Disable fuzzing-reachable debug assertions in ChannelMonitors

2025-02-25 15:20:24 +01:00 · 2023-12-25 00:54:45 +00:00 · 2023-12-25 00:54:45 +00:00 · 248e2f5be5
commit 248e2f5be5
parent c7258426cd
2 changed files with 8 additions and 2 deletions
--- a/lightning/src/chain/channelmonitor.rs
+++ b/lightning/src/chain/channelmonitor.rs
@ -3172,7 +3172,11 @@ impl<Signer: WriteableEcdsaChannelSigner> ChannelMonitorImpl<Signer> {
 							(htlc, htlc_source.as_ref().map(|htlc_source| htlc_source.as_ref()))
 						), logger);
 				} else {
-					debug_assert!(false, "We should have per-commitment option for any recognized old commitment txn");
+					// Our fuzzers aren't contrained by pesky things like valid signatures, so can
+					// spend our funding output with a transaction which doesn't match our past
+					// commitment transactions. Thus, we can only debug-assert here when not
+					// fuzzing.
+					debug_assert!(cfg!(fuzzing), "We should have per-commitment option for any recognized old commitment txn");
 					fail_unbroadcast_htlcs!(self, "revoked counterparty", commitment_txid, tx, height,
 						block_hash, [].iter().map(|reference| *reference), logger);
 				}
--- a/lightning/src/chain/onchaintx.rs
+++ b/lightning/src/chain/onchaintx.rs
@ -806,7 +806,9 @@ impl<ChannelSigner: WriteableEcdsaChannelSigner> OnchainTxHandler<ChannelSigner>
 						claim_id
 					},
 				};
-				debug_assert!(self.pending_claim_requests.get(&claim_id).is_none());
+				// Because fuzzing can cause hash collisions, we can end up with conflicting claim
+				// ids here, so we only assert when not fuzzing.
+				debug_assert!(cfg!(fuzzing) || self.pending_claim_requests.get(&claim_id).is_none());
 				for k in req.outpoints() {
 					log_info!(logger, "Registering claiming request for {}:{}", k.txid, k.vout);
 					self.claimable_outpoints.insert(k.clone(), (claim_id, conf_height));