integer overflow in mpn/get_d.c from GMP 5.1.2
Vincent Lefevre
vincent at vinc17.net
Fri Sep 20 15:05:11 CEST 2013
In GMP 5.1.2, there's an integer overflow in mpn/get_d.c:
if (UNLIKELY ((unsigned long) (GMP_NUMB_BITS * size)
> (unsigned long) (LONG_MAX - exp)))
It should be replaced by:
if (UNLIKELY ((unsigned long) (GMP_NUMB_BITS * size)
> (unsigned long) LONG_MAX - exp))
This integer overflow triggers the following failure
mpn_get_d wrong on denorm
n=1
exp -1020
sign 0
got =[00 00 00 00 00 00 F0 7F] inf
want =[00 00 00 00 00 00 30 00] 8.9002954340288055324e-308
Aborted (core dumped)
FAIL: t-get_d
with
gcc (Debian 20130917-1) 4.9.0 20130917 (experimental) [trunk revision 202647]
GNU MP config.status 5.1.2
configured by ./configure, generated by GNU Autoconf 2.69,
with options "'--disable-shared' 'CC=gcc-snapshot' 'CFLAGS=-march=native -O3 -flto=jobserve -fuse-linker-plugin'"
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the gmp-bugs
mailing list