fix: guard debug-only pairing point validation and logderivative span OOB

AztecBot · AztecBot · commit 46d1d7187e3b · 2026-04-05T05:43:59.000Z
Two fixes for the nightly barretenberg debug build:

1. PairingPoints: Add on_curve() checks before constructing native PairingPoints
   in debug blocks. Zero-initialized witness values during VK generation are not
   valid curve points, causing reduced_ate_pairing_batch_precomputed to abort.

2. logderivative_library: Clamp batch_invert range to the polynomial's actual
   (non-virtual) data size. When multithreaded chunks exceed the polynomial's
   real size, _GLIBCXX_DEBUG span bounds checking catches the OOB access.
diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/logderivative_library.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/logderivative_library.hpp
@@ -59,11 +59,17 @@ void compute_logderivative_inverse(Polynomials& polynomials, auto& relation_para
             });
             inverse_polynomial.at(i) = denominator;
         }
-        FF* ffstart = &inverse_polynomial.coeffs()[start];
-        std::span<FF> to_invert(ffstart, end - start);
-        // Compute inverse polynomial I in place by inverting the product at each row
-        // Note: zeroes are ignored as they are not used anyway
-        FF::batch_invert(to_invert);
+        // Clamp to the polynomial's actual (non-virtual) data range; virtual zero elements need no inversion.
+        const size_t actual_size = inverse_polynomial.size();
+        const size_t clamped_start = std::min(start, actual_size);
+        const size_t clamped_end = std::min(end, actual_size);
+        if (clamped_start < clamped_end) {
+            FF* ffstart = &inverse_polynomial.coeffs()[clamped_start];
+            std::span<FF> to_invert(ffstart, clamped_end - clamped_start);
+            // Compute inverse polynomial I in place by inverting the product at each row
+            // Note: zeroes are ignored as they are not used anyway
+            FF::batch_invert(to_invert);
+        }
     };
     if constexpr (UseMultithreading) {
         parallel_for([&](const ThreadChunk& chunk) {
diff --git a/barretenberg/cpp/src/barretenberg/stdlib/primitives/pairing_points.hpp b/barretenberg/cpp/src/barretenberg/stdlib/primitives/pairing_points.hpp
@@ -54,8 +54,14 @@ template <typename Curve> struct PairingPoints {
         }
 
 #ifndef NDEBUG
-        bb::PairingPoints<typename Curve::NativeCurve> native_pp(P0().get_value(), P1().get_value());
-        info("Are Pairing Points with tag ", tag_index, " valid? ", native_pp.check() ? "true" : "false");
+        auto p0_val = P0().get_value();
+        auto p1_val = P1().get_value();
+        if (p0_val.on_curve() && p1_val.on_curve()) {
+            bb::PairingPoints<typename Curve::NativeCurve> native_pp(p0_val, p1_val);
+            info("Are Pairing Points with tag ", tag_index, " valid? ", native_pp.check() ? "true" : "false");
+        } else {
+            info("Are Pairing Points with tag ", tag_index, " valid? false (point not on curve)");
+        }
 #endif
     }
 
@@ -210,8 +216,15 @@ template <typename Curve> struct PairingPoints {
         }
 
 #ifndef NDEBUG
-        bb::PairingPoints<typename Curve::NativeCurve> native_pp(P0().get_value(), P1().get_value());
-        info("Are aggregated Pairing Points with tag ", tag_index, " valid? ", native_pp.check() ? "true" : "false");
+        auto p0_val = P0().get_value();
+        auto p1_val = P1().get_value();
+        if (p0_val.on_curve() && p1_val.on_curve()) {
+            bb::PairingPoints<typename Curve::NativeCurve> native_pp(p0_val, p1_val);
+            info(
+                "Are aggregated Pairing Points with tag ", tag_index, " valid? ", native_pp.check() ? "true" : "false");
+        } else {
+            info("Are aggregated Pairing Points with tag ", tag_index, " valid? false (point not on curve)");
+        }
 #endif
     }
 
