Invalid read in mpz_powm_ui

Torbjorn Granlund tg at gmplib.org
Wed Dec 5 19:31:32 CET 2012


Zimmermann Paul <Paul.Zimmermann at loria.fr> writes:

  the following code gives with the development version of GMP and valgrind
  on a Core 2 (tested with the gmp-5.0.90-2012120 snapshot on
  core2-unknown-linux-gnu):
  
  ==5867== 1 errors in context 1 of 1:
  ==5867== Invalid read of size 8
  ==5867==    at 0x400CCA: __gmpz_powm_ui (in /tmp/a.out)
  ==5867==    by 0x4007C6: main (in /tmp/a.out)
  ==5867==  Address 0x51f1088 is 8 bytes before a block of size 8 alloc'd
  ==5867==    at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==5867==    by 0x414AF8: __gmp_default_allocate (in /tmp/a.out)
  ==5867==    by 0x400824: __gmpz_init (in /tmp/a.out)
  ==5867==    by 0x400783: main (in /tmp/a.out)
  
  We noticed this because we test GNU MPFR (and GNU MPC) against the mercurial
  version of GMP. The first broken build was on 2012-11-05 00:07:32, maybe this
  can help to isolate the issue.
  
This was a real bug, which happened since I suppressed code for handling
single-limb mod argument.

Thanks for the bug report!  A fix is in the repo (and will thus appear
in the next snapshot).

  PS: aren't the nightly builds of GMP tested against valgrind?
  
Nope.  Perhaps we should.  I ran it now, I and found 4 errors (including
yours).  Two of these have not yet been analysed, but one of these
unanalysed problems is related to code not yet used by any documented
interface.  The 4th error was harmless and due to how we do mpn_incr_u.
I implemented a simple workaround to silence valgrind.

-- 
Torbjörn


More information about the gmp-bugs mailing list