--- Log opened Mon May 18 00:00:24 2020
02:32 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1
02:51 -!- afk11` [~afk11@gateway/tor-sasl/afk11] has quit [Remote host closed the connection]
02:52 -!- afk11` [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1
09:40 -!- real_or_random [~real_or_r@2a02:c207:3002:7468::1] has quit [Quit: ZNC 1.7.5 - https://znc.in]
09:41 -!- real_or_random [~real_or_r@173.249.7.254] has joined #secp256k1
11:01 -!- nickler is now known as nix-bitcoin
11:01 -!- nix-bitcoin is now known as nickler
13:58 < elichai2> I think `secp256k1_scalar_cmov` itself might have UB which could be trigger if noncefp fails in ecdsa_sign, because the cmov impl reads from `r` before it writes into it, and `r` might not be initialized
13:59 < elichai2> like if `noncefp` fails, then the loop exits and then we get to `secp256k1_scalar_cmov(&r, &secp256k1_scalar_zero, !ret);`, which should write zero into `r` if it failed
13:59 < elichai2> but then cmov does the following: `r->d[0] = (r->d[0] & mask0) | (a->d[0] & mask1);` meaning it masks ``r->d[0]` with `mask0` while `r->d[0]` is uninit
14:03 < sipa> right, and valgrind wouldn't treat this as a problem, as it does bit-level tracking of uninitializedness; not variable-wide
14:03 < elichai2> could you explain on that? because I've been fighting with valgrind+sanitizers to trigger on this for an hour now :)
14:05 < sipa> in C, using an uninitialized variable is UB, period
14:05 < sipa> even "x & 0" is UB if x is uninitialized
14:06 < elichai2> right
14:06 < sipa> valgrind won't detect this, because it only detects branches/memory accesses based on uninitialized values
14:06 < elichai2> oh, so because AND/XOR/OR operations don't do a load valgrind doesn't detect it?
14:06 < sipa> and propagates uninitializedness otherwise
14:07 < sipa> valgrind doesn't know your source code
14:07 < sipa> so it can't detect things that the compiler removed
14:08 < sipa> ubsan may detect this, but i don't know if it would bother
14:08 < elichai2> I couldn't get it to detect
14:09 < elichai2> now the question is what's the best fix. the easiest will be initializing the variables
15:18 -!- roconnor [~roconnor@host-45-78-197-156.dyn.295.ca] has quit [Ping timeout: 272 seconds]
15:22 -!- roconnor [~roconnor@host-45-78-197-156.dyn.295.ca] has joined #secp256k1
--- Log closed Tue May 19 00:00:25 2020