[PATCH v2] mceliece6688128f: fix stack overflow crash on win64/wine

Sat, 27 Sep 2025 00:13:21 -0700 

* cipher/mceliece6688128f.c (pk_gen): Remove 'mat' array allocation and
rename function to ...
(pk_gen_mat): ... this.
(pk_gen): New wrapper for 'pk_gen_mat' with dynamic allocation of 'mat'
array.
--

Huge array allocations from stack are not always guaranteed to work on
every target platform, so avoid allocating multi-megabyte 'mat' array
from stack.

v2: zero 'mat' array after use.

Signed-off-by: Jussi Kivilinna <[email protected]>
---
 cipher/mceliece6688128f.c | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/cipher/mceliece6688128f.c b/cipher/mceliece6688128f.c
index ca1952b5..bdc7f265 100644
--- a/cipher/mceliece6688128f.c
+++ b/cipher/mceliece6688128f.c
@@ -3315,16 +3315,15 @@ static int mov_columns(uint64_t mat[][ (SYS_N + 63) / 
64 ], int16_t * pi, uint64
        return 0;
 }
 
-static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * 
perm, int16_t * pi, uint64_t * pivots)
-{
-       const int nblocks_H = (SYS_N + 63) / 64;
-       const int nblocks_I = (PK_NROWS + 63) / 64;
+#define nblocks_H ((SYS_N + 63) / 64)
+#define nblocks_I ((PK_NROWS + 63) / 64)
 
+static int pk_gen_mat(unsigned char * pk, const unsigned char * irr, uint32_t 
* perm, int16_t * pi, uint64_t * pivots,
+                     uint64_t mat[ PK_NROWS ][ nblocks_H ])
+{
        int i, j, k;
        int row, c;
 
-       uint64_t mat[ PK_NROWS ][ nblocks_H ];
-
        uint64_t mask;
 
        vec irr_int[2][ GFBITS ];
@@ -3460,6 +3459,18 @@ static int pk_gen(unsigned char * pk, const unsigned 
char * irr, uint32_t * perm
 }
 
 
+static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * 
perm, int16_t * pi, uint64_t * pivots)
+{
+       /* Allocate large array from heap to avoid stack overflow crash on 
Win32/Wine. */
+       unsigned int sizeof_mat = sizeof(uint64_t) * PK_NROWS * nblocks_H;
+       void *mat = xmalloc(sizeof_mat);
+       int ret = pk_gen_mat(pk, irr, perm, pi, pivots, mat);
+       wipememory(mat, sizeof_mat);
+       xfree(mat);
+       return ret;
+}
+
+
 /* from libmceliece-20230612/crypto_kem/6688128f/vec/sk_gen.c */
 /*
   This file is for secret-key generation
-- 
2.48.1


_______________________________________________
Gcrypt-devel mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Reply via email to