Uninitialized memory bug found in /mpn/generic/mod_1_1.c
marco.bodrato at tutanota.com
marco.bodrato at tutanota.com
Thu Aug 31 17:03:12 CEST 2023
Ciao,
31 ago 2023, 16:30 da kuntz at shaw.ca:
> 1) Edit line 248 mpn/generic/mp_limb_t pre[4]; into:
>
~/src/gmp$ hg diff mpn/generic/
diff -r 3ac5afa36be5 mpn/generic/mod_1.c
--- a/mpn/generic/mod_1.c Wed Nov 02 13:48:37 2022 +0100
+++ b/mpn/generic/mod_1.c Thu Aug 31 16:46:35 2023 +0200
@@ -245,7 +245,7 @@
}
else
{
- mp_limb_t pre[4];
+ mp_limb_t pre[4] = {-1, -1, -1, -1};
mpn_mod_1_1p_cps (pre, b);
return mpn_mod_1_1p (ap, n, b, pre);
}
> 2) Recompile GMP.
>
~/src/gmp$ mkdir testbuild; (cd testbuild/;../configure&&make) >/dev/null
> 3) Use the mpn_mod_1() function as described on the following page and you will now get incorrect results:
>
~/src/gmp$ (cd testbuild/;make TESTS="t-mod_1" check -C tests/mpn; )|tail -n 15
PASS: t-mod_1
============================================================================
Testsuite summary for GNU MP 6.2.99
============================================================================
# TOTAL: 1
# PASS: 1
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
Even the modified library passes the tests.
Sorry, I'm not able to reproduce your bug report, not even with an arbitrarily modified source code.
~/src/gmp$ hg revert mpn/generic/
sto ripristinando mpn/generic/mod_1.c
I'd say that when the limb you are looking at is not initialized, then a function not using it is called.
I'd suggest: when reading mpn/generic/mod_1_1.c, pay attention to #if and #endif .
Ĝis,
Marco
More information about the gmp-bugs
mailing list