I have been using the Integer class for some big number operations and seem 
to have found a buffer overflow in at least the Integer::And routine, I 
have not yet inspected any more..

Extract from integer.cpp 

// This is a bit operation. We set sign to POSITIVE, so there's no need to
// worry about negative zero. Also see http://stackoverflow.com/q/11644362.
Integer Integer::And(const Integer& t) const
if (this == &t)
return AbsoluteValue();
else if (reg.size() >= t.reg.size())
Integer result(t);
AndWords(result.reg, reg, t.reg.size());

result.sign = POSITIVE;
return result;
else // reg.size() < t.reg.size()
Integer result(*this);
AndWords(result.reg, t.reg, reg.size());

result.sign = POSITIVE;
return result;

The issue is casued in the temporary result variable.  When result copies t 
or this in its constructor, it calculates the minimum size required to fit 
the current number in t or this.  If the top order bits of t or this have 
gone zero it will allocate less bytes than the size of t or this.  However 
the following AndWords routine performs a copy using the size of the 
original number, either t or this.  

Changing the value to result.reg.size() appears to fix the issue at least 
for my use case. 

Best Regards,


You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to