fix: resolve 6 _GLIBCXX_DEBUG runtime violations in barretenberg debug build

- batched_affine_addition.cpp: fix span::subspan OOB (passed count instead of remaining count)
- scalar_multiplication.hpp: avoid indexing empty vector when all MSM scalars are zero
- hmac.hpp: use secure_erase instead of `= {}` which empties vector for KeccakHasher
- gemini_impl.hpp: clamp multilinear_challenge access to span size in high-degree attack tests
- msm_builder.hpp: guard parallel_for_range when num_point_adds_and_doubles is 0
- poseidon2.test.cpp: fix off-by-one in hash padding collision test (hashes[3] on size-3 vector)

Author: AztecBot

barretenberg/cpp/src/barretenberg/commitment_schemes/gemini/gemini_impl.hpp

@@ -137,8 +137,8 @@ std::vector<typename GeminiProver_<Curve>::Polynomial> GeminiProver_<Curve>::com
         // size of the previous polynomial/2
         const size_t n_l = 1 << (log_n - l - 1);
 
-        // Opening point is the same for all
-        const Fr u_l = multilinear_challenge[l];
+        // Opening point is the same for all; use zero for rounds beyond the challenge size
+        const Fr u_l = l < virtual_log_n ? multilinear_challenge[l] : Fr(0);
 
         // A_l_fold = Aₗ₊₁(X) = (1-uₗ)⋅even(Aₗ)(X) + uₗ⋅odd(Aₗ)(X)
         auto A_l_fold = fold_polynomials[l].data();
@@ -161,7 +161,7 @@ std::vector<typename GeminiProver_<Curve>::Polynomial> GeminiProver_<Curve>::com
     // value at every point, (f(X) - f(x)) / (X - x) = 0, so these contribute nothing to the Shplonk quotient Q(X).
     // On the verifier side, padding_indicator_array zeros their contributions independently.
     const auto& last = fold_polynomials.back();
-    const Fr u_last = multilinear_challenge[log_n - 1];
+    const Fr u_last = (log_n - 1) < virtual_log_n ? multilinear_challenge[log_n - 1] : Fr(0);
     const Fr final_eval = last.at(0) + u_last * (last.at(1) - last.at(0));
     Polynomial const_fold(1);
     const_fold.at(0) = final_eval;

barretenberg/cpp/src/barretenberg/crypto/hmac/hmac.hpp

@@ -136,8 +136,8 @@ Fr deterministic_nonce_rfc6979(const MessageContainer& message, const KeyContain
     secure_erase(message_buffer);
     // Round trip reduces the hash modulo Fr::modulus
     Fr hashed_message_fr = Fr::serialize_from_buffer(hashed_message.data());
-    hashed_message = {};
-    Fr::serialize_to_buffer(hashed_message_fr, &hashed_message[0]);
+    secure_erase(hashed_message);
+    Fr::serialize_to_buffer(hashed_message_fr, hashed_message.data());
 
     // Concatenate the private key and the hashed message
     std::vector<uint8_t> seed_material;

barretenberg/cpp/src/barretenberg/ecc/batched_affine_addition/batched_affine_addition.cpp

@@ -143,7 +143,7 @@ std::span<typename BatchedAffineAddition<Curve>::Fq> BatchedAffineAddition<
     // Define scratch space for batched inverse computations and eventual storage of denominators
     BB_ASSERT_GTE(add_sequences.scratch_space.size(), 2 * total_num_pairs);
     std::span<Fq> denominators = add_sequences.scratch_space.subspan(0, total_num_pairs);
-    std::span<Fq> differences = add_sequences.scratch_space.subspan(total_num_pairs, 2 * total_num_pairs);
+    std::span<Fq> differences = add_sequences.scratch_space.subspan(total_num_pairs, total_num_pairs);
 
     // Compute and store successive products of differences (x_2 - x_1)
     Fq accumulator = 1;

barretenberg/cpp/src/barretenberg/ecc/scalar_multiplication/scalar_multiplication.hpp

@@ -118,12 +118,15 @@ template <typename Curve> class MSM {
                                       std::span<uint64_t> point_schedule_buffer,
                                       const MSMWorkUnit& work_unit) noexcept
         {
+            const auto& indices = all_indices[work_unit.batch_msm_index];
+            // Avoid indexing into an empty vector when all scalars are zero (work_unit.size == 0)
+            std::span<const uint32_t> scalar_indices =
+                work_unit.size > 0 ? std::span<const uint32_t>{ &indices[work_unit.start_index], work_unit.size }
+                                   : std::span<const uint32_t>{};
             return MSMData{
                 .scalars = all_scalars[work_unit.batch_msm_index],
                 .points = all_points[work_unit.batch_msm_index],
-                .scalar_indices =
-                    std::span<const uint32_t>{ &all_indices[work_unit.batch_msm_index][work_unit.start_index],
-                                               work_unit.size },
+                .scalar_indices = scalar_indices,
                 .point_schedule = point_schedule_buffer,
             };
         }

barretenberg/cpp/src/barretenberg/eccvm/msm_builder.hpp

@@ -424,16 +424,18 @@ class ECCVMMSMMBuilder {
 
         // inverse_trace is used to compute the value of the `collision_inverse` column in the ECCVM.
         std::vector<FF> inverse_trace(num_point_adds_and_doubles);
-        parallel_for_range(num_point_adds_and_doubles, [&](size_t start, size_t end) {
-            for (size_t operation_idx = start; operation_idx < end; ++operation_idx) {
-                if (is_double_or_add[operation_idx]) {
-                    inverse_trace[operation_idx] = (p1_trace[operation_idx].y + p1_trace[operation_idx].y);
-                } else {
-                    inverse_trace[operation_idx] = (p2_trace[operation_idx].x - p1_trace[operation_idx].x);
+        if (num_point_adds_and_doubles > 0) {
+            parallel_for_range(num_point_adds_and_doubles, [&](size_t start, size_t end) {
+                for (size_t operation_idx = start; operation_idx < end; ++operation_idx) {
+                    if (is_double_or_add[operation_idx]) {
+                        inverse_trace[operation_idx] = (p1_trace[operation_idx].y + p1_trace[operation_idx].y);
+                    } else {
+                        inverse_trace[operation_idx] = (p2_trace[operation_idx].x - p1_trace[operation_idx].x);
+                    }
                 }
-            }
-            FF::batch_invert(&inverse_trace[start], end - start);
-        });
+                FF::batch_invert(&inverse_trace[start], end - start);
+            });
+        }
 
         // complete the computation of the ECCVM execution trace, by adding the affine intermediate point data
         // i.e. row.accumulator_x, row.accumulator_y, row.add_state[0...3].collision_inverse,

barretenberg/cpp/src/barretenberg/stdlib/hash/poseidon2/poseidon2.test.cpp

@@ -249,9 +249,9 @@ template <typename Builder> class StdlibPoseidon2 : public testing::Test {
         }
 
         // The domain separation IV depends on the input size, therefore, the hashes must not coincide.
+        EXPECT_NE(hashes[0], hashes[1]);
         EXPECT_NE(hashes[1], hashes[2]);
-        EXPECT_NE(hashes[2], hashes[3]);
-        EXPECT_NE(hashes[1], hashes[3]);
+        EXPECT_NE(hashes[0], hashes[2]);
     }
 
     // Test vectors and the expected values are taken from https://github.com/zemse/poseidon2-evm