-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NCC-2016-003 - Conversion to ‘std::size_t’ from ‘long int’ #1240
Comments
Changing the type of a counter from signed to 'std::size_t' can introduce dangerous bugs or memory corruption vulnerabilities in some cases. For example the code above crashes if
|
None of these are exploitable, so we can bump this to 1.0.1. (We'll want to patch them upstream.) |
@daira: Please review for exploitability. If you agree it's not an exposed attack surface, postpone this to 1.0.1. |
This is definitely not exploitable. |
Note that the proposed repair is wrong because |
Portability note: to get libsnark to work on a native (non-Cygwin) build on 64 bit Windows, in MANY places we had to change instances of size_t to int64_t (size_t is 32 bits wide on windows, always, as is long), and there are a few places in the zcash code itself where the same was true. In libsnark issue 66 we're changing ALL integer types to C++11 types that have an explicit bit width that does not vary due to platform: banishing long, unsigned long and size_t (as myself and @joshuayabut have had to do to get libsnark and zcash working on Windows in the pruned subset of libsnark we forked from zcash/libsnark). |
Why would you need to change When But |
yes I know its not SUPPOSED to matter, but here we are....I can revert one of the ones we had to change and paste how it blows up for you sometime, but I can assure you it is indeed the case (I'll do that at some point for libsnark 66 but I'm too tired right now to fuss with it) |
Here's a spot in my Mac port where a similar change from size_t to uint64_t was needed where that change SHOULDN'T have been needed (@joshuayabut just recently figured out why): See the code changes in the "Files" tab and the long error output you get when you revert just that change. The size_t changes needed for libsnark on windows do the same thing. |
and yes its maddening and no its not supposed to do that |
Ah. The code that actually uses Still, it converting If the |
that sounds reasonable...in one case in the Mac port @joshuayabut was able to revert one of the size_t->unit64_t changes that'd been made by fooling with where it was blowing up by adding an explicit template somewhere...I'd need to go digging through git logs to find what that was |
FYI, @rcseacord of NCC submitted a libsnark pull request which changes It was NAKed for the reasons discussed in that PR's review comments (which partially overlap with the above, #2043 and scipr-lab/libsnark#64). |
Remove libsnark To-do: - [x] Fix RPC tests. - [ ] Remove now-dead codepaths. - [ ] Add notable changes. Closes #743. Closes #750. Closes #894. Closes #903. Closes #1125. Closes #1136. Closes #1240. Closes #1264. Closes #1516. Closes #1517. Closes #1651. Closes #2064. Closes #2158. Closes #3478. Closes #3652. Closes #3744.
Remove libsnark To-do: - [x] Fix RPC tests. - [ ] Remove now-dead codepaths. - [ ] Add notable changes. Closes #521. Closes #743. Closes #750. Closes #894. Closes #903. Closes #1125. Closes #1136. Closes #1240. Closes #1264. Closes #1516. Closes #1517. Closes #1651. Closes #2064. Closes #2158. Closes #3478. Closes #3652. Closes #3744.
the loop interator i should be declared as size_t in three locations:
Repair in 3 locations:
Similar problems:
Repair:
The text was updated successfully, but these errors were encountered: