sqlite: guard against dangling to-be-reverted db transactions

furszy · furszy · commit fc0e747192e9 · 2024-01-30T17:27:36.000-03:00
If the handler that initiated the database transaction is destroyed,
the ongoing transaction cannot be left dangling when the db txn fails
to abort. It must be forcefully reversed; otherwise, any subsequent
db handler executing a write operation will dump the dangling,
to-be-reverted transaction data to disk.

This not only breaks the database isolation property but also results
in the improper storage of incomplete information on disk, impacting
the wallet consistency.
diff --git a/src/wallet/sqlite.cpp b/src/wallet/sqlite.cpp
@@ -405,12 +405,18 @@ SQLiteBatch::SQLiteBatch(SQLiteDatabase& database)
 
 void SQLiteBatch::Close()
 {
+    bool force_conn_refresh = false;
+
     // If we began a transaction, and it wasn't committed, abort the transaction in progress
     if (m_database.HasActiveTxn()) {
         if (TxnAbort()) {
             LogPrintf("SQLiteBatch: Batch closed unexpectedly without the transaction being explicitly committed or aborted\n");
         } else {
-            LogPrintf("SQLiteBatch: Batch closed and failed to abort transaction\n");
+            // If transaction cannot be aborted, it means there is a bug or there has been data corruption. Try to recover in this case
+            // by closing and reopening the database. Closing the database should also ensure that any changes made since the transaction
+            // was opened will be rolled back and future transactions can succeed without committing old data.
+            force_conn_refresh = true;
+            LogPrintf("SQLiteBatch: Batch closed and failed to abort transaction, resetting db connection..\n");
         }
     }
 
@@ -431,6 +437,17 @@ void SQLiteBatch::Close()
         }
         *stmt_prepared = nullptr;
     }
+
+    if (force_conn_refresh) {
+        m_database.Close();
+        try {
+            m_database.Open();
+        } catch (const std::runtime_error&) {
+            // If open fails, cleanup this object and rethrow the exception
+            m_database.Close();
+            throw;
+        }
+    }
 }
 
 bool SQLiteBatch::ReadKey(DataStream&& key, DataStream& value)

Original file line number	Diff line number	Diff line change
`@@ -405,12 +405,18 @@ SQLiteBatch::SQLiteBatch(SQLiteDatabase& database)`
`405`	`405`
`406`	`406`	`void SQLiteBatch::Close()`
`407`	`407`	`{`
	`408`	`+ bool force_conn_refresh = false;`
	`409`	`+`
`408`	`410`	`// If we began a transaction, and it wasn't committed, abort the transaction in progress`
`409`	`411`	`if (m_database.HasActiveTxn()) {`
`410`	`412`	`if (TxnAbort()) {`
`411`	`413`	`LogPrintf("SQLiteBatch: Batch closed unexpectedly without the transaction being explicitly committed or aborted\n");`
`412`	`414`	`} else {`
`413`		`- LogPrintf("SQLiteBatch: Batch closed and failed to abort transaction\n");`
	`415`	`+ // If transaction cannot be aborted, it means there is a bug or there has been data corruption. Try to recover in this case`
	`416`	`+ // by closing and reopening the database. Closing the database should also ensure that any changes made since the transaction`
	`417`	`+ // was opened will be rolled back and future transactions can succeed without committing old data.`
	`418`	`+ force_conn_refresh = true;`
	`419`	`+ LogPrintf("SQLiteBatch: Batch closed and failed to abort transaction, resetting db connection..\n");`
`414`	`420`	`}`
`415`	`421`	`}`
`416`	`422`
`@@ -431,6 +437,17 @@ void SQLiteBatch::Close()`
`431`	`437`	`}`
`432`	`438`	`*stmt_prepared = nullptr;`
`433`	`439`	`}`
	`440`	`+`
	`441`	`+ if (force_conn_refresh) {`
	`442`	`+ m_database.Close();`
	`443`	`+ try {`
	`444`	`+ m_database.Open();`
	`445`	`+ } catch (const std::runtime_error&) {`
	`446`	`+ // If open fails, cleanup this object and rethrow the exception`
	`447`	`+ m_database.Close();`
	`448`	`+ throw;`
	`449`	`+ }`
	`450`	`+ }`
`434`	`451`	`}`
`435`	`452`
`436`	`453`	`bool SQLiteBatch::ReadKey(DataStream&& key, DataStream& value)`