749f35f705
malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/gmp?expand=0&rev=91
26 lines
713 B
Diff
26 lines
713 B
Diff
|
|
# HG changeset patch
|
|
# User Marco Bodrato <bodrato@mail.dm.unipi.it>
|
|
# Date 1634836009 -7200
|
|
# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
|
|
# Parent e1fd9db13b475209a864577237ea4b9105b3e96e
|
|
mpz/inp_raw.c: Avoid bit size overflows
|
|
|
|
diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
|
|
--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
|
|
+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
|
|
@@ -88,8 +88,11 @@
|
|
|
|
abs_csize = ABS (csize);
|
|
|
|
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
|
|
+ return 0; /* Bit size overflows */
|
|
+
|
|
/* round up to a multiple of limbs */
|
|
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
|
|
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
|
|
|
|
if (abs_xsize != 0)
|
|
{
|
|
|