Skip to content

fix: resolve UB in batch_invert and logderivative OOB in debug builds#22312

Draft
AztecBot wants to merge 1 commit intonextfrom
claudebox/fix-bb-debug-build
Draft

fix: resolve UB in batch_invert and logderivative OOB in debug builds#22312
AztecBot wants to merge 1 commit intonextfrom
claudebox/fix-bb-debug-build

Conversation

@AztecBot
Copy link
Copy Markdown
Collaborator

@AztecBot AztecBot commented Apr 4, 2026
edited
Loading

Summary

Fixes nightly barretenberg debug build which crashes with SIGABRT (exit code 134).

Two bugs causing UB that is caught by _GLIBCXX_DEBUG bounds checking in debug builds:

  1. batch_invert: reserve() + operator[] is UB — reserve only allocates capacity without changing size(), so all indexed accesses are out-of-bounds. Fixed by constructing vectors with the correct size.

  2. compute_logderivative_inverse: multithreaded path partitions work by circuit_size but inverse_polynomial.coeffs() can be smaller, causing OOB span access. Fixed by clamping the range to the polynomial's actual data size.

Detailed analysis: https://gist.github.com/AztecBot/fd346519e4fcb034b402be854dc26980

Verification

  • AvmVerifierTests.GoodPublicInputs: PASS (was SIGABRT)
  • AvmRecursiveTests.TwoLayerAvmRecursionFailsWithWrongPIs: PASS (was SIGABRT)
  • ultra_honk_tests (263), commitment_schemes_tests (88): no regression

Note: PRs #22313 and #22314 from parallel automated sessions address the same issues and can be closed.

@AztecBot AztecBot added ci-draft Run CI on draft PRs. claudebox Owned by claudebox. it can push to this PR. labels Apr 4, 2026
@AztecBot AztecBot force-pushed the claudebox/fix-bb-debug-build branch from f47dc94 to 46d1d71 Compare April 5, 2026 05:45
@AztecBot AztecBot changed the title fix: guard debug pairing point validation against off-curve points fix: guard debug-only pairing point validation and logderivative span OOB Apr 5, 2026
@AztecBot AztecBot force-pushed the claudebox/fix-bb-debug-build branch from 46d1d71 to 3da2230 Compare April 5, 2026 06:22
@AztecBot AztecBot changed the title fix: guard debug-only pairing point validation and logderivative span OOB fix: use resize instead of reserve in batch_invert to fix UB Apr 5, 2026
@AztecBot
fix: resolve UB in batch_invert and logderivative OOB in debug builds
e2886cd 
Two bugs causing nightly debug build SIGABRT (exit code 134):

1. batch_invert: reserve() + operator[] is UB — use resize() to properly
   allocate elements before indexing.

2. compute_logderivative_inverse: multithreaded path splits work by
   circuit_size but inverse_polynomial can be smaller, causing OOB span
   access. Clamp range to polynomial's actual data size.
@AztecBot AztecBot force-pushed the claudebox/fix-bb-debug-build branch from 3da2230 to e2886cd Compare April 5, 2026 06:37
@AztecBot AztecBot changed the title fix: use resize instead of reserve in batch_invert to fix UB fix: resolve UB in batch_invert and logderivative OOB in debug builds Apr 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ci-draft Run CI on draft PRs. claudebox Owned by claudebox. it can push to this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AztecBot