From 4996659bbd75df895eb90c07dc2a9afa16972145 Mon Sep 17 00:00:00 2001
From: Joe Doyle <joseph.doyle@trailofbits.com>
Date: Wed, 27 May 2026 16:01:19 -0400
Subject: [PATCH] Enforce UintRef slice length checks in release builds

Use assert! instead of debug_assert! for UintRef slice-copy length checks so mismatched lengths keep the documented panic behavior in optimized builds.

Add release-mode regression tests for copy_from_slice and conditional_copy_from_slice with longer source slices.

Co-authored-by: GPT 5.5 <gpt-5.5@openai.com>
---
 src/uint/ref_type/slice.rs | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/uint/ref_type/slice.rs b/src/uint/ref_type/slice.rs
index ca5b9078f..f8459051f 100644
--- a/src/uint/ref_type/slice.rs
+++ b/src/uint/ref_type/slice.rs
@@ -30,7 +30,7 @@ impl UintRef {
     #[track_caller]
     pub const fn copy_from_slice(&mut self, limbs: &[Limb]) {
         // TODO core::slice::copy_from_slice should eventually be const
-        debug_assert!(self.limbs.len() == limbs.len(), "length mismatch");
+        assert!(self.limbs.len() == limbs.len(), "length mismatch");
         let mut i = 0;
         while i < self.limbs.len() {
             self.limbs[i] = limbs[i];
@@ -45,7 +45,7 @@ impl UintRef {
     #[inline(always)]
     #[track_caller]
     pub const fn conditional_copy_from_slice(&mut self, limbs: &[Limb], copy: Choice) {
-        debug_assert!(self.limbs.len() == limbs.len(), "length mismatch");
+        assert!(self.limbs.len() == limbs.len(), "length mismatch");
         let mut i = 0;
         while i < self.limbs.len() {
             self.limbs[i] = Limb::select(self.limbs[i], limbs[i], copy);
@@ -120,3 +120,23 @@ impl UintRef {
         self.limbs.is_empty()
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::UintRef;
+    use crate::{Choice, Limb};
+
+    #[test]
+    #[should_panic(expected = "length mismatch")]
+    fn copy_from_slice_rejects_mismatched_lengths() {
+        let mut dst = [Limb::ZERO];
+        UintRef::new_mut(&mut dst).copy_from_slice(&[Limb::ONE, Limb(2)]);
+    }
+
+    #[test]
+    #[should_panic(expected = "length mismatch")]
+    fn conditional_copy_from_slice_rejects_mismatched_lengths() {
+        let mut dst = [Limb::ZERO];
+        UintRef::new_mut(&mut dst).conditional_copy_from_slice(&[Limb::ONE, Limb(2)], Choice::TRUE);
+    }
+}