integer overflow yields incorrect results and buffer overflow on 64-bit machines

Torbjorn Granlund tg at
Wed Feb 27 18:19:39 CET 2008

A non-text attachment was scrubbed...
Name: foo
Type: application/octet-stream
Size: 2598 bytes
Desc: not available
Url : 
-------------- next part --------------

I am not sure this will catch all cases for things like mpz_mul_2exp,
mpz_ui_pow_ui, and mpz_pow_ui, where the allocation calculations might
overflow before mpz_realloc is reached.  (Such overflows might be
harder to detect quickly for 32-bit machines, since the allocation
calculation type, size_t, has just one bit more than int there.)


More information about the gmp-bugs mailing list