Fix incorrect locking of mempool during RBF replacement

Previously RemoveStaged() was called without pool.cs held.
This commit is contained in:
Peter Todd 2015-11-10 17:58:06 -05:00
parent 97203f5606
commit 16a2f93629
No known key found for this signature in database
GPG Key ID: C085F21CE7F4B9DC

View File

@ -1006,10 +1006,13 @@ bool AcceptToMemoryPool(CTxMemPool& pool, CValidationState &state, const CTransa
size_t nConflictingSize = 0;
uint64_t nConflictingCount = 0;
CTxMemPool::setEntries allConflicting;
// If we don't hold the lock allConflicting might be incomplete; the
// subsequent RemoveStaged() and addUnchecked() calls don't guarantee
// mempool consistency for us.
LOCK(pool.cs);
if (setConflicts.size())
{
LOCK(pool.cs);
CFeeRate newFeeRate(nFees, nSize);
set<uint256> setConflictsParents;
const int maxDescendantsToVisit = 100;