New failures related to recent developments

Niels Möller nisse at
Tue Feb 28 11:15:06 CET 2012

Torbjorn Granlund <tg at> writes:

> This is a (partial?) patch.  It seems to fix the present problem.
> +   rp = MPZ_REALLOC (r, an + 1);
> + 
> +   ap = a->_mp_d;
> +   bp = b->_mp_d;
> + 
>     if (an < bn)
>       MPN_PTR_SWAP (ap, an, bp, bn);
>     cy = mpn_add (rp, ap, an, bp, bn);
>     rp[an] = cy;

I think this fix to mpz_abs_add is almost right, but the realloc must
use a size MAX(an, bn) + 1. Maybe it ought to be reorganized a bit,
eliminating the ap, bp pointers and the swapping. Something like

   rn = GMP_MAX (an, bn);
   rp = MPZ_REALLOC (r, rn + 1);

   if (an < bn)
     cy = mpn_add (rp, b->_mp_d, bn, a->_mp_d, an);
     cy = mpn_add (rp, a->_mp_d, an, b->_mp_d, bn);

   if (cy > 0)
     rp[rn++] = cy;
Will you commit these fixes, or do you want me to do that?

I have found the same four direct MPZ_REALLOC problems when reviewing
the code: mpz_abs_add, mpz_and, mpz_ior and mpz_xor. Then I have loooked
for functions which use cached pointers over a call to a function using
MPZ_REALLOC. But I didn't find any problems of that type.

There are couple of additional pointers cached over an MPZ_REALLOC of a
temporary, but that shouldn't be a problem since the temporary never
overlaps anything else.


Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

More information about the gmp-devel mailing list