gmp-4.1.2 assertion failure

Jason jasonmoxham at btclick.com
Wed Feb 11 14:30:50 CET 2004


On Wednesday 11 Feb 2004 1:51 pm, Jason wrote:
> on linux athlon gcc-3.2.3
> ./configure --enable-assert --disable-shared
> make
> gcc -Wall -W jay1.c .libs/libgmp.a
> ./a.out
>
> we get
>
> n_pow_ui.c:468: GNU MP assertion failed: 2*(rsize) <= (talloc)
>
> note need a lot of mem for this not to segfault
>
> the "cause" is integer overflow at line 359 in n_pow_ui.c
>
> ralloc = (bsize*GMP_NUMB_BITS - cnt + GMP_NAIL_BITS) * e / GMP_NUMB_BITS +
> 5;
>
> as you can guess this is the bug I was really looking for
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> #define WANT_ASSERT 1
> #include "gmp.h"
>
>
> int	main(int argc,char *argv[])
> {mpz_t y,z;
>
> mpz_init(y);
> mpz_init(z);
>
> mpz_set_ui(y,120);
> mpz_mul_2exp(y,y,11);
> mpz_add_ui(y,y,1);
>
> mpz_pow_ui(z,y,300000000);
>
>
> return 0;}



changing line 359 in mpz/n_pow_ui.c to

 ralloc = bsize*e - ((cnt - GMP_NAIL_BITS) * e) / GMP_NUMB_BITS + 5;

give us the proper out of mem error

note this still may not be correct for all cases as
perhaps (cnt-GMP_NAIL_BITS)*e or bsize*e could overflow ?




More information about the gmp-bugs mailing list