Module Name: src Committed By: mrg Date: Mon Nov 29 03:57:22 UTC 2021
Modified Files: src/external/lgpl3/gmp/dist/mpz: inp_raw.c Log Message: gmp: pullover fixes for https://nvd.nist.gov/vuln/detail/CVE-2021-43618 changeset 18135:561a9c25298e mpz/inp_raw.c: Avoid bit size overflows author Marco Bodrato <bodr...@mail.dm.unipi.it> XXX: pullup-8, pullup-9 To generate a diff of this commit: cvs rdiff -u -r1.1.1.4 -r1.2 src/external/lgpl3/gmp/dist/mpz/inp_raw.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/lgpl3/gmp/dist/mpz/inp_raw.c diff -u src/external/lgpl3/gmp/dist/mpz/inp_raw.c:1.1.1.4 src/external/lgpl3/gmp/dist/mpz/inp_raw.c:1.2 --- src/external/lgpl3/gmp/dist/mpz/inp_raw.c:1.1.1.4 Sun Sep 27 00:27:05 2020 +++ src/external/lgpl3/gmp/dist/mpz/inp_raw.c Mon Nov 29 03:57:22 2021 @@ -88,8 +88,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp) abs_csize = ABS (csize); + if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8)) + return 0; /* Bit size overflows */ + /* round up to a multiple of limbs */ - abs_xsize = BITS_TO_LIMBS (abs_csize*8); + abs_xsize = BITS_TO_LIMBS ((mp_bitcnt_t) abs_csize * 8); if (abs_xsize != 0) {