On 2021-11-14 14:15:25 +0100, Anton Gladky wrote: > well, I was thinking that upstream should request a CVE. Neverheless > I could not reproduce the issue with the modern GCC-versions. > Even on 32bit-systems.
I can still reproduce the segmentation fault under Debian/unstable. Simplified testcase: #include <stdio.h> #include <gmp.h> int main (void) { mpz_t s; mpz_init (s); mpz_inp_raw (s, stdin); return 0; } Compile with gcc -m32 and execute: printf 12345 | ./testcase Note that even if you don't get a segmentation fault, there may be other erratic behaviors, such as silent memory corruption (which may be even worse). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)