fix: apply security audit results

README.md

@@ -17,7 +17,7 @@ There are currently four different crates:
 
 
 - [**Filecoin Proofs (`filecoin-proofs`)**](./filecoin-proofs)
-  A wrapper around `storage-proofs`, providing an FFI-exported API callable from C (and in practice called by [go-filecoin](https://github.com/filecoin-project/go-filecoin') via cgo). Filecoin-specific values of setup parameters are included here, and circuit parameters generated by Filecoin’s (future) trusted setup will also live here.
+  A wrapper around `storage-proofs`, providing an FFI-exported API callable from C (and in practice called by [go-filecoin](https://github.com/filecoin-project/go-filecoin) via cgo). Filecoin-specific values of setup parameters are included here, and circuit parameters generated by Filecoin’s (future) trusted setup will also live here.
 
 
     ![FPS crate dependencies](/img/fps-dependencies.png?raw=true)
@@ -81,23 +81,19 @@ Running them
 > cargo bench --all
 ```
 
-To benchmark the examples you can [bencher](src/bin/bencher.rs).
+To benchmark the examples you can use [benchy](src/bin/benchy/main.rs), [stacked](src/bin/benchy/stacked.rs), [prodbench](src/bin/benchy/prodbench.rs), [merkleproofs](src/bin/benchy/merkleproofs.rs], [winning_post](src/bin/benchy/winning_post.rs), or [window_post](src/bin/benchy/window_post.rs).
 
 ```
 # build the script
 > cargo build
 # run the benchmarks
-> ./target/debug/bencher
+> ./target/release/benchy
 ```
 
-The results are written into the `.bencher` directory, as JSON files. The benchmarks are controlled through the [bench.config.toml](bench.config.toml) file.
+The results are displyed at the command line, or alternatively written as JSON files.
 
 Note: On macOS you need `gtime` (`brew install gnu-time`), as the built in `time` command is not enough.
 
-## Profiling
-
-For development purposes we have an (experimental) support for CPU and memory profiling in Rust through a [`gperftools`](https://github.com/dignifiedquire/rust-gperftools) binding library. These can be enabled though the `cpu-profile` and `heap-profile` features in `filecoin-proofs`. An example setup can be found in this [`Dockerfile`](./Dockerfile-profile) to profile CPU usage for the [`stacked`](https://github.com/filecoin-project/rust-fil-proofs/blob/master/filecoin-proofs/examples/stacked.rs#L40-L61) example.
-
 ## Logging
 
 For better logging with backtraces on errors, developers should use `expects` rather than `expect` on `Result<T, E>` and `Option<T>`.
@@ -277,15 +273,13 @@ The **FPS** is accessed from [**go-filecoin**](https://github.com/filecoin-proje
  The Rust source code serves as the source of truth defining the **FPS** APIs. View the source directly:
 
 - [**filecoin-proofs**](https://github.com/filecoin-project/rust-fil-proofs/blob/master/filecoin-proofs/src/api/mod.rs)
-- [**sector-base**](https://github.com/filecoin-project/rust-fil-proofs/blob/master/sector-base/README.md#api-reference).
+- [**filecoin-proofs-api**](https://github.com/filecoin-project/rust-filecoin-proofs-api).
 
 
 Or better, generate the documentation locally (until repository is public). Follow the instructions to generate documentation above. Then navigate to:
-- **Sector Base API:** `…/rust-fil-proofs/target/doc/sector_base/api/index.html`
 - **Filecoin Proofs API:** `…/rust-fil-proofs/target/doc/filecoin_proofs/api/index.html`
 
-- [Go implementation of filecoin-proofs sectorbuilder API](https://github.com/filecoin-project/go-filecoin/blob/master/proofs/sectorbuilder/rustsectorbuilder.go) and [associated interface structures](https://github.com/filecoin-project/go-filecoin/blob/master/proofs/sectorbuilder/interface.go).
-- [Go implementation of filecoin-proofs verifier API](https://github.com/filecoin-project/go-filecoin/blob/master/proofs/rustverifier.go) and [associated interface structures](https://github.com/filecoin-project/go-filecoin/blob/master/proofs/interface.go).
+- [Go implementation of filecoin-proofs sectorbuilder API](https://github.com/filecoin-project/go-sectorbuilder/blob/master/sectorbuilder.go) and [associated interface structures](https://github.com/filecoin-project/go-sectorbuilder/blob/master/interface.go).
 
 
 ## Contributing

storage-proofs/core/src/crypto/feistel.rs

@@ -222,7 +222,7 @@ mod tests {
                 // Since every element in the set is reversibly mapped to another element also in the set,
                 // this is indeed a permutation.
                 assert_eq!(i, v, "failed to permute");
-                assert!(p <= *n, "output number is too big");
+                assert!(p < *n, "output number is too big");
             }
         }
     }

storage-proofs/core/src/sector.rs

@@ -40,8 +40,8 @@ impl fmt::Display for SectorId {
 }
 
 impl SectorId {
-    pub fn as_fr_safe(self) -> [u8; 31] {
-        let mut buf: [u8; 31] = [0; 31];
+    pub fn as_fr_safe(self) -> [u8; 32] {
+        let mut buf: [u8; 32] = [0; 32];
         byteorder::LittleEndian::write_u64(&mut buf[0..8], self.0);
         buf
     }