Memory error in function mpf_inp_str and mpf_set_str
Torbjorn Granlund
tg at swox.com
Wed Aug 13 16:22:08 CEST 2008
This was indeed a GMP bug.
The problem is a completely incorrect allocation in mpf_set_str (in
the file mpf/set_str), where the destination variable's precision was
used for an allocation that needed a size propotional to the string
size.
It is strange that this has not been triggered long ago.
Here is a patch:
Index: /home/tege/prec/gmp42/mpf/set_str.c
===================================================================
RCS file: /home/cvsfiles/gmp42/mpf/set_str.c,v
retrieving revision 1.4
diff -p -2 -r1.4 set_str.c
*** /home/tege/prec/gmp42/mpf/set_str.c 11 Dec 2007 04:10:11 -0000 1.4
--- /home/tege/prec/gmp42/mpf/set_str.c 13 Aug 2008 14:14:05 -0000
*************** mpf_set_str (mpf_ptr x, const char *str,
*** 250,254 ****
#endif
! ma = 2 * (prec + 1);
mp = TMP_ALLOC_LIMBS (ma);
mn = mpn_set_str (mp, (unsigned char *) begs, str_size, base);
--- 250,255 ----
#endif
! ma = (((mp_size_t) (str_size / mp_bases[base].chars_per_bit_exactly))
! / GMP_NUMB_BITS + 2);
mp = TMP_ALLOC_LIMBS (ma);
mn = mpn_set_str (mp, (unsigned char *) begs, str_size, base);
--
Torbjörn
More information about the gmp-bugs
mailing list