Skip to content

Enforce UintRef slice length checks in release builds#1272

Open
tob-joe wants to merge 1 commit into
RustCrypto:masterfrom
tob-joe:fix-uintref-slice-length-checks
Open

Enforce UintRef slice length checks in release builds#1272
tob-joe wants to merge 1 commit into
RustCrypto:masterfrom
tob-joe:fix-uintref-slice-length-checks

Conversation

@tob-joe
Copy link
Copy Markdown

@tob-joe tob-joe commented Jun 4, 2026

Summary

UintRef::copy_from_slice documents that it panics when self.nlimbs() != limbs.len(), but the check used debug_assert!, so optimized builds did not enforce that contract:

crypto-bigint/src/uint/ref_type/slice.rs

Lines 25 to 33 in 4c6f87d

/// Copy the contents from a limb slice.
///
/// # Panics
/// If `self.nlimbs() != limbs.len()`
#[inline(always)]
#[track_caller]
pub const fn copy_from_slice(&mut self, limbs: &[Limb]) {
// TODO core::slice::copy_from_slice should eventually be const
debug_assert!(self.limbs.len() == limbs.len(), "length mismatch");

UintRef::conditional_copy_from_slice has the same runtime length check pattern and its # Panics docs also state a limb-count mismatch panic, though the current wording says rhs.nlimbs() despite taking a limb slice:

crypto-bigint/src/uint/ref_type/slice.rs

Lines 41 to 48 in 4c6f87d

/// Conditionally copy the contents from a limb slice.
///
/// # Panics
/// If `self.nlimbs() != rhs.nlimbs()`
#[inline(always)]
#[track_caller]
pub const fn conditional_copy_from_slice(&mut self, limbs: &[Limb], copy: Choice) {
debug_assert!(self.limbs.len() == limbs.len(), "length mismatch");

Fix

Use assert! for both length checks so debug and release builds preserve the documented panic behavior.

Tests

Added regression tests for mismatched lengths in both slice-copy APIs and verified them in release mode:

cargo test --release --all-features uint::ref_type::slice::tests -- --nocapture

This work was completed by Trail of Bits as part of the Patch The Planet project in collaboration with OpenAI. The issue was identified primarily by the Codex coding agent, and manually reviewed before submission.

@tob-joe
Enforce UintRef slice length checks in release builds
4996659 
Use assert! instead of debug_assert! for UintRef slice-copy length checks so mismatched lengths keep the documented panic behavior in optimized builds.

Add release-mode regression tests for copy_from_slice and conditional_copy_from_slice with longer source slices.

Co-authored-by: GPT 5.5 <gpt-5.5@openai.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 4, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.00%. Comparing base (4c6f87d) to head (4996659).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1272   +/-   ##
=======================================
  Coverage   90.99%   91.00%           
=======================================
  Files         189      189           
  Lines       22139    22147    +8     
=======================================
+ Hits        20146    20154    +8     
  Misses       1993     1993

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tob-joe