CircuitBuilderBase::get_variable() uses BB_ASSERT_DEBUG for bounds checks on the witness index, which are compiled out in release builds (#if NDEBUG). This means an invalid witness index passed to get_variable() causes an out-of-bounds memory access in production.
// circuit_builder_base.hpp
inline FF get_variable(const uint32_t index) const
{
BB_ASSERT_DEBUG(real_variable_index.size() > index); // compiled out in release
BB_ASSERT_DEBUG(variables.size() > real_variable_index[index]); // compiled out in release
return variables[real_variable_index[index]];
}A corrupted or invalid witness index (e.g. from a malformed ACIR program) could trigger OOB reads. Do we need checks on the ACIR side of things to ensure malicious ACIR input cannot lead to OOB crashes?
CircuitBuilderBase::get_variable()usesBB_ASSERT_DEBUGfor bounds checks on the witness index, which are compiled out in release builds (#if NDEBUG). This means an invalid witness index passed toget_variable()causes an out-of-bounds memory access in production.A corrupted or invalid witness index (e.g. from a malformed ACIR program) could trigger OOB reads. Do we need checks on the ACIR side of things to ensure malicious ACIR input cannot lead to OOB crashes?