state->funding, state->push_msat))
+		status_failed(STATUS_FAIL_INTERNAL_ERROR,
+			      "push_msat %s > funding %s?",
+			      type_to_string(tmpctx, struct amount_msat,
+					     &state->push_msat),
+			      type_to_string(tmpctx, struct amount_sat,
+					     &state->funding));

 	if (!funder_finalize_channel_setup(state, local_msat, &sig, &tx))
 		return NULL;