Skip to content

std.math.big.int: breaking API changes to prevent UAF #11964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 30, 2022
Merged

std.math.big.int: breaking API changes to prevent UAF #11964

merged 1 commit into from
Jun 30, 2022

Conversation

andrewrk
Copy link
Member

@andrewrk andrewrk commented Jun 29, 2022
edited
Loading

Many of the Managed methods accepted by-val parameters which could
reference Limb slices that became invalid memory after any
ensureCapacity calls. Now, Managed methods accept *const Managed
parameters so that if the function allows aliasing and the
ensure-capacity call resizes the Limb slice, it also affects the
aliased parameters, avoiding use-after-free bugs.

This is a breaking change that reduces the requirement for callsites to
manually make the ensure-capacity changes prior to calling many of the
Managed methods.

Closes #11897

@andrewrk
std.math.big.int: breaking API changes to prevent UAF
14343b0 
Many of the Managed methods accepted by-val parameters which could
reference Limb slices that became invalid memory after any
ensureCapacity calls. Now, Managed methods accept `*const Managed`
parameters so that if the function allows aliasing and the
ensure-capacity call resizes the Limb slice, it also affects the
aliased parameters, avoiding use-after-free bugs.

This is a breaking change that reduces the requirement for callsites to
manually make the ensure-capacity changes prior to calling many of the
Managed methods.

Closes #11897
@andrewrk andrewrk force-pushed the std-big-int-fixes branch from 2cc37bb to 14343b0 Compare June 29, 2022 22:39
@jedisct1 jedisct1 added breaking Implementing this issue could cause existing code to no longer compile or have different behavior. standard library This issue involves writing Zig code for the standard library. labels Jun 29, 2022
@andrewrk andrewrk merged commit 54454fd into master Jun 30, 2022
@andrewrk andrewrk deleted the std-big-int-fixes branch June 30, 2022 02:06
eyelash
eyelash reviewed Jul 2, 2022
View reviewed changes
lib/std/math/big/int.zig
@@ -2660,57 +2660,56 @@ pub const Managed = struct {

/// r = a + scalar
///
/// r and a may be aliases. If r aliases a, then caller must call
/// `r.ensureAddScalarCapacity` prior to calling `add`.
/// scalar is a primitive integer type.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you intend to delete this line or was it deleted accidentally?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Intended. It was replaced with the sentence " r and a may be aliases". The other part is no longer a requirement of the caller.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So scalar can now be something else than a primitive integer type?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eyelash eyelash eyelash left review comments

Assignees
No one assigned
Labels
breaking Implementing this issue could cause existing code to no longer compile or have different behavior. standard library This issue involves writing Zig code for the standard library.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Stage2 miscompiles call to std.math.big.int.Managed.shiftLeft
3 participants
@andrewrk @eyelash @jedisct1