From bb7c58921eb56d464ed2b8a3a6fbbed9c82919d8 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 17 Nov 2016 15:33:31 +0100
Subject: if reserve history computation reveals database inconsistency, do not
 abort but return proper error code

---
 src/exchange/taler-exchange-httpd_db.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'src/exchange')

diff --git a/src/exchange/taler-exchange-httpd_db.c b/src/exchange/taler-exchange-httpd_db.c
index 4f51e18f2..848d28822 100644
--- a/src/exchange/taler-exchange-httpd_db.c
+++ b/src/exchange/taler-exchange-httpd_db.c
@@ -748,10 +748,17 @@ execute_reserve_withdraw_transaction (struct MHD_Connection *connection,
                            &withdraw_total);
   }
   /* All reserve balances should be non-negative */
-  GNUNET_assert (GNUNET_SYSERR !=
-                 TALER_amount_subtract (&balance,
-                                        &deposit_total,
-                                        &withdraw_total));
+  if (GNUNET_SYSERR ==
+      TALER_amount_subtract (&balance,
+                             &deposit_total,
+                             &withdraw_total))
+  {
+    GNUNET_break (0); /* database inconsistent */
+    TEH_plugin->rollback (TEH_plugin->cls,
+                          session);
+    return TEH_RESPONSE_reply_internal_db_error (connection,
+                                                 TALER_EC_WITHDRAW_RESERVE_HISTORY_IMPOSSIBLE);
+  }
   if (0 < TALER_amount_cmp (&amount_required,
                             &balance))
   {
-- 
cgit v1.2.3