[L-1] Config-derived shift can underflow and panic #263
Description
- Context:
provekit/prover/src/whir_r1cs.rs
Description
The target_len is computed as 1usize << (whir_num_vars - 1) where whir_num_vars comes from self.whir_witness.mv_parameters.num_variables.
If num_variables is 0, the subtraction underflows and the shift will panic (or behave unexpectedly depending on build settings), crashing the prover.
Although the in-repo scheme builder enforces a minimum number of variables, WhirR1CSScheme/WhirConfig are Deserializeable, so a malformed/attacker-controlled serialized scheme/config (or corrupted artifact) can trigger a denial of service when calling commit().
- Impacted code
// log2(domain) for WHIR witness evaluations.
let whir_num_vars = self.whir_witness.mv_parameters.num_variables;
// Expected evaluation length = 2^(log2(domain) - 1).
let target_len = 1usize << (whir_num_vars - 1);
// Pad witness to power-of-two, then extend to target_len with zeros.
let mut padded_witness = pad_to_power_of_two(witness);
if padded_witness.len() < target_len {
padded_witness.resize(target_len, FieldElement::zero());
}Recommendation
Validate whir_witness.mv_parameters.num_variables >= 1 (and within a safe upper bound for usize shifts) before using it, and compute target_len using checked arithmetic (e.g., checked_sub, checked_shl) returning a Result instead of panicking.