Skip to content

std.math.big.int: breaking API changes to prevent UAF#11964

Merged
andrewrk merged 1 commit intomasterfrom
std-big-int-fixes
Jun 30, 2022
Merged

std.math.big.int: breaking API changes to prevent UAF#11964
andrewrk merged 1 commit intomasterfrom
std-big-int-fixes

Conversation

@andrewrk
Copy link
Member

@andrewrk andrewrk commented Jun 29, 2022
edited
Loading

Many of the Managed methods accepted by-val parameters which could
reference Limb slices that became invalid memory after any
ensureCapacity calls. Now, Managed methods accept *const Managed
parameters so that if the function allows aliasing and the
ensure-capacity call resizes the Limb slice, it also affects the
aliased parameters, avoiding use-after-free bugs.

This is a breaking change that reduces the requirement for callsites to
manually make the ensure-capacity changes prior to calling many of the
Managed methods.

Closes #11897

@andrewrk
std.math.big.int: breaking API changes to prevent UAF
14343b0 
Many of the Managed methods accepted by-val parameters which could
reference Limb slices that became invalid memory after any
ensureCapacity calls. Now, Managed methods accept `*const Managed`
parameters so that if the function allows aliasing and the
ensure-capacity call resizes the Limb slice, it also affects the
aliased parameters, avoiding use-after-free bugs.

This is a breaking change that reduces the requirement for callsites to
manually make the ensure-capacity changes prior to calling many of the
Managed methods.

Closes #11897
@andrewrk andrewrk force-pushed the std-big-int-fixes branch from 2cc37bb to 14343b0 Compare June 29, 2022 22:39
@jedisct1 jedisct1 added breaking Implementing this issue could cause existing code to no longer compile or have different behavior. standard library This issue involves writing Zig code for the standard library. labels Jun 29, 2022
@andrewrk andrewrk merged commit 54454fd into master Jun 30, 2022
@andrewrk andrewrk deleted the std-big-int-fixes branch June 30, 2022 02:06
eyelash
eyelash reviewed Jul 2, 2022
View reviewed changes
lib/std/math/big/int.zig
///
/// r and a may be aliases. If r aliases a, then caller must call
/// `r.ensureAddScalarCapacity` prior to calling `add`.
/// scalar is a primitive integer type.
Copy link

@eyelash eyelash Jul 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you intend to delete this line or was it deleted accidentally?

Copy link
Member Author

@andrewrk andrewrk Jul 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Intended. It was replaced with the sentence " r and a may be aliases". The other part is no longer a requirement of the caller.

Copy link

@eyelash eyelash Jul 3, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So scalar can now be something else than a primitive integer type?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@eyelash eyelash eyelash left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

breaking Implementing this issue could cause existing code to no longer compile or have different behavior. standard library This issue involves writing Zig code for the standard library.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Stage2 miscompiles call to std.math.big.int.Managed.shiftLeft

3 participants

@andrewrk @eyelash @jedisct1