Skip to content

Ported various bug fixes from the develop branch to nanos branch#429

Open
iartemov-ledger wants to merge 10 commits intonanosfrom
nano_updaate_2026-02-24
Open

Ported various bug fixes from the develop branch to nanos branch#429
iartemov-ledger wants to merge 10 commits intonanosfrom
nano_updaate_2026-02-24

Conversation

@iartemov-ledger
Copy link
Contributor

@iartemov-ledger iartemov-ledger commented Feb 24, 2026

Test run with physical Nano S (OS version 2.1.0)

  • receive with LW desktop
  • --backend ledgerwalet tests
pytest tests/test_sign_message.py  --capture=tee-sys --tb=short -v --device nanos --backend ledgerwallet
pytest tests/test_sign_psbt.py::test_sign_psbt_singlesig_pkh_1to1  --capture=tee-sys --tb=short -v --device nanos --backend ledgerwallet
pytest tests/test_register_wallet.py::test_register_wallet_accept_legacy  --capture=tee-sys --tb=short -v --device nanos --backend ledgerwallet

Sizes comparison

(make -C . -j DEBUG=0 COIN=bitcoin TARGET=nanos BOLOS_SDK=$NANOS_SDK)

Elf sections size before (nanos) branch:

section                  size
.text                   61525
.data                       0
.cx_ram                  1024
.bss                     1352

Elf sections sizes after:

section                  size
.text                   61525
.data                       0
.cx_ram                  1024
.bss                     1352

=> so no changes

CI test results

Call Ledger guidelines_enforcer / Dispatch check / Check APP_LOAD_PARAMS is expected to fail as we've removed Nano S and changed derivation paths parameters.

bigspider and others added 7 commits February 24, 2026 11:43
(cherry picked from commit 193ff56)
…ting prematurely for some PSBTs. Added explanatory comment

(cherry picked from commit aea89fd)
The function would cause a buffer overflow passed a buffer longer
than 32 bytes. This is not an issue today as it was only ever used
for a fixed short string (WALLET_SLIP0021_LABEL).

The workaround to copy into a local buffer is still needed, so we
defensively forbid longer strings.

(cherry picked from commit c63f73c)
…throw() SDK function

(cherry picked from commit e289daf)
- get_merkle_preimage failed to update the data_ptr pointer
- fpt_der_data_callback would read corrupted data if a zero-length
  chunk (or one starting with a very large varint that does not fit
  in the first chunk) is received.

(cherry picked from commit 0586ab2)
@iartemov-ledger iartemov-ledger changed the base branch from develop to nanos February 24, 2026 12:22
@iartemov-ledger iartemov-ledger marked this pull request as ready for review February 24, 2026 12:25
@ledger-wiz-cspm-secret-detection
Copy link

ledger-wiz-cspm-secret-detection bot commented Feb 24, 2026

Wiz Scan Summary

Scanner Findings
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations 1 High 5 Medium
SAST Finding SAST Findings -
Software Management Finding Software Management Findings -
Total 1 High 5 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request ports various bug fixes from the develop branch to the main branch, focusing on correctness, error handling, and infrastructure updates.

Changes:

  • Fixed multiple critical bugs in C code including memset argument error, buffer handling, and type mismatches
  • Updated Bitcoin RPC test calls from deprecated getwalletinfo() to getbalances() API
  • Pinned speculos to version 0.25.5 and updated build infrastructure to use CMake for Bitcoin Core

Reviewed changes

Copilot reviewed 19 out of 19 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
unit-tests/test_script.c Added test for 0x00 byte sequence push and fixed loop to test values 1-16 instead of 0-16
src/handler/sign_psbt/extract_bip32_derivation.c Fixed varint reading to single byte, corrected memmove offset calculation, added empty chunk handling
src/handler/sign_psbt.c Changed return value from -1 to 0 for invalid derivation path length (continue vs abort)
src/handler/register_wallet.c Added error handling for compute_wallet_hmac return value
src/handler/lib/psbt_parse_rawtx.c Fixed type mismatch (bool to int) and added buffer overflow check
src/handler/lib/policy.c Fixed memset bug (sizeof(memset) to sizeof(used))
src/handler/lib/get_merkle_preimage.c Refactored pointer calculation for clarity
src/crypto.c Added buffer length validation and proper 64-byte temporary buffer for SDK function
src/crypto.h Updated documentation to specify 32-byte label length limit
src/common/script.c Fixed condition to exclude 0 from non-minimal push check (only 1-16 need special opcodes)
tests/test_e2e_tapscripts.py Updated to use getbalances() instead of deprecated getwalletinfo()
tests/test_e2e_multisig.py Updated to use getbalances() instead of deprecated getwalletinfo()
tests/test_e2e_miniscript.py Updated to use getbalances() instead of deprecated getwalletinfo()
tests/conftest.py Changed bitcoind path from hardcoded to use PATH
tests/requirements.txt Pinned speculos to 0.25.5, removed from ragger extras
.github/workflows/builder-image-workflow.yml Updated checkout action to v4, changed tag to NanoS_Blue_baseline
.github/workflows/build_and_functional_tests.yml Added custom container image and test options configuration
.github/workflows/Dockerfile Updated to use speculos 0.25.5, switched from autotools to CMake for Bitcoin Core build
CHANGELOG.md Added entry for version 2.2.6

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +16 to +18
cmake -B build -DENABLE_IPC=OFF && \
cmake --build build && \
cmake --install build
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This Docker build stage clones the external repository https://github.com/bitcoin/bitcoin.git from an unpinned, mutable branch and then runs its CMake build and install steps via cmake -B build ..., cmake --build build, and cmake --install build. If the upstream repo or its CMake scripts are ever compromised, arbitrary code can execute during the GitHub Actions build and poison the published speculos-bitcoin image, potentially exfiltrating GITHUB_TOKEN or injecting backdoored binaries used in CI. To mitigate this supply-chain risk, pin the Bitcoin Core source to a specific commit or signed release and verify its integrity (e.g., via signatures or checksums) before building and installing it, instead of tracking the moving default branch.

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do it already in the develop branch, but I agree, something to do with it in another PR.

@iartemov-ledger iartemov-ledger changed the title Ported various bug fixes from the develop branch Ported various bug fixes from the develop branch to nanos branch Feb 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants