Skip to content

fix: output note index out of bounds in asset and attachment API#2792

Merged
PhilippGackstatter merged 2 commits intotx-kernel-audit-fixesfrom
pgackst-output-note-index-bounds
Apr 20, 2026
Merged

fix: output note index out of bounds in asset and attachment API#2792
PhilippGackstatter merged 2 commits intotx-kernel-audit-fixesfrom
pgackst-output-note-index-bounds

Conversation

@PhilippGackstatter
Copy link
Copy Markdown
Contributor

@PhilippGackstatter PhilippGackstatter commented Apr 19, 2026
edited
Loading

Fixes output note index out of bounds in asset and attachment API by using output_note::assert_note_index_in_bounds consistently for all output_note APIs in api.masm.

Note that there were cargo deny errors in this PR's CI and ignores were added on the base branch directly in 1742373, since these issues are unimportant for the audit and have been addressed on next. That way, we can cherry-pick this PR's merge commit back into next without accidentally ignoring these advisories.

closes #2763

@PhilippGackstatter PhilippGackstatter added no changelog This PR does not require an entry in the `CHANGELOG.md` file pr-from-maintainers PRs that come from internal contributors or integration partners. They should be given priority labels Apr 19, 2026
@PhilippGackstatter PhilippGackstatter force-pushed the pgackst-output-note-index-bounds branch from 6e5f7af to 907a8d5 Compare April 19, 2026 16:20
@PhilippGackstatter PhilippGackstatter force-pushed the pgackst-output-note-index-bounds branch from 907a8d5 to da4540c Compare April 19, 2026 16:25
bobbinth
bobbinth approved these changes Apr 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@bobbinth bobbinth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you!

@PhilippGackstatter PhilippGackstatter merged commit 87044e8 into tx-kernel-audit-fixes Apr 20, 2026
15 checks passed
@PhilippGackstatter PhilippGackstatter deleted the pgackst-output-note-index-bounds branch April 20, 2026 06:45
PhilippGackstatter added a commit that referenced this pull request Apr 24, 2026
@PhilippGackstatter
fix: output note index out of bounds in asset and attachment API (#2792)
b543d2c 
* fix: output note index bound assertion in add_asset/attachment

* chore: add regression test for output note index OOB
@PhilippGackstatter PhilippGackstatter mentioned this pull request Apr 24, 2026
Merged
PhilippGackstatter added a commit that referenced this pull request Apr 24, 2026
@PhilippGackstatter
fix: output note index out of bounds in asset and attachment API (#2792)
02d08c0 
* fix: output note index bound assertion in add_asset/attachment

* chore: add regression test for output note index OOB
bobbinth pushed a commit to huitseeker/miden-base that referenced this pull request Apr 26, 2026
@PhilippGackstatter
fix: output note index out of bounds in asset and attachment API (0xM…
e4bf332 
…iden#2824)

* fix: output note index out of bounds in asset and attachment API (0xMiden#2792)

* fix: output note index bound assertion in add_asset/attachment

* chore: add regression test for output note index OOB

* chore: add changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bobbinth bobbinth bobbinth approved these changes

Assignees

No one assigned

Labels

no changelog This PR does not require an entry in the `CHANGELOG.md` file pr-from-maintainers PRs that come from internal contributors or integration partners. They should be given priority

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PhilippGackstatter @bobbinth