Hi, I'm new to MPIR, and really am just playing around/familiarising myself with what it can do at the moment. My program produced an AV when calling mpz_powm with large exp and mod parameters. This seems to be due to a miscalculation of a buffer size in , which has gone over 2^32 and so been truncated, resulted in a buffer smaller than expected by the subsequent MPIR code.
Here are the environment details: - MPIR version 3.0.0 (no patches/customisations) - OS: Windows 10 - MPIR build: dll_mpir_gc\win32\debug - compiler: VC15 - MPIR build and test suite ran ok Here is a summary of what led to the AV: - My code calls mpz_powm, which calls mpn_powm - At powm.c (line 224) there is a temp allocation for some limbs: pp = TMP_ALLOC_LIMBS (n << (windowsize - 1)); In my program the values here are: n = 0x0024d3d9 windowsize = 10 limb size = 4 bytes so this is trying to allocate (0x0024d3d9 << 9) * 4 = 0x1269ec800 bytes, which due to 32-bit overflow results in a request for only 0x269ec800 bytes. The access violation occurs when the following loop (incrementing this_pp etc.) gets around to trying to update beyond the end of the pp buffer, which is shorter than expected... [Details probably not important, but here is the stack trace at the time of the AV... mpir.dll!__gmpn_sub_n(unsigned long * rp, const unsigned long * up, const unsigned long * vp, long n) Line 47 C Symbols loaded. mpir.dll!__gmpn_redc_n(unsigned long * rp, unsigned long * up, const unsigned long * mp, long n, const unsigned long * ip) Line 76 C Symbols loaded. > mpir.dll!__gmpn_powm(unsigned long * rp, const unsigned long * bp, long > bn, const unsigned long * ep, long en, const unsigned long * mp, long n, > unsigned long * tp) Line 258 C Symbols loaded. mpir.dll!__gmpz_powm(__mpz_struct * r, const __mpz_struct * b, const __mpz_struct * e, const __mpz_struct * m) Line 192 C Symbols loaded. TestMpir1.exe!NPFO1(const __mpz_struct * p) Line 190 C++ Symbols loaded. ] We could say that my call to mpz_powm was "optimistic" given the operand sizes, but still if the operands were too big it should fail somehow *deterministically*, rather than AV... (or better, run correctly for a very long time!) Please let me know if you need more info etc.. Regards, Mike. -- You received this message because you are subscribed to the Google Groups "mpir-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to mpir-devel+unsubscr...@googlegroups.com. To post to this group, send email to mpir-devel@googlegroups.com. Visit this group at https://groups.google.com/group/mpir-devel. For more options, visit https://groups.google.com/d/optout.