Hello,

I have been using the Integer class for some big number operations and seem 
to have found a buffer overflow in at least the Integer::And routine, I 
have not yet inspected any more..

Extract from integer.cpp 

// This is a bit operation. We set sign to POSITIVE, so there's no need to
// worry about negative zero. Also see http://stackoverflow.com/q/11644362.
Integer Integer::And(const Integer& t) const
{
if (this == &t)
{
return AbsoluteValue();
}
else if (reg.size() >= t.reg.size())
{
Integer result(t);
AndWords(result.reg, reg, t.reg.size());

result.sign = POSITIVE;
return result;
}
else // reg.size() < t.reg.size()
{
Integer result(*this);
AndWords(result.reg, t.reg, reg.size());

result.sign = POSITIVE;
return result;
}
}

The issue is casued in the temporary result variable.  When result copies t 
or this in its constructor, it calculates the minimum size required to fit 
the current number in t or this.  If the top order bits of t or this have 
gone zero it will allocate less bytes than the size of t or this.  However 
the following AndWords routine performs a copy using the size of the 
original number, either t or this.  

Changing the value to result.reg.size() appears to fix the issue at least 
for my use case. 

Best Regards,

Tony. 

-- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/96db662a-d911-4546-8f09-e5c589aba47dn%40googlegroups.com.

Reply via email to