integer overflow yields incorrect results and buffer overflow on 64-bit machines
Torbjorn Granlund
tg at swox.com
Wed Feb 27 18:19:39 CET 2008
A non-text attachment was scrubbed...
Name: foo
Type: application/octet-stream
Size: 2598 bytes
Desc: not available
Url : http://gmplib.org/list-archives/gmp-bugs/attachments/20080227/fc4f31b4/attachment.obj
-------------- next part --------------
I am not sure this will catch all cases for things like mpz_mul_2exp,
mpz_ui_pow_ui, and mpz_pow_ui, where the allocation calculations might
overflow before mpz_realloc is reached. (Such overflows might be
harder to detect quickly for 32-bit machines, since the allocation
calculation type, size_t, has just one bit more than int there.)
--
Torbj?rn
More information about the gmp-bugs
mailing list