Fix invalid instantiation and possibly unsafe accesses of array in class base_uint<BITS> #10530

pull pavlosantoniou wants to merge 1 commits into bitcoin:master from pavlosantoniou:master changing 2 files +10 −2
  1. pavlosantoniou commented at 9:54 AM on June 5, 2017: contributor

    The implementation of base_uint<BITS>::operator++(int) and base_uint<BITS>::operator--(int) is now safer. Array pn is accessed via index i after bounds checking has been performed on the index, rather than before.

    The logic of the while loops has also been made more clear.

  2. pavlosantoniou renamed this:
    Fix possibly unsafe accesses of array in class base_uint<BITS>.
    Fix possibly unsafe accesses of array in class base_uint<BITS>
    on Jun 5, 2017
  3. laanwj added the label Refactoring on Jun 5, 2017
  4. in src/arith_uint256.h:183 in ee0fccfe7b outdated
     173 | @@ -174,7 +174,7 @@ class base_uint
     174 |      {
     175 |          // prefix operator
     176 |          int i = 0;
     177 | -        while (++pn[i] == 0 && i < WIDTH-1)
     178 | +        while (i < WIDTH && ++pn[i] == 0)
    


    laanwj commented at 2:01 PM on June 5, 2017:

    As I see it, this code can cause an out-of-bounds access only in the case of WIDTH=0, which would be pointless. Or am I missing something? I do agree that this change makes the code somewhat more readable.


    pavlosantoniou commented at 4:57 PM on June 5, 2017:

    Yes, the out-of-bounds access occurs in the edge case of WIDTH == 0. This template class can, although it probably won't, be instantiated with BITS < 32, something that would lead to WIDTH == 0. I was mainly interested in ensuring the out-of-bounds-check before array access regardless of such assumptions. Making it easier to follow the code logic is an extra gain.


    laanwj commented at 9:52 AM on June 6, 2017:

    This template class can, although it probably won't, be instantiated with BITS < 32

    Indeed - as the code throughout the entire class is implemented, it can only be instantiated for a positive multiple of 32. Might make sense to add a compile-time assertion for that.


    pavlosantoniou commented at 7:34 AM on June 7, 2017:

    Do you think adding: static_assert(BITS/32 > 0 && BITS%32 == 0, "Template parameter BITS must be a positive multiple of 32."); in the class constructor would be fine?


    laanwj commented at 3:11 PM on June 7, 2017:

    Yes, that'd be nice!


    pavlosantoniou commented at 9:54 AM on June 10, 2017:

    I have added the assertions, is there something more I can do for this PR?

  5. pavlosantoniou force-pushed on Jun 7, 2017
  6. pavlosantoniou closed this on Jun 7, 2017

  7. pavlosantoniou force-pushed on Jun 7, 2017
  8. Fix instantiation and array accesses in class base_uint<BITS>
    The implementation of base_uint::operator++(int) and base_uint::operator--(int) is now safer.
    Array pn is accessed via index i after bounds checking has been performed on the index, rather than before.
    The logic of the while loops has also been made more clear.
    
    A compile time assertion has been added in the class constructors to ensure that BITS is a positive multiple of 32.
    e5c616888b
  9. pavlosantoniou reopened this on Jun 7, 2017

  10. pavlosantoniou commented at 5:24 PM on June 7, 2017: contributor

    Reopened with addition of static_assert for BITS value.

  11. pavlosantoniou renamed this:
    Fix possibly unsafe accesses of array in class base_uint<BITS>
    Fix invalid instantiation and possibly unsafe accesses of array in class base_uint<BITS>
    on Jun 10, 2017
  12. sipa commented at 7:00 PM on June 11, 2017: member

    utACK

  13. laanwj merged this on Jun 22, 2017
  14. laanwj closed this on Jun 22, 2017

  15. laanwj referenced this in commit 87e69c2549 on Jun 22, 2017
  16. PastaPastaPasta referenced this in commit 6cd71e5c57 on Jul 6, 2019
  17. PastaPastaPasta referenced this in commit 709e0e8a5b on Jul 8, 2019
  18. PastaPastaPasta referenced this in commit f4e09bd44c on Jul 9, 2019
  19. PastaPastaPasta referenced this in commit a3abc463f9 on Jul 11, 2019
  20. schancel referenced this in commit b699b707e3 on Jul 18, 2019
  21. jonspock referenced this in commit 2b21a341ed on Aug 28, 2019
  22. jonspock referenced this in commit 7dd4cc43e3 on Aug 28, 2019
  23. proteanx referenced this in commit 1401b2c87b on Aug 28, 2019
  24. barrystyle referenced this in commit 524074036f on Jan 22, 2020
  25. DrahtBot locked this on Sep 8, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-22 06:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me