Skip to content

Fix unsoundess arising with deserialize then get_unchecked #149

Open
pczarn wants to merge 6 commits into
masterfrom
fix-unsoundness
Open

Fix unsoundess arising with deserialize then get_unchecked #149
pczarn wants to merge 6 commits into
masterfrom
fix-unsoundness

Conversation

@pczarn

@pczarn pczarn commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Fixes #148

pczarn added 4 commits June 24, 2026 20:33
* we can easily develop the fuzzer in VS Code and other
  editors
* the fuzzer now does some serialization/deserialization
@pczarn pczarn force-pushed the fix-unsoundness branch from b9146cc to 92655fa Compare June 24, 2026 19:07
@theroguevigilante

theroguevigilante commented Jul 3, 2026

Copy link
Copy Markdown

@pczarn wouldnt is_nbits_in_bounds() miss the case where storage.len(), we should be using blocks_for_bits()

@theroguevigilante

Copy link
Copy Markdown

Look at this #150

Validate storage length exactly matches nbits on deserialize
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Soundness: Derived deserialization traits allow safe construction of invalid BitVec instances

2 participants