out-of-bound write

Thu Dec 19 01:12:05 UTC 2013

On 2013-12-18 18:34:29 +0100, Torbjorn Granlund wrote:
> Vincent Lefevre <vincent at vinc17.net> writes:
>   Is this true? In Paul's example (16 Dec 2013 17:52:52 +0100),
>   str has no leading zeros, but the byte after the most significant
>   non-zero byte of rp has been set to 0.
> 
> It is true, I think.  The allocation >= the actual size, where the
> actual size is the function return value.

OK, I now understand. But...

> Current text:
> 
> 
> @deftypefun mp_size_t mpn_set_str (mp_limb_t *@var{rp}, const unsigned char *@var{str}, size_t @var{strsize}, int @var{base})
> Convert bytes @{@var{str}, at var{strsize}@} in the given @var{base} to limbs at
> @var{rp}.
> 
> @math{@var{str}[0]} is the most significant byte and
> @math{@var{str}[@var{strsize}-1]} is the least significant.  Each byte should
> be a value in the range 0 to @math{@var{base}-1}, not an ASCII character.
> @var{base} can vary from 2 to 256.
> 
> The area at @var{rp} has to have space for the largest possible number with
> @var{strsize} digits in the chosen base, plus one extra limb.
> 
> The return value is the number of valid limbs written to @var{rp}.

It took me some time to understand that, i.e. that in addition to
valid limbs, other (invalid) limbs may also be written. I wonder
what the other users think about that...

> If the input string had no leading zeros, the value at rp will also
> have no leading zeros. Note that this does not affect the @var{rp}
> allocation requirements.
> 
> If the most significant input byte is zero then there may be high zero limbs
> written to @var{rp} and included in the return value.
> 
> @var{strsize} must be at least 1, and no overlap is permitted between
> @{@var{str}, at var{strsize}@} and the result at @var{rp}.

The way it is said above, it seems that overlap is allowed between
*invalid* limbs of the allocated space (i.e. not part of the result
at @var{rp}) and @{@var{str}, at var{strsize}@}. Is this the case?

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)