From 1c31934c8294fec086bcfcd43479a3a399234ff7 Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Mon, 12 Dec 2011 14:57:16 -0800 Subject: * mpi-patches/fix-mult-bug: One more flaw discovered in s_mp_mul_d and added to patch. This one caused malloc corruption and crashes, because the incorrect arithmetic causes the function to think that the multiplication will not be needing another digit, but then there is a carry out which does spill into a new digit. * mpi-patches/series: Arg! Somehow the patch fix-bad-shift went missing from the series file, even though the patch itself is in the GIT repository. --- ChangeLog | 13 +++++++++++++ mpi-patches/fix-mult-bug | 13 +++++++++++-- mpi-patches/series | 1 + 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3fb46a0..c695c92c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2011-12-12 Kaz Kylheku + + * mpi-patches/fix-mult-bug: One more flaw discovered in + s_mp_mul_d and added to patch. This one caused malloc corruption and + crashes, because the incorrect arithmetic causes the function + to think that the multiplication will not be needing another + digit, but then there is a carry out which does spill into + a new digit. + + * mpi-patches/series: Arg! Somehow the patch fix-bad-shift + went missing from the series file, even though the patch + itself is in the GIT repository. + 2011-12-06 Kaz Kylheku Version 047 diff --git a/mpi-patches/fix-mult-bug b/mpi-patches/fix-mult-bug index bb8b0f0d..78bc59b1 100644 --- a/mpi-patches/fix-mult-bug +++ b/mpi-patches/fix-mult-bug @@ -1,7 +1,16 @@ Index: mpi-1.8.6/mpi.c =================================================================== ---- mpi-1.8.6.orig/mpi.c 2011-12-10 19:41:00.000000000 -0800 -+++ mpi-1.8.6/mpi.c 2011-12-10 19:43:09.000000000 -0800 +--- mpi-1.8.6.orig/mpi.c 2011-12-10 19:43:20.000000000 -0800 ++++ mpi-1.8.6/mpi.c 2011-12-12 14:31:12.000000000 -0800 +@@ -3255,7 +3255,7 @@ + unless absolutely necessary. + */ + max = USED(a); +- w = dp[max - 1] * d; ++ w = dp[max - 1] * (mp_word) d; + if(CARRYOUT(w) != 0) { + if((res = s_mp_pad(a, max + 1)) != MP_OKAY) + return res; @@ -3263,7 +3263,7 @@ } diff --git a/mpi-patches/series b/mpi-patches/series index 65556a57..5a4854d0 100644 --- a/mpi-patches/series +++ b/mpi-patches/series @@ -8,3 +8,4 @@ add-mpi-toradix-with-case fix-mult-bug mpi-set-mpi-word mpi-set-double-intptr +fix-bad-shifts -- cgit v1.2.3