Module Name: src
Committed By: mrg
Date: Mon Nov 29 03:57:22 UTC 2021
Modified Files:
src/external/lgpl3/gmp/dist/mpz: inp_raw.c
Log Message:
gmp: pullover fixes for https://nvd.nist.gov/vuln/detail/CVE-2021-43618
changeset 18135:561a9c25298e
mpz/inp_raw.c: Avoid bit size overflows
author Marco Bodrato <bodr...@mail.dm.unipi.it>
XXX: pullup-8, pullup-9
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/lgpl3/gmp/dist/mpz/inp_raw.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/lgpl3/gmp/dist/mpz/inp_raw.c
diff -u src/external/lgpl3/gmp/dist/mpz/inp_raw.c:1.1.1.4 src/external/lgpl3/gmp/dist/mpz/inp_raw.c:1.2
--- src/external/lgpl3/gmp/dist/mpz/inp_raw.c:1.1.1.4 Sun Sep 27 00:27:05 2020
+++ src/external/lgpl3/gmp/dist/mpz/inp_raw.c Mon Nov 29 03:57:22 2021
@@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
abs_csize = ABS (csize);
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+ return 0; /* Bit size overflows */
+
/* round up to a multiple of limbs */
- abs_xsize = BITS_TO_LIMBS (abs_csize*8);
+ abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8);
if (abs_xsize != 0)
{
