fix: resolve UB in batch_invert and logderivative OOB in debug builds

AztecBot · AztecBot · commit e2886cd0a4ff · 2026-04-05T06:36:31.000Z
Two bugs causing nightly debug build SIGABRT (exit code 134):

1. batch_invert: reserve() + operator[] is UB — use resize() to properly
   allocate elements before indexing.

2. compute_logderivative_inverse: multithreaded path splits work by
   circuit_size but inverse_polynomial can be smaller, causing OOB span
   access. Clamp range to polynomial's actual data size.
diff --git a/barretenberg/cpp/src/barretenberg/ecc/fields/field_impl.hpp b/barretenberg/cpp/src/barretenberg/ecc/fields/field_impl.hpp
@@ -419,10 +419,8 @@ void field<T>::batch_invert(C& coeffs) noexcept
 {
     const size_t n = coeffs.size();
 
-    std::vector<field> temporaries;
-    std::vector<bool> skipped;
-    temporaries.reserve(n);
-    skipped.reserve(n);
+    std::vector<field> temporaries(n);
+    std::vector<bool> skipped(n);
 
     field accumulator = one();
     for (size_t i = 0; i < n; ++i) {
diff --git a/barretenberg/cpp/src/barretenberg/honk/proof_system/logderivative_library.hpp b/barretenberg/cpp/src/barretenberg/honk/proof_system/logderivative_library.hpp
@@ -59,11 +59,17 @@ void compute_logderivative_inverse(Polynomials& polynomials, auto& relation_para
             });
             inverse_polynomial.at(i) = denominator;
         }
-        FF* ffstart = &inverse_polynomial.coeffs()[start];
-        std::span<FF> to_invert(ffstart, end - start);
-        // Compute inverse polynomial I in place by inverting the product at each row
-        // Note: zeroes are ignored as they are not used anyway
-        FF::batch_invert(to_invert);
+        // Clamp to the polynomial's actual (non-virtual) data range; virtual zero elements need no inversion.
+        const size_t actual_size = inverse_polynomial.size();
+        const size_t clamped_start = std::min(start, actual_size);
+        const size_t clamped_end = std::min(end, actual_size);
+        if (clamped_start < clamped_end) {
+            FF* ffstart = &inverse_polynomial.coeffs()[clamped_start];
+            std::span<FF> to_invert(ffstart, clamped_end - clamped_start);
+            // Compute inverse polynomial I in place by inverting the product at each row
+            // Note: zeroes are ignored as they are not used anyway
+            FF::batch_invert(to_invert);
+        }
     };
     if constexpr (UseMultithreading) {
         parallel_for([&](const ThreadChunk& chunk) {
