Uninitialized memory bug found in /mpn/generic/mod_1_1.c

Brett Kuntz kuntz at shaw.ca
Thu Aug 31 19:35:26 CEST 2023


I have dug deeper into understanding what happens with both versions (method 1 & 2). 

If the divisor has a high bit set, then pre[2] is not initialized inside mpn_mod_1_1p_cps(), but it is also not used inside mpn_mod_1_1p() as there are no leading zeroes. 

In the other scenario, if the high bit is set, pre[2] is set to its appropriate value, and it is used inside mpn_mod_1_1p(). 

Some commenting could be placed inside /mpn/generic/mod_1.c around lines 248 and 261, or pre[4] can be initialized to all 0's on both 248 & 261: mp_limb_t pre[4] = { 0 }; 

-Brett Kuntz 


From: "Vincent Lefevre" <vincent at vinc17.net> 
To: "marco bodrato" <marco.bodrato at tutanota.com> 
Cc: "Brett Kuntz" <kuntz at shaw.ca>, gmp-bugs at gmplib.org 
Sent: Thursday, August 31, 2023 11:06:51 AM 
Subject: Re: Uninitialized memory bug found in /mpn/generic/mod_1_1.c 

On 2023-08-31 17:03:12 +0200, marco.bodrato at tutanota.com wrote: 
> Ciao, 
> 
> 31 ago 2023, 16:30 da kuntz at shaw.ca: 
> 
> > 1) Edit line 248 mpn/generic/mp_limb_t pre[4]; into: 
> > 
> ~/src/gmp$ hg diff mpn/generic/ 
> diff -r 3ac5afa36be5 mpn/generic/mod_1.c 
> --- a/mpn/generic/mod_1.c Wed Nov 02 13:48:37 2022 +0100 
> +++ b/mpn/generic/mod_1.c Thu Aug 31 16:46:35 2023 +0200 
> @@ -245,7 +245,7 @@ 
> } 
> else 
> { 
> - mp_limb_t pre[4]; 
> + mp_limb_t pre[4] = {-1, -1, -1, -1}; 
> mpn_mod_1_1p_cps (pre, b); 
> return mpn_mod_1_1p (ap, n, b, pre); 
> } 
> 

I don't think that this is sufficient for the test. 
The code Brett mentioned is for MOD_1_1P_METHOD = 2. 
So, in mpn/generic/mod_1_1.c, I also changed 

# define MOD_1_1P_METHOD 1 /* need to make sure this is 2 for asm testing */ 

to 

# define MOD_1_1P_METHOD 2 /* need to make sure this is 2 for asm testing */ 

and at the beginning of 

mpn_mod_1_1p (mp_srcptr ap, mp_size_t n, mp_limb_t b, const mp_limb_t bmodb[4]) 

I added 

ASSERT (bmodb[2] != -1); 

(if bmodb[2] is not set, this would fail). 

Then I configured with 

./configure --disable-assembly --enable-assert 

to enable the code and the assert, then "make" and "make check". 

But even with that, I don't get any failure. 

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/> 
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) 


More information about the gmp-bugs mailing list