input validation 3

.circleci/config.yml

@@ -7,7 +7,7 @@ jobs:
   # All checks on the codebase that can run in parallel to build_shared_library
   libwasmvm_sanity:
     docker:
-      - image: cimg/rust:1.81.0
+      - image: cimg/rust:1.86.0
     steps:
       - checkout
       - run:
@@ -18,8 +18,8 @@ jobs:
           command: rustup component add rustfmt
       - restore_cache:
           keys:
-            - cargocache-v3-libwasmvm_sanity-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
-            - cargocache-v3-libwasmvm_sanity-rust:1.81.0-
+            - cargocache-v3-libwasmvm_sanity-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
+            - cargocache-v3-libwasmvm_sanity-rust:1.86.0-
       - run:
           name: Ensure libwasmvm/bindings.h is up-to-date
           working_directory: libwasmvm
@@ -62,7 +62,7 @@ jobs:
             - libwasmvm/target/release/.fingerprint
             - libwasmvm/target/release/build
             - libwasmvm/target/release/deps
-          key: cargocache-v3-libwasmvm_sanity-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
+          key: cargocache-v3-libwasmvm_sanity-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
 
   libwasmvm_clippy:
     parameters:
@@ -113,15 +113,15 @@ jobs:
           command: |
             set -o errexit
             curl -sS --output rustup-init.exe https://static.rust-lang.org/rustup/dist/x86_64-pc-windows-msvc/rustup-init.exe
-            ./rustup-init.exe --no-modify-path --profile minimal --default-toolchain 1.81.0 -y
+            ./rustup-init.exe --no-modify-path --profile minimal --default-toolchain 1.86.0 -y
             echo 'export PATH="$PATH;$USERPROFILE/.cargo/bin"' >> "$BASH_ENV"
       - run:
           name: Show Rust version information
           command: rustc --version; cargo --version; rustup --version
       - restore_cache:
           keys:
-            - cachev4-libwasmvm_sanity_windows-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
-            - cachev4-libwasmvm_sanity_windows-rust:1.81.0-
+            - cachev4-libwasmvm_sanity_windows-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
+            - cachev4-libwasmvm_sanity_windows-rust:1.86.0-
       - run:
           name: Run unit tests
           working_directory: libwasmvm
@@ -133,13 +133,13 @@ jobs:
             - libwasmvm/target/debug/.fingerprint
             - libwasmvm/target/debug/build
             - libwasmvm/target/debug/deps
-          key: cachev4-libwasmvm_sanity_windows-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
+          key: cachev4-libwasmvm_sanity_windows-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
 
   libwasmvm_audit:
     docker:
       # The audit tool might use a more modern Rust version than the build jobs. See
       # "Tooling Rust compiler" in docs/COMPILER_VERSIONS.md
-      - image: cimg/rust:1.81.0
+      - image: cimg/rust:1.86.0
     steps:
       - checkout
       - run:
@@ -152,8 +152,8 @@ jobs:
           command: rustc --version; cargo --version; rustup --version
       - restore_cache:
           keys:
-            - v3-libwasmvm_audit-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
-            - v3-libwasmvm_audit-rust:1.81.0-
+            - v3-libwasmvm_audit-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
+            - v3-libwasmvm_audit-rust:1.86.0-
       - run:
           name: Install cargo-audit
           command: cargo install --debug cargo-audit --version 0.21.0 --locked
@@ -164,7 +164,7 @@ jobs:
       - save_cache:
           paths:
             - ~/.cargo/registry
-          key: v3-libwasmvm_audit-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
+          key: v3-libwasmvm_audit-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
 
   format-go:
     docker:
@@ -294,7 +294,7 @@ jobs:
             - libwasmvm/target/release/.fingerprint
             - libwasmvm/target/release/build
             - libwasmvm/target/release/deps
-          key: cargocache-v3-build_shared_library-rust:1.81.0-{{ checksum "libwasmvm/Cargo.lock" }}
+          key: cargocache-v3-build_shared_library-rust:1.86.0-{{ checksum "libwasmvm/Cargo.lock" }}
 
   # Test the Go project and run benchmarks
   wasmvm_test:
@@ -456,7 +456,7 @@ workflows:
           matrix:
             parameters:
               # Run with MSRV and some modern stable Rust
-              rust-version: ["1.81.0", "1.82.0"]
+              rust-version: ["1.86.0", "1.86.0"]
       - libwasmvm_audit
       - format-go
       - wasmvm_no_cgo

.cursor/rules/project-description.mdc

@@ -0,0 +1,6 @@
+---
+description: 
+globs: 
+alwaysApply: true
+---
+This project is written in go, c and rust, and it serves as the interop layer between cosmwasm's vm and cosmos blockchains written in go.  Please be attentive to the multi-lingual nature of the project when working with it.

.github/workflows/bat.yml

@@ -0,0 +1,27 @@
+on: [push, pull_request]
+name: Test
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: [1.24.x]
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - run: make test
+  build:
+    strategy:
+      matrix:
+        go-version: [1.24.x]
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - run: make build

.github/workflows/cargo-audit.yml

@@ -0,0 +1,38 @@
+name: Cargo Audit
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/cargo-audit.yml"
+  pull_request:
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/cargo-audit.yml"
+  schedule:
+    - cron: "0 0 * * 0" # Run weekly on Sundays at midnight
+
+jobs:
+  cargo-audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit
+
+      - name: Run cargo audit
+        working-directory: ./libwasmvm
+        run: cargo audit
+        continue-on-error: ${{ github.event_name == 'schedule' }} # Don't fail scheduled runs
+
+      - name: Run cargo audit with ignore unmaintained
+        working-directory: ./libwasmvm
+        run: cargo audit --ignore RUSTSEC-2024-0436 --ignore RUSTSEC-2024-0370
+        # These are the unmaintained crates we're already tracking in deny.toml

.github/workflows/lint-go.yml

@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: "1.23.4"
+          go-version: "1.24"
           cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v7

Makefile

@@ -61,7 +61,7 @@ build-go:
 .PHONY: test
 test:
 	# Use package list mode to include all subdirectores. The -count=1 turns off caching.
-	RUST_BACKTRACE=1 go test -v -count=1 ./...
+	CGO_ENABLED=1 RUST_BACKTRACE=1 go test -v -count=1 ./...
 
 .PHONY: test-safety
 test-safety:

internal/api/api_test.go

@@ -30,7 +30,7 @@ func TestValidateAddressFailure(t *testing.T) {
 
 	// if the human address is larger than 32 bytes, this will lead to an error in the go side
 	longName := "long123456789012345678901234567890long"
-	msg := []byte(`{"verifier": "` + longName + `", "beneficiary": "bob"}`)
+	msg := []byte(`{"verifier": "` + longName + `", "beneficiary": "` + SafeBech32Address("bob") + `"}`)
 
 	// make sure the call doesn't error, but we get a JSON-encoded error result from ContractResult
 	igasMeter := types.GasMeter(gasMeter)
@@ -41,7 +41,6 @@ func TestValidateAddressFailure(t *testing.T) {
 	require.NoError(t, err)
 
 	// ensure the error message is what we expect
-	require.Nil(t, result.Ok)
-	// with this error
-	require.Equal(t, "Generic error: addr_validate errored: human encoding too long", result.Err)
+	require.NotNil(t, result.Err)
+	require.Contains(t, result.Err, "addr_validate errored: Invalid Bech32 address")
 }

internal/api/bindings.h

@@ -1,6 +1,6 @@
 /* Licensed under Apache-2.0. Copyright see https://github.com/CosmWasm/wasmvm/blob/main/NOTICE. */
 
-/* Generated with cbindgen:0.27.0 */
+/* Generated with cbindgen:0.28.0 */
 
 /* Warning, this file is autogenerated by cbindgen. Don't modify this manually. */
 
@@ -9,6 +9,8 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+#define MAX_ADDRESS_LENGTH 256
+
 enum ErrnoValue {
   ErrnoValue_Success = 0,
   ErrnoValue_Other = 1,
@@ -53,6 +55,12 @@ enum GoError {
 };
 typedef int32_t GoError;
 
+/**
+ * A safety wrapper around UnmanagedVector that prevents double consumption
+ * of the same vector and adds additional safety checks
+ */
+typedef struct SafeUnmanagedVector SafeUnmanagedVector;
+
 typedef struct cache_t {
 
 } cache_t;
@@ -171,7 +179,7 @@ typedef struct ByteSliceView {
  * let mut mutable: Vec<u8> = input.consume().unwrap_or_default();
  * assert_eq!(mutable, vec![0xAA]);
  *
- * // `input` is now gone and we can do everything we want to `mutable`,
+ * // `input` is now gone and we cam do everything we want to `mutable`,
  * // including operations that reallocate the underlying data.
  *
  * mutable.push(0xBB);
@@ -425,6 +433,15 @@ struct UnmanagedVector store_code(struct cache_t *cache,
                                   bool persist,
                                   struct UnmanagedVector *error_msg);
 
+/**
+ * A safer version of store_code that returns a SafeUnmanagedVector to prevent double-free issues
+ */
+struct SafeUnmanagedVector *store_code_safe(struct cache_t *cache,
+                                            struct ByteSliceView wasm,
+                                            bool checked,
+                                            bool persist,
+                                            struct UnmanagedVector *error_msg);
+
 void remove_wasm(struct cache_t *cache,
                  struct ByteSliceView checksum,
                  struct UnmanagedVector *error_msg);
@@ -433,6 +450,13 @@ struct UnmanagedVector load_wasm(struct cache_t *cache,
                                  struct ByteSliceView checksum,
                                  struct UnmanagedVector *error_msg);
 
+/**
+ * A safer version of load_wasm that returns a SafeUnmanagedVector to prevent double-free issues
+ */
+struct SafeUnmanagedVector *load_wasm_safe(struct cache_t *cache,
+                                           struct ByteSliceView checksum,
+                                           struct UnmanagedVector *error_msg);
+
 void pin(struct cache_t *cache, struct ByteSliceView checksum, struct UnmanagedVector *error_msg);
 
 void unpin(struct cache_t *cache, struct ByteSliceView checksum, struct UnmanagedVector *error_msg);
@@ -664,8 +688,68 @@ struct UnmanagedVector ibc2_packet_timeout(struct cache_t *cache,
 
 struct UnmanagedVector new_unmanaged_vector(bool nil, const uint8_t *ptr, uintptr_t length);
 
+/**
+ * Creates a new SafeUnmanagedVector from provided data
+ * This function provides a safer alternative to new_unmanaged_vector
+ * by returning a reference to a heap-allocated SafeUnmanagedVector
+ * which includes consumption tracking.
+ *
+ * # Safety
+ *
+ * The returned pointer must be freed exactly once using destroy_safe_unmanaged_vector.
+ * The caller is responsible for ensuring this happens.
+ */
+struct SafeUnmanagedVector *new_safe_unmanaged_vector(bool nil,
+                                                      const uint8_t *ptr,
+                                                      uintptr_t length);
+
+/**
+ * Safely destroys a SafeUnmanagedVector, handling consumption tracking
+ * to prevent double-free issues.
+ *
+ * # Safety
+ *
+ * The pointer must have been created with new_safe_unmanaged_vector.
+ * After this call, the pointer must not be used again.
+ */
+void destroy_safe_unmanaged_vector(struct SafeUnmanagedVector *v);
+
 void destroy_unmanaged_vector(struct UnmanagedVector v);
 
+/**
+ * Checks if a SafeUnmanagedVector contains a None value
+ *
+ * # Safety
+ *
+ * The pointer must point to a valid SafeUnmanagedVector created with
+ * new_safe_unmanaged_vector or a related function.
+ */
+bool safe_unmanaged_vector_is_none(const struct SafeUnmanagedVector *v);
+
+/**
+ * Gets the length of a SafeUnmanagedVector
+ * Returns 0 if the vector is None or has been consumed
+ *
+ * # Safety
+ *
+ * The pointer must point to a valid SafeUnmanagedVector created with
+ * new_safe_unmanaged_vector or a related function.
+ */
+uintptr_t safe_unmanaged_vector_length(const struct SafeUnmanagedVector *v);
+
+/**
+ * Copies the content of a SafeUnmanagedVector into a newly allocated Go byte slice
+ * Returns a pointer to the data and its length, which must be freed by Go
+ *
+ * # Safety
+ *
+ * The pointer must point to a valid SafeUnmanagedVector created with
+ * new_safe_unmanaged_vector or a related function.
+ */
+bool safe_unmanaged_vector_to_bytes(struct SafeUnmanagedVector *v,
+                                    uint8_t **output_data,
+                                    uintptr_t *output_len);
+
 /**
  * Returns a version number of this library as a C string.
  *