Ciao,
Il 2022-10-26 13:40 ni...@lysator.liu.se ha scritto:
jy l writes:
It seems like in `mpz_nextprime` this line (
https://gmplib.org/repo/gmp/file/tip/mpz/nextprime.c#l204), when `n`
is
very large, it doesn't restrict the value of `odds_in_composite_sieve`
which leads to the `alloca`
jy l writes:
> It seems like in `mpz_nextprime` this line (
> https://gmplib.org/repo/gmp/file/tip/mpz/nextprime.c#l204), when `n` is
> very large, it doesn't restrict the value of `odds_in_composite_sieve`
> which leads to the `alloca` below crash and might cause more buffer
> overflow.
I
Dear developers/maintainers,
Hope this email finds you well!
I'm writing to report a crash we met while using libgmp. The POC looks like
this:
```
mpz_t n;
mpz_init(n);
mpz_fac_ui(n, 0x10006f);
mpz_t n2;
mpz_init(n2);
mpz_nextprime(n2, n);
```
It seems like in `mpz_nextprime` this line (