integer overflow in mpz/clear.c of GMP 5.1.3

Marc Glisse marc.glisse at
Fri Jan 17 14:46:11 UTC 2014

On Fri, 17 Jan 2014, Vincent Lefevre wrote:

> mpz/clear.c contains:
>  (*__gmp_free_func) (PTR (m), ALLOC (m) * BYTES_PER_MP_LIMB);
> but both terms of the multiplication have int type.
> There's a missing cast to size_t.
> Other clear.c files may be affected by the same problem.

Makes sense (I haven't looked).

> BTW, I suggest that you test GMP with:
>  ./configure CC=clang CFLAGS="-fsanitize=undefined -fno-sanitize-recover"
> There seem to be lots of bugs. :)

No there aren't. We already went through this with you a few months ago. 
With the master branch, there are only 2 issues, and both are in the 
testsuite, not the library (we should still fix those some day).

Marc Glisse

More information about the gmp-bugs mailing list