tg at gmplib.org
Mon Dec 16 18:29:53 UTC 2013
Zimmermann Paul <Paul.Zimmermann at inria.fr> writes:
the following program with GMP 5.1.3 exhibits an out-of-bound write on a
32-bit computer (or on a 64-bit computer with ABI=32). Indeed the input
number 19^3134+14 has exactly 417 digits in base 2^32, thus rp should
not be written to, but it is:
Thanks for this bug report!
I took a look at the documentation and the code.
While the documentation is very imprecise about the space requirements,
it seems to promise some maximum needs for normalised input strings (in
the sense of absence of leading zeros) but using ambiguous wording. For
other cases there are no promises. The documentation needs to be
The sub-quadratic code of mpn_set_str makes no effort at making sure a
most significant 0-limb is not written. It is indeed clear that it is
aware if that that might happen, since it adjusts the size
It is not clear that we should treat this as a bug in the
implementation. It might be seen as a documentation bug.
Please encrypt, key id 0xC8601622
"Many conspiracy theories are made up by a government. The purpose
is to undermine public acceptance of true conspiracy theories."
More information about the gmp-bugs