[L-2] Sumcheck blinding padding uses unchecked shift

[this-vishalsingh]

• Context: provekit/prover/src/whir_r1cs.rs

Description

The run_zk_sumcheck_prover computes target_b = 1usize << (blinding_num_vars - 1) based on whir_for_blinding_of_spartan_config.mv_parameters.num_variables without validating that num_variables >= 1 and is within a safe shift range. A malformed/attacker-controlled deserialized config can trigger underflow/panic.

Additionally, flat.resize(target_b, ...) can attempt to allocate a vector of size 2^(num_variables-1), which can be abused to cause memory exhaustion if num_variables is unexpectedly large.

• Impacted code :

let blinding_num_vars = whir_for_blinding_of_spartan_config
    .mv_parameters
    .num_variables;
let target_b = 1usize << (blinding_num_vars - 1);

let mut flat = blinding_polynomial
    .iter()
    .flatten()
    .cloned()
    .collect::<Vec<_>>();

if flat.len() < target_b {
    flat.resize(target_b, FieldElement::zero());
}

Recommendation

Before allocating/resizing, validate num_variables is within expected bounds and use checked shift (checked_shl) to compute sizes. Return an error (not panic) when bounds are violated.