mirror of
https://github.com/ruvnet/RuView
synced 2026-07-12 15:43:18 +00:00
37764be55c
Beyond-SOTA security review of the ADR-089 NV-diamond simulator (milestone #9, crate 2 of 4). Two real degenerate-input findings, each pinned fails-on-old: NVSIM-DT-01 (config panic/DoS, pipeline.rs): an external f_s_hz == 0 made dt == +Inf, dt_us saturated to u64::MAX, and `sample * dt_us` panicked with "attempt to multiply with overflow" at sample >= 2 (debug/WASM panic=abort; garbage t_us in release). Fix: sanitise dt (non-finite/non-positive -> 1 µs fallback), cap the u64 cast, and saturating_mul the timestamp. NVSIM-NAN-01 (NaN-state poisoning, digitiser.rs): a non-finite scene parameter (NaN dipole position / Inf moment / NaN loop radius) bypasses the near-field clamp (NaN < R_MIN_M is false) and yields a NaN field; at the ADC `NaN as i32` == 0 silently emitted b_pt=[0,0,0] with ADC_SATURATED CLEAR — indistinguishable from a legit zero-field reading. Fix at the funnel: adc_quantise treats any non-finite input as out-of-range -> clamps to code 0 AND raises the saturation flag, so the corruption is visible downstream. Determinism integrity, panic-free MagFrame deserialisation, and RNG seeding confirmed clean with evidence. The published cross-machine witness (cc8de9b0…93b4) is unchanged — guards only affect degenerate inputs. cargo test -p nvsim --no-default-features: 50 -> 53 passed, 0 failed. Workspace green; Python deterministic proof unchanged (f8e76f21…46f7a, nvsim off the signal proof path). Needs ADR slot 177. Co-Authored-By: claude-flow <ruv@ruv.net>