Taking even a tiny amount of time to look beneath it looks like it may be a potential problem with a lot of the routines in integer.cpp.
On Thursday, 7 October 2021 at 10:11:31 UTC+1 Tony Stead wrote: > Hello, > > I have been using the Integer class for some big number operations and > seem to have found a buffer overflow in at least the Integer::And routine, > I have not yet inspected any more.. > > Extract from integer.cpp > > // This is a bit operation. We set sign to POSITIVE, so there's no need to > // worry about negative zero. Also see http://stackoverflow.com/q/11644362 > . > Integer Integer::And(const Integer& t) const > { > if (this == &t) > { > return AbsoluteValue(); > } > else if (reg.size() >= t.reg.size()) > { > Integer result(t); > AndWords(result.reg, reg, t.reg.size()); > > result.sign = POSITIVE; > return result; > } > else // reg.size() < t.reg.size() > { > Integer result(*this); > AndWords(result.reg, t.reg, reg.size()); > > result.sign = POSITIVE; > return result; > } > } > > The issue is casued in the temporary result variable. When result copies > t or this in its constructor, it calculates the minimum size required to > fit the current number in t or this. If the top order bits of t or this > have gone zero it will allocate less bytes than the size of t or this. > However the following AndWords routine performs a copy using the size of > the original number, either t or this. > > Changing the value to result.reg.size() appears to fix the issue at least > for my use case. > > Best Regards, > > Tony. > > -- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/0c45ee06-d58d-4f82-94ef-de402712ebafn%40googlegroups.com.