Delete RuntimeVariableList::from_vec (sigp#7930)

michaelsproul · web-flow · commit d235f2c69708 · 2025-08-27T06:52:14.000Z
This method is a footgun because it truncates the list. It is the source of a recent bug: - sigp#7927 - Delete uses of `RuntimeVariableList::from_vec` and replace them with `::new` which does validation and can fail. - Propagate errors where possible, unwrap in tests and use `expect` for obviously-safe uses (in `chain_spec.rs`).
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/beacon_node/lighthouse_network/src/rpc/codec.rs b/beacon_node/lighthouse_network/src/rpc/codec.rs
@@ -1089,11 +1089,11 @@ mod tests {
     }
 
     fn bbroot_request_v1(fork_name: ForkName, spec: &ChainSpec) -> BlocksByRootRequest {
-        BlocksByRootRequest::new_v1(vec![Hash256::zero()], &fork_context(fork_name, spec))
+        BlocksByRootRequest::new_v1(vec![Hash256::zero()], &fork_context(fork_name, spec)).unwrap()
     }
 
     fn bbroot_request_v2(fork_name: ForkName, spec: &ChainSpec) -> BlocksByRootRequest {
-        BlocksByRootRequest::new(vec![Hash256::zero()], &fork_context(fork_name, spec))
+        BlocksByRootRequest::new(vec![Hash256::zero()], &fork_context(fork_name, spec)).unwrap()
     }
 
     fn blbroot_request(fork_name: ForkName, spec: &ChainSpec) -> BlobsByRootRequest {
@@ -1104,6 +1104,7 @@ mod tests {
             }],
             &fork_context(fork_name, spec),
         )
+        .unwrap()
     }
 
     fn ping_message() -> Ping {
diff --git a/beacon_node/lighthouse_network/src/rpc/methods.rs b/beacon_node/lighthouse_network/src/rpc/methods.rs
@@ -481,20 +481,22 @@ pub struct BlocksByRootRequest {
 }
 
 impl BlocksByRootRequest {
-    pub fn new(block_roots: Vec<Hash256>, fork_context: &ForkContext) -> Self {
+    pub fn new(block_roots: Vec<Hash256>, fork_context: &ForkContext) -> Result<Self, String> {
         let max_request_blocks = fork_context
             .spec
             .max_request_blocks(fork_context.current_fork_name());
-        let block_roots = RuntimeVariableList::from_vec(block_roots, max_request_blocks);
-        Self::V2(BlocksByRootRequestV2 { block_roots })
+        let block_roots = RuntimeVariableList::new(block_roots, max_request_blocks)
+            .map_err(|e| format!("BlocksByRootRequestV2 too many roots: {e:?}"))?;
+        Ok(Self::V2(BlocksByRootRequestV2 { block_roots }))
     }
 
-    pub fn new_v1(block_roots: Vec<Hash256>, fork_context: &ForkContext) -> Self {
+    pub fn new_v1(block_roots: Vec<Hash256>, fork_context: &ForkContext) -> Result<Self, String> {
         let max_request_blocks = fork_context
             .spec
             .max_request_blocks(fork_context.current_fork_name());
-        let block_roots = RuntimeVariableList::from_vec(block_roots, max_request_blocks);
-        Self::V1(BlocksByRootRequestV1 { block_roots })
+        let block_roots = RuntimeVariableList::new(block_roots, max_request_blocks)
+            .map_err(|e| format!("BlocksByRootRequestV1 too many roots: {e:?}"))?;
+        Ok(Self::V1(BlocksByRootRequestV1 { block_roots }))
     }
 }
 
@@ -506,12 +508,13 @@ pub struct BlobsByRootRequest {
 }
 
 impl BlobsByRootRequest {
-    pub fn new(blob_ids: Vec<BlobIdentifier>, fork_context: &ForkContext) -> Self {
+    pub fn new(blob_ids: Vec<BlobIdentifier>, fork_context: &ForkContext) -> Result<Self, String> {
         let max_request_blob_sidecars = fork_context
             .spec
             .max_request_blob_sidecars(fork_context.current_fork_name());
-        let blob_ids = RuntimeVariableList::from_vec(blob_ids, max_request_blob_sidecars);
-        Self { blob_ids }
+        let blob_ids = RuntimeVariableList::new(blob_ids, max_request_blob_sidecars)
+            .map_err(|e| format!("BlobsByRootRequestV1 too many blob IDs: {e:?}"))?;
+        Ok(Self { blob_ids })
     }
 }
 
@@ -526,9 +529,10 @@ impl<E: EthSpec> DataColumnsByRootRequest<E> {
     pub fn new(
         data_column_ids: Vec<DataColumnsByRootIdentifier<E>>,
         max_request_blocks: usize,
-    ) -> Self {
-        let data_column_ids = RuntimeVariableList::from_vec(data_column_ids, max_request_blocks);
-        Self { data_column_ids }
+    ) -> Result<Self, &'static str> {
+        let data_column_ids = RuntimeVariableList::new(data_column_ids, max_request_blocks)
+            .map_err(|_| "DataColumnsByRootRequest too many column IDs")?;
+        Ok(Self { data_column_ids })
     }
 
     pub fn max_requested(&self) -> usize {
diff --git a/beacon_node/lighthouse_network/tests/rpc_tests.rs b/beacon_node/lighthouse_network/tests/rpc_tests.rs
@@ -831,7 +831,7 @@ fn test_tcp_blocks_by_root_chunked_rpc() {
         // BlocksByRoot Request
         let rpc_request =
             RequestType::BlocksByRoot(BlocksByRootRequest::V2(BlocksByRootRequestV2 {
-                block_roots: RuntimeVariableList::from_vec(
+                block_roots: RuntimeVariableList::new(
                     vec![
                         Hash256::zero(),
                         Hash256::zero(),
@@ -841,7 +841,8 @@ fn test_tcp_blocks_by_root_chunked_rpc() {
                         Hash256::zero(),
                     ],
                     spec.max_request_blocks(current_fork_name),
-                ),
+                )
+                .unwrap(),
             }));
 
         // BlocksByRoot Response
@@ -991,7 +992,8 @@ fn test_tcp_columns_by_root_chunked_rpc() {
                 max_request_blocks
             ],
             max_request_blocks,
-        );
+        )
+        .unwrap();
         let req_bytes = req.data_column_ids.as_ssz_bytes();
         let req_decoded = DataColumnsByRootRequest {
             data_column_ids: <RuntimeVariableList<DataColumnsByRootIdentifier<E>>>::from_ssz_bytes(
@@ -1281,7 +1283,7 @@ fn test_tcp_blocks_by_root_chunked_rpc_terminates_correctly() {
         // BlocksByRoot Request
         let rpc_request =
             RequestType::BlocksByRoot(BlocksByRootRequest::V2(BlocksByRootRequestV2 {
-                block_roots: RuntimeVariableList::from_vec(
+                block_roots: RuntimeVariableList::new(
                     vec![
                         Hash256::zero(),
                         Hash256::zero(),
@@ -1295,7 +1297,8 @@ fn test_tcp_blocks_by_root_chunked_rpc_terminates_correctly() {
                         Hash256::zero(),
                     ],
                     spec.max_request_blocks(current_fork),
-                ),
+                )
+                .unwrap(),
             }));
 
         // BlocksByRoot Response
diff --git a/beacon_node/network/src/sync/network_context.rs b/beacon_node/network/src/sync/network_context.rs
@@ -865,10 +865,15 @@ impl<T: BeaconChainTypes> SyncNetworkContext<T> {
         // - RPCError(request_id): handled by `Self::on_single_block_response`
         // - Disconnect(peer_id) handled by `Self::peer_disconnected``which converts it to a
         // ` RPCError(request_id)`event handled by the above method
+        let network_request = RequestType::BlocksByRoot(
+            request
+                .into_request(&self.fork_context)
+                .map_err(RpcRequestSendError::InternalError)?,
+        );
         self.network_send
             .send(NetworkMessage::SendRequest {
                 peer_id,
-                request: RequestType::BlocksByRoot(request.into_request(&self.fork_context)),
+                request: network_request,
                 app_request_id: AppRequestId::Sync(SyncRequestId::SingleBlock { id }),
             })
             .map_err(|_| RpcRequestSendError::InternalError("network send error".to_owned()))?;
@@ -959,10 +964,16 @@ impl<T: BeaconChainTypes> SyncNetworkContext<T> {
         };
 
         // Lookup sync event safety: Refer to `Self::block_lookup_request` `network_send.send` call
+        let network_request = RequestType::BlobsByRoot(
+            request
+                .clone()
+                .into_request(&self.fork_context)
+                .map_err(RpcRequestSendError::InternalError)?,
+        );
         self.network_send
             .send(NetworkMessage::SendRequest {
                 peer_id,
-                request: RequestType::BlobsByRoot(request.clone().into_request(&self.fork_context)),
+                request: network_request,
                 app_request_id: AppRequestId::Sync(SyncRequestId::SingleBlob { id }),
             })
             .map_err(|_| RpcRequestSendError::InternalError("network send error".to_owned()))?;
diff --git a/beacon_node/network/src/sync/network_context/requests/blobs_by_root.rs b/beacon_node/network/src/sync/network_context/requests/blobs_by_root.rs
@@ -11,7 +11,7 @@ pub struct BlobsByRootSingleBlockRequest {
 }
 
 impl BlobsByRootSingleBlockRequest {
-    pub fn into_request(self, spec: &ForkContext) -> BlobsByRootRequest {
+    pub fn into_request(self, spec: &ForkContext) -> Result<BlobsByRootRequest, String> {
         BlobsByRootRequest::new(
             self.indices
                 .into_iter()
diff --git a/beacon_node/network/src/sync/network_context/requests/blocks_by_root.rs b/beacon_node/network/src/sync/network_context/requests/blocks_by_root.rs
@@ -9,7 +9,8 @@ use super::{ActiveRequestItems, LookupVerifyError};
 pub struct BlocksByRootSingleRequest(pub Hash256);
 
 impl BlocksByRootSingleRequest {
-    pub fn into_request(self, fork_context: &ForkContext) -> BlocksByRootRequest {
+    pub fn into_request(self, fork_context: &ForkContext) -> Result<BlocksByRootRequest, String> {
+        // This should always succeed (single block root), but we return a `Result` for safety.
         BlocksByRootRequest::new(vec![self.0], fork_context)
     }
 }
diff --git a/beacon_node/network/src/sync/network_context/requests/data_columns_by_root.rs b/beacon_node/network/src/sync/network_context/requests/data_columns_by_root.rs
@@ -21,13 +21,13 @@ impl DataColumnsByRootSingleBlockRequest {
     ) -> Result<DataColumnsByRootRequest<E>, &'static str> {
         let columns = VariableList::new(self.indices)
             .map_err(|_| "Number of indices exceeds total number of columns")?;
-        Ok(DataColumnsByRootRequest::new(
+        DataColumnsByRootRequest::new(
             vec![DataColumnsByRootIdentifier {
                 block_root: self.block_root,
                 columns,
             }],
             spec.max_request_blocks(fork_name),
-        ))
+        )
     }
 }
 
diff --git a/beacon_node/network/src/sync/tests/lookups.rs b/beacon_node/network/src/sync/tests/lookups.rs
@@ -2303,7 +2303,7 @@ mod deneb_only {
                 block,
                 self.unknown_parent_blobs
                     .take()
-                    .map(|vec| RuntimeVariableList::from_vec(vec, max_len)),
+                    .map(|vec| RuntimeVariableList::new(vec, max_len).unwrap()),
             )
             .unwrap();
             self.rig.parent_block_processed(
diff --git a/beacon_node/store/Cargo.toml b/beacon_node/store/Cargo.toml
@@ -25,6 +25,7 @@ redb = { version = "2.1.3", optional = true }
 safe_arith = { workspace = true }
 serde = { workspace = true }
 smallvec = { workspace = true }
+ssz_types = { workspace = true }
 state_processing = { workspace = true }
 strum = { workspace = true }
 superstruct = { workspace = true }
diff --git a/beacon_node/store/src/errors.rs b/beacon_node/store/src/errors.rs
@@ -69,6 +69,7 @@ pub enum Error {
     CacheBuildError(EpochCacheError),
     RandaoMixOutOfBounds,
     MilhouseError(milhouse::Error),
+    SszTypesError(ssz_types::Error),
     Compression(std::io::Error),
     FinalizedStateDecreasingSlot,
     FinalizedStateUnaligned,
@@ -161,6 +162,12 @@ impl From<milhouse::Error> for Error {
     }
 }
 
+impl From<ssz_types::Error> for Error {
+    fn from(e: ssz_types::Error) -> Self {
+        Self::SszTypesError(e)
+    }
+}
+
 impl From<hdiff::Error> for Error {
     fn from(e: hdiff::Error) -> Self {
         Self::Hdiff(e)
diff --git a/beacon_node/store/src/hot_cold_store.rs b/beacon_node/store/src/hot_cold_store.rs
@@ -2478,7 +2478,7 @@ impl<E: EthSpec, Hot: ItemStore<E>, Cold: ItemStore<E>> HotColdDB<E, Hot, Cold>
                     .first()
                     .map(|blob| self.spec.max_blobs_per_block(blob.epoch()))
                 {
-                    let blobs = BlobSidecarList::from_vec(blobs, max_blobs_per_block as usize);
+                    let blobs = BlobSidecarList::new(blobs, max_blobs_per_block as usize)?;
                     self.block_cache
                         .lock()
                         .put_blobs(*block_root, blobs.clone());
diff --git a/consensus/types/src/blob_sidecar.rs b/consensus/types/src/blob_sidecar.rs
@@ -84,6 +84,7 @@ pub enum BlobSidecarError {
     MissingKzgCommitment,
     BeaconState(BeaconStateError),
     MerkleTree(MerkleTreeError),
+    SszTypes(ssz_types::Error),
     ArithError(ArithError),
 }
 
@@ -283,10 +284,11 @@ impl<E: EthSpec> BlobSidecar<E> {
             let blob_sidecar = BlobSidecar::new(i, blob, block, *kzg_proof)?;
             blob_sidecars.push(Arc::new(blob_sidecar));
         }
-        Ok(RuntimeVariableList::from_vec(
+        RuntimeVariableList::new(
             blob_sidecars,
             spec.max_blobs_per_block(block.epoch()) as usize,
-        ))
+        )
+        .map_err(BlobSidecarError::SszTypes)
     }
 }
 
diff --git a/consensus/types/src/chain_spec.rs b/consensus/types/src/chain_spec.rs
@@ -2001,10 +2001,11 @@ const fn default_min_epochs_for_data_column_sidecars_requests() -> u64 {
 
 fn max_blocks_by_root_request_common(max_request_blocks: u64) -> usize {
     let max_request_blocks = max_request_blocks as usize;
-    RuntimeVariableList::<Hash256>::from_vec(
+    RuntimeVariableList::<Hash256>::new(
         vec![Hash256::zero(); max_request_blocks],
         max_request_blocks,
     )
+    .expect("creating a RuntimeVariableList of size `max_request_blocks` should succeed")
     .as_ssz_bytes()
     .len()
 }
@@ -2016,10 +2017,11 @@ fn max_blobs_by_root_request_common(max_request_blob_sidecars: u64) -> usize {
         index: 0,
     };
 
-    RuntimeVariableList::<BlobIdentifier>::from_vec(
+    RuntimeVariableList::<BlobIdentifier>::new(
         vec![empty_blob_identifier; max_request_blob_sidecars],
         max_request_blob_sidecars,
     )
+    .expect("creating a RuntimeVariableList of size `max_request_blob_sidecars` should succeed")
     .as_ssz_bytes()
     .len()
 }
@@ -2032,10 +2034,11 @@ fn max_data_columns_by_root_request_common<E: EthSpec>(max_request_blocks: u64)
         columns: VariableList::from(vec![0; E::number_of_columns()]),
     };
 
-    RuntimeVariableList::<DataColumnsByRootIdentifier<E>>::from_vec(
+    RuntimeVariableList::<DataColumnsByRootIdentifier<E>>::new(
         vec![empty_data_columns_by_root_id; max_request_blocks],
         max_request_blocks,
     )
+    .expect("creating a RuntimeVariableList of size `max_request_blocks` should succeed")
     .as_ssz_bytes()
     .len()
 }
diff --git a/consensus/types/src/runtime_var_list.rs b/consensus/types/src/runtime_var_list.rs

Original file line number	Diff line number	Diff line change
`@@ -1089,11 +1089,11 @@ mod tests {`
`1089`	`1089`	`}`
`1090`	`1090`
`1091`	`1091`	`fn bbroot_request_v1(fork_name: ForkName, spec: &ChainSpec) -> BlocksByRootRequest {`
`1092`		`- BlocksByRootRequest::new_v1(vec![Hash256::zero()], &fork_context(fork_name, spec))`
	`1092`	`+ BlocksByRootRequest::new_v1(vec![Hash256::zero()], &fork_context(fork_name, spec)).unwrap()`
`1093`	`1093`	`}`
`1094`	`1094`
`1095`	`1095`	`fn bbroot_request_v2(fork_name: ForkName, spec: &ChainSpec) -> BlocksByRootRequest {`
`1096`		`- BlocksByRootRequest::new(vec![Hash256::zero()], &fork_context(fork_name, spec))`
	`1096`	`+ BlocksByRootRequest::new(vec![Hash256::zero()], &fork_context(fork_name, spec)).unwrap()`
`1097`	`1097`	`}`
`1098`	`1098`
`1099`	`1099`	`fn blbroot_request(fork_name: ForkName, spec: &ChainSpec) -> BlobsByRootRequest {`
`@@ -1104,6 +1104,7 @@ mod tests {`
`1104`	`1104`	`}],`
`1105`	`1105`	`&fork_context(fork_name, spec),`
`1106`	`1106`	`)`
	`1107`	`+ .unwrap()`
`1107`	`1108`	`}`
`1108`	`1109`
`1109`	`1110`	`fn ping_message() -> Ping {`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ pub struct BlobsByRootSingleBlockRequest {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`impl BlobsByRootSingleBlockRequest {`
`14`		`- pub fn into_request(self, spec: &ForkContext) -> BlobsByRootRequest {`
	`14`	`+ pub fn into_request(self, spec: &ForkContext) -> Result<BlobsByRootRequest, String> {`
`15`	`15`	`BlobsByRootRequest::new(`
`16`	`16`	`self.indices`
`17`	`17`	`.into_iter()`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,8 @@ use super::{ActiveRequestItems, LookupVerifyError};`
`9`	`9`	`pub struct BlocksByRootSingleRequest(pub Hash256);`
`10`	`10`
`11`	`11`	`impl BlocksByRootSingleRequest {`
`12`		`- pub fn into_request(self, fork_context: &ForkContext) -> BlocksByRootRequest {`
	`12`	`+ pub fn into_request(self, fork_context: &ForkContext) -> Result<BlocksByRootRequest, String> {`
	`13`	+ // This should always succeed (single block root), but we return a `Result` for safety.
`13`	`14`	`BlocksByRootRequest::new(vec![self.0], fork_context)`
`14`	`15`	`}`
`15`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2303,7 +2303,7 @@ mod deneb_only {`
`2303`	`2303`	`block,`
`2304`	`2304`	`self.unknown_parent_blobs`
`2305`	`2305`	`.take()`
`2306`		`- .map(\|vec\| RuntimeVariableList::from_vec(vec, max_len)),`
	`2306`	`+ .map(\|vec\| RuntimeVariableList::new(vec, max_len).unwrap()),`
`2307`	`2307`	`)`
`2308`	`2308`	`.unwrap();`
`2309`	`2309`	`self.rig.parent_block_processed(`