Skip to content

fix: avoid dereferencing past-the-end vector iterators in serialize.hpp#22261

Merged
johnathan79717 merged 3 commits into
merge-train/barretenbergfrom
claudebox/fix-merge-train-bb-constexpr
Apr 2, 2026
Merged

fix: avoid dereferencing past-the-end vector iterators in serialize.hpp#22261
johnathan79717 merged 3 commits into
merge-train/barretenbergfrom
claudebox/fix-merge-train-bb-constexpr

Conversation

@AztecBot

@AztecBot AztecBot commented Apr 2, 2026

Copy link
Copy Markdown
Collaborator

Summary

Two write() overloads in serialize.hpp used &*buf.end() to obtain a raw pointer into the newly-resized region. Under _GLIBCXX_DEBUG (enabled in asan-fast and debug presets since #22218), dereferencing end() is a debug assertion abort — even though the subtracted pointer was in-bounds.

Replaced with buf.data() + buf.size() which yields the same pointer without touching any iterator.

Failure

ChonkTests.Basic in the asan-fast build aborted with:

Error: attempt to dereference a past-the-end iterator.

Fix

  • serialize.hpp:166: &*buf.end() - sizeof(value)buf.data() + buf.size() - sizeof(value)
  • serialize.hpp:251: &*buf.end() - Nbuf.data() + buf.size() - N

Test plan

  • ChonkTests.Basic passes with debug-fast preset (_GLIBCXX_DEBUG enabled)

ClaudeBox log: https://claudebox.work/s/4aef0cbe07a366e4?run=1

@AztecBot
fix: avoid dereferencing past-the-end vector iterators in serialize.hpp
4bb627d 
Two write() overloads in serialize.hpp used `&*buf.end()` to get a
pointer to the newly-appended region after resize(). Under
_GLIBCXX_DEBUG (enabled in asan-fast and debug presets since #22218),
dereferencing end() triggers a debug assertion abort.

Replace with `buf.data() + buf.size()` which achieves the same
pointer arithmetic without dereferencing any iterator.
@AztecBot AztecBot added ci-draft Run CI on draft PRs. claudebox Owned by claudebox. it can push to this PR. labels Apr 2, 2026
@johnathan79717 johnathan79717 marked this pull request as ready for review April 2, 2026 12:35
@johnathan79717 johnathan79717 added the ci-full Run all master checks. label Apr 2, 2026
@johnathan79717 johnathan79717 enabled auto-merge (squash) April 2, 2026 12:35
johnathan79717 and others added 2 commits April 2, 2026 12:52
@johnathan79717
feat: switch memory profiling from peak RSS to live heap usage (#22229)
e22f2cd 
## Summary

Switches `--memory_profile_out` from peak RSS (getrusage, monotonically
increasing) to live heap usage (mallinfo2, goes up and down). This
matches what Tracy's memory view showed and reveals when memory is
actually freed.

- Uses `mallinfo2().uordblks` on Linux (falls back to peak RSS on other
platforms)
- Renamed `RssCheckpoint` to `MemoryCheckpoint`, `rss_mb` to `heap_mb`
- Removes duplicate getrusage implementation, reuses `peak_rss_bytes()`
from logstr for fallback

Now shows patterns like: alloc 202 MiB -> oink frees to 157 MiB,
revealing that commitment batching reclaims ~45 MiB.

Refs: AztecProtocol/barretenberg#1641

## Example output

```
 0 MultiCallEntrypoint:entrypoint  after_alloc     76 MiB
 0 MultiCallEntrypoint:entrypoint  after_trace     76 MiB
 0 MultiCallEntrypoint:entrypoint  after_oink      60 MiB  <-- freed during commitments
 ...
 6 EcdsaRAccount:entrypoint        after_alloc    195 MiB
 6 EcdsaRAccount:entrypoint        after_trace    202 MiB  <-- peak
 6 EcdsaRAccount:entrypoint        after_oink     157 MiB  <-- 45 MiB freed
 ...
 8 SponsoredFPC:sponsor            after_alloc     42 MiB  <-- small circuit
```

## Test plan

- [x] Builds cleanly
- [x] Tested with deploy_ecdsar1+sponsored_fpc: heap values go up and
down as expected
- [ ] CI build passes
@johnathan79717
Revert "feat: switch memory profiling from peak RSS to live heap usage (
c82b2fe 
#22229)"

This reverts commit e22f2cd.
@johnathan79717 johnathan79717 merged commit fccec82 into merge-train/barretenberg Apr 2, 2026
12 checks passed
@johnathan79717 johnathan79717 deleted the claudebox/fix-merge-train-bb-constexpr branch April 2, 2026 13:24
@AztecBot AztecBot mentioned this pull request Apr 2, 2026
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Apr 2, 2026
@AztecBot
feat: merge-train/barretenberg (#22228)
e882aec 
BEGIN_COMMIT_OVERRIDE
fix: verify accumulated pairing points in native ChonkVerifier (#22224)
chore: enable _GLIBCXX_DEBUG in debug build presets (#22218)
feat: add --memory_profile_out flag for Chonk memory profiling (#22145)
fix: disable max capacity test in debug + tiny gate separator
improvements (#22215)
fix: WASM build for memory_profile.cpp (#22231)
fix: translator audit fixes (#22242)
fix: remove constexpr from functions using std::vector for
_GLIBCXX_DEBUG compat (#22239)
fix: pippenger edge case (#22256)
fix: avoid dereferencing past-the-end vector iterators in serialize.hpp
(#22261)
chore: crypto primitives external audit response 0 (#22263)
feat: switch memory profiling from peak RSS to live heap usage (#22266)
fix: replace UB end-iterator dereference in serialize.hpp (#22262)
fix: catch exceptions in ChonkBatchVerifier::batch_check (#22270)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@johnathan79717 johnathan79717 johnathan79717 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ci-draft Run CI on draft PRs. ci-full Run all master checks. claudebox Owned by claudebox. it can push to this PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AztecBot @johnathan79717