HomePhabricator

[SECP256K1] Prevent arithmetic on NULL pointer if the scratch space is too small

Description

[SECP256K1] Prevent arithmetic on NULL pointer if the scratch space is too small

Summary:

If the scratch space is too small when calling
`secp256k1_ecmult_strauss_batch()`, the `state.pre_a` allocation will
fail and the pointer will be `NULL`. This causes `state.pre_a_lam` to be
computed from the `NULL` pointer.

It is also possible that the first allocation to fail is for `state.ps`,
which will cause the failure to occur when in
`secp256k1_ecmult_strauss_wnaf()`.

The issue has been detected by UBSAN using Clang 10:

CC=clang \
CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer" \
LDFLAGS="-fsanitize=undefined -fno-omit-frame-pointer" \
../configure

UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1 make check

Backport of secp256k1 PR839.

Test Plan:
With Clang and UBSAN:

ninja check-secp256k1

Reviewers: #bitcoin_abc, deadalnix

Reviewed By: #bitcoin_abc, deadalnix

Differential Revision: https://reviews.bitcoinabc.org/D8265

Details

Provenance
FabienAuthored on Oct 26 2020, 11:29
FabienPushed on Nov 4 2020, 16:52
Reviewer
Restricted Project
Differential Revision
D8265: [SECP256K1] Prevent arithmetic on NULL pointer if the scratch space is too small
Parents
rABC34e2cee82809: tests: Add fuzzing harness for locale independence testing
Branches
Unknown
Tags
Unknown