Auto merge of #2800 - str4d:2788-libsnark-test-hardening, r=str4d

Fix buffer overflow in libsnark Applies `-fstack-protector-all` to libsnark, and fixes an underlying bug. This bug was not triggerable in `zcashd` because the function in question was being inlined by the compiler. Closes #2788.
2017-12-15 07:32:41 -08:00 · 2017-12-15 07:32:41 -08:00 · b9c7d84990
parent 83af270002 4a617475ec
commit b9c7d84990
2 changed files with 2 additions and 2 deletions
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -47,7 +47,7 @@ $(LIBSECP256K1): $(wildcard secp256k1/src/*) $(wildcard secp256k1/include/*)
 -include collate-libsnark
 collate-libsnark: $(LIBSNARK)

-LIBSNARK_CXXFLAGS = -fPIC -DBINARY_OUTPUT -DNO_PT_COMPRESSION=1
+LIBSNARK_CXXFLAGS = -fPIC -DBINARY_OUTPUT -DNO_PT_COMPRESSION=1 -fstack-protector-all
 LIBSNARK_CONFIG_FLAGS = CURVE=ALT_BN128 NO_PROCPS=1 NO_DOCS=1 STATIC=1 NO_SUPERCOP=1 FEATUREFLAGS=-DMONTGOMERY_OUTPUT NO_COPY_DEPINST=1 NO_COMPILE_LIBGTEST=1
 if HAVE_OPENMP
 LIBSNARK_CONFIG_FLAGS += MULTICORE=1
--- a/src/snark/src/algebra/fields/bigint.tcc
+++ b/src/snark/src/algebra/fields/bigint.tcc
@ -201,7 +201,7 @@ inline bigint<m> bigint<n>::shorten(const bigint<m>& q, const char *msg) const
        }
    }
    bigint<m> res;
-    mpn_copyi(res.data, data, n);
+    mpn_copyi(res.data, data, m);
    res.limit(q, msg);
    return res;
 }