Taking even a tiny amount of time to look beneath it looks like it may be a 
potential problem with a lot of the routines in integer.cpp.

On Thursday, 7 October 2021 at 10:11:31 UTC+1 Tony Stead wrote:

> Hello,
>
> I have been using the Integer class for some big number operations and 
> seem to have found a buffer overflow in at least the Integer::And routine, 
> I have not yet inspected any more..
>
> Extract from integer.cpp 
>
> // This is a bit operation. We set sign to POSITIVE, so there's no need to
> // worry about negative zero. Also see http://stackoverflow.com/q/11644362
> .
> Integer Integer::And(const Integer& t) const
> {
> if (this == &t)
> {
> return AbsoluteValue();
> }
> else if (reg.size() >= t.reg.size())
> {
> Integer result(t);
> AndWords(result.reg, reg, t.reg.size());
>
> result.sign = POSITIVE;
> return result;
> }
> else // reg.size() < t.reg.size()
> {
> Integer result(*this);
> AndWords(result.reg, t.reg, reg.size());
>
> result.sign = POSITIVE;
> return result;
> }
> }
>
> The issue is casued in the temporary result variable.  When result copies 
> t or this in its constructor, it calculates the minimum size required to 
> fit the current number in t or this.  If the top order bits of t or this 
> have gone zero it will allocate less bytes than the size of t or this.  
> However the following AndWords routine performs a copy using the size of 
> the original number, either t or this.  
>
> Changing the value to result.reg.size() appears to fix the issue at least 
> for my use case. 
>
> Best Regards,
>
> Tony. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/0c45ee06-d58d-4f82-94ef-de402712ebafn%40googlegroups.com.

Reply via email to