out-of-bound write
Zimmermann Paul
Paul.Zimmermann at inria.fr
Mon Dec 16 22:23:37 UTC 2013
Hi again,
it would make sense that mpn_set_str requires that the space allocated at RP
contains at least:
a = the exact number of limbs needed to store the input number,
or b = the number of limbs needed to store the maximal possible input number
of base BASE with STRSIZE chars, i.e., BASE^STRSIZE-1,
where of course a <= b.
The bug is that in some cases, the required space is even b + 1!
For example on a 64-bit computer with BASE=3 and STRSIZE=1815 limbs,
mpn_set_str might require up to 46 limbs, whereas 3^1815-1 has 45 limbs only.
As a consequence, it is not possible to know how much space needs to be
allocated at RP before calling mpn_set_str.
Paul
More information about the gmp-bugs
mailing list