Uninitialized memory bug found in /mpn/generic/mod_1_1.c
Torbjörn Granlund
tg at gmplib.org
Thu Aug 31 16:36:53 CEST 2023
Brett Kuntz <kuntz at shaw.ca> writes:
Go to line 248 inside mpn/generic/mod_1.c
mp_limb_t pre[4];
There is no such thing on an unedited version of GMP 6.3, not on line
248 not anyplace else in that file.
mpn_mod_1_1p_cps (pre, b);
Only initializes pre[0], pre[1], and pre[3]. ***NOT*** pre[2].
Your point?
The final line:
return mpn_mod_1_1p (ap, n, b, pre);
Reads from pre[2] erroneously and gives incorrect results if your
stack memory has anything other than a 0 there.
That line does not read any elements from pre[]. You have misunderstood
the semantics of C.
But if you actually claim that an unedited GMP has a bug here, please
construct a test case which uses documented interfaces, and which
demonstrates the claimed bug.
1) Edit line 248 mpn/generic/mp_limb_t pre[4]; into:
There is no file with that name.
mp_limb_t pre[4] = { -1, -1, -1, -1 };
2) Recompile GMP.
3) Use the mpn_mod_1() function as described on the following page and
you will now get incorrect results:
It is clear that you have not tried that yourself.
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-bugs
mailing list