Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add panic = 'abort' to all profiles (not just release) to avoid undefined behaviour #78

Closed
daira opened this issue May 5, 2019 · 3 comments
Closed

Add panic = 'abort' to all profiles (not just release) to avoid undefined behaviour #78

daira opened this issue May 5, 2019 · 3 comments
Labels
bug

Comments

@daira
Copy link
Contributor

daira commented May 5, 2019
edited
Loading

See https://trac.torproject.org/projects/tor/ticket/27199 , and the upstream Rust bug rust-lang/rust#52652 (in particular my comment here).

We currently do set panic = 'abort' in the release profile of librustzcash, which is why this is not a security bug (I believe) for current Zcash as built by default. I think (but I could be wrong) that to avoid the undefined behaviour, it only needs to be set for the crate that is directly being called by the FFI. We may want to set it for other crates under the librustzcash project anyway.
@daira daira added the bug label May 5, 2019
@daira
Copy link
Contributor Author

daira commented May 5, 2019

@ebfull wrote:

there isn’t a per-crate way to enable this. the top level crate defines this kind of stuff for everything being compiled

@daira
Copy link
Contributor Author

daira commented May 6, 2019

OK, so just librustzcash then. We should add a call in librustzcash that just panics, and have a gtest in zcashd that calls it and tests that the process aborts.

bitcartel pushed a commit to bitcartel/librustzcash that referenced this issue May 16, 2019
@ebfull
Merge pull request zcash#78 from gtank/make-privatekey-public
c2862a4 
redjubjub: make PrivateKey internal scalar public
@daira daira mentioned this issue Jan 20, 2021
Closed
daira added a commit to daira/librustzcash that referenced this issue Jan 20, 2021
@daira
Use panic = 'abort' in dev profile. refs zcash#78
86e4ec1 
Signed-off-by: Daira Hopwood <[email protected]>
@daira daira mentioned this issue Jan 20, 2021
Closed
@nuttycom
Copy link
Contributor

The relevant functionality was moved to zcashd.

@nuttycom nuttycom closed this as not planned Won't fix, can't repro, duplicate, stale Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nuttycom @daira