Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport #271: integer overflow checks #283

Merged
merged 4 commits into from
Mar 26, 2025
Merged

Backport #271: integer overflow checks #283

merged 4 commits into from
Mar 26, 2025

Conversation

apoelstra
Copy link
Collaborator

Backports several integer overflow checks to the currently-released version of 0.3. These can be used to crash rust-simplicity which is making it hard to write regression fuzztests.

Also changes the version to 0.3.1 so we can release immediately.

Should be easy enough to review with git range-diff pr/271/head...pr/283/head.

@apoelstra
types: use saturating addition in bit width computation during type c…
4f147ca 
…onstruction
@apoelstra
bit machine: check resource bounds on construction
e439bc0 
Currently it is possible to ask the bit machine to do arbitrarily large
allocations, and to panic the program by overflowing when computing the
size of its allocations.

This is not the place to do budget checks, but we can at least do some
sanity checks. Here we insist that programs not have any types that
exceed 2 gigabits (256 megabytes), which will at least prevent
explosions. We can revisit it when somebody shows up with a usecase for
massive programs.
@apoelstra
test: add unit test which causes addition overflow in type size compu…
7f03b7e 
…tation

This commit will fail when put before either of the previous two commits.
@apoelstra
bump version to 0.3.1
34aa968
@apoelstra
Copy link
Collaborator Author

We expect Clippy failures on this old branch because we aren't pinning our compiler version in CI.

@apoelstra
Copy link
Collaborator Author

cc @uncomputable I think this will be a quick review and should let us get #280 in.

uncomputable
uncomputable approved these changes Mar 26, 2025
View reviewed changes
Copy link
Collaborator

@uncomputable uncomputable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 34aa968

apoelstra
apoelstra commented Mar 26, 2025
View reviewed changes
Copy link
Collaborator Author

@apoelstra apoelstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On 34aa968 successfully ran local tests

@apoelstra
Copy link
Collaborator Author

Had to disable diff-checking the copy of libsimplicity vendored in the depend/ directory, since I can't build the old libsimplicity with a modern nixpkgs.

@apoelstra apoelstra merged commit 55b50ff into 0.3.x Mar 26, 2025
17 of 27 checks passed
@apoelstra apoelstra deleted the 2025-03--backport-271 branch March 26, 2025 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uncomputable uncomputable uncomputable approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@apoelstra @uncomputable