integer overflow yields incorrect results and buffer overflow on 64-bit machines

Torbjorn Granlund tg at swox.com
Wed Feb 27 18:19:39 CET 2008


A non-text attachment was scrubbed...
Name: foo
Type: application/octet-stream
Size: 2598 bytes
Desc: not available
Url : http://gmplib.org/list-archives/gmp-bugs/attachments/20080227/fc4f31b4/attachment.obj 
-------------- next part --------------

I am not sure this will catch all cases for things like mpz_mul_2exp,
mpz_ui_pow_ui, and mpz_pow_ui, where the allocation calculations might
overflow before mpz_realloc is reached.  (Such overflows might be
harder to detect quickly for 32-bit machines, since the allocation
calculation type, size_t, has just one bit more than int there.)

-- 
Torbj?rn


More information about the gmp-bugs mailing list