Possible Bug: Out-of-bounds/invalid sizing

Vulnerable File: `circuits/aes-gcm/gctr.circom`
commit: `9ef4926c8fec7784ddf2f6da2de3791da839983a`

When INPUT_LEN < 16 (`nBlocks = 0`): 
 - CounterBlocks is declared with dimension [nBlocks][4][4], then `CounterBlocks[0]` is written; this is out-of-bounds when `nBlocks = 0`.
 - `inc32[nBlocks - 1]` becomes inc32[-1], which is invalid.
 - `aes[nBlocks].block <== CounterBlocks[nBlocks-1]` accesses `CounterBlocks[-1]`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Possible Bug: Out-of-bounds/invalid sizing #116

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Possible Bug: Out-of-bounds/invalid sizing #116

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions