integer overflow yields incorrect results and buffer overflow on 64-bit machines
Vincent Lefevre
vincent at vinc17.org
Thu Feb 28 10:30:01 CET 2008
On 2008-02-27 18:19:39 +0100, Torbjorn Granlund wrote:
> What do you think of this change?
Seems OK.
> I am not sure this will catch all cases for things like mpz_mul_2exp,
I don't think there's a possible overflow in mpz_mul_2exp, because
of the division by GMP_NUMB_BITS and because abs_usize fits on 31
bits.
> mpz_ui_pow_ui, and mpz_pow_ui, where the allocation calculations
> might overflow before mpz_realloc is reached.
However there's a possible overflow in n_pow_ui.c.
--
Vincent Lefèvre <vincent at vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
More information about the gmp-bugs
mailing list