CVE-2026-23519: Rust Constant Time Bitnz Missing Black Box Barrier
The constant-time "is non-zero" bitwise idiom `(x | x.wrapping_neg()) >> N` produces a boolean-shaped (0 or 1) result. Without a `core::hint::black_box()` optimization barrier wrapping this expression itself, LLVM may rewrite downstream mask arithmetic into a conditional branch on targets without a conditional-move instruction (notably `thumbv6m-none-eabi` /
greprules fetch cve-2026-23519-rust-constant-time-bitnz-missing-black-box-barrier --engine opengrepDescription
The constant-time "is non-zero" bitwise idiom `(x | x.wrapping_neg()) >> N` produces a boolean-shaped (0 or 1) result. Without a `core::hint::black_box()` optimization barrier wrapping this expression itself, LLVM may rewrite downstream mask arithmetic into a conditional branch on targets without a conditional-move instruction (notably `thumbv6m-none-eabi` /
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.