integer overflow in mpz/clear.c of GMP 5.1.3
marc.glisse at inria.fr
Fri Jan 17 14:46:11 UTC 2014
On Fri, 17 Jan 2014, Vincent Lefevre wrote:
> mpz/clear.c contains:
> (*__gmp_free_func) (PTR (m), ALLOC (m) * BYTES_PER_MP_LIMB);
> but both terms of the multiplication have int type.
> There's a missing cast to size_t.
> Other clear.c files may be affected by the same problem.
Makes sense (I haven't looked).
> BTW, I suggest that you test GMP with:
> ./configure CC=clang CFLAGS="-fsanitize=undefined -fno-sanitize-recover"
> There seem to be lots of bugs. :)
No there aren't. We already went through this with you a few months ago.
With the master branch, there are only 2 issues, and both are in the
testsuite, not the library (we should still fix those some day).
More information about the gmp-bugs