Reporting a gmp bug
jy l
linjy0410 at gmail.com
Wed Oct 26 12:06:51 CEST 2022
Dear developers/maintainers,
Hope this email finds you well!
I'm writing to report a crash we met while using libgmp. The POC looks like
this:
```
mpz_t n;
mpz_init(n);
mpz_fac_ui(n, 0x10006f);
mpz_t n2;
mpz_init(n2);
mpz_nextprime(n2, n);
```
It seems like in `mpz_nextprime` this line (
https://gmplib.org/repo/gmp/file/tip/mpz/nextprime.c#l204), when `n` is
very large, it doesn't restrict the value of `odds_in_composite_sieve`
which leads to the `alloca` below crash and might cause more buffer
overflow.
Could you please help us to verify this bug? Looking forward to your reply,
thanks!
Best regards,
Jiayi Lin
More information about the gmp-bugs
mailing list