On Fri, Oct 8, 2021 at 12:02 AM Jeffrey Walton <noloa...@gmail.com> wrote:
> On Thu, Oct 7, 2021 at 5:11 AM Tony Stead <thst...@gmail.com> wrote:
> >
> > I have been using the Integer class for some big number operations and seem 
> > to have found a buffer overflow in at least the Integer::And routine, I 
> > have not yet inspected any more..
> >
> >  ...
> > The issue is casued in the temporary result variable.  When result copies t 
> > or this in its constructor, it calculates the minimum size required to fit 
> > the current number in t or this.  If the top order bits of t or this have 
> > gone zero it will allocate less bytes than the size of t or this.  However 
> > the following AndWords routine performs a copy using the size of the 
> > original number, either t or this.
> >
> > Changing the value to result.reg.size() appears to fix the issue at least 
> > for my use case.
> Thanks Tony.
> Do you have a reproducer? I'd like to look at it.
> We have test cases setup and they are run under the sanitizers. I
> don't recall seeing a finding. We might be missing a test case for it,
> however.

I can't seem to reproduce the issue with our test data. Integer is
testing OK with UBsan, Asan and Valgrind.

Would you be able to provide a reproducer?

Thanks again.

Here's the Valgrind build I am testing.

$ CXXFLAGS="-DDEBUG -g3 -O0" make -j 12
Using testing flags: -DDEBUG -g3 -O0
g++ -fPIC -pthread -pipe -DDEBUG -g3 -O0 -c cryptlib.cpp
g++ -fPIC -pthread -pipe -DDEBUG -g3 -O0 -c cpu.cpp
g++ -fPIC -pthread -pipe -DDEBUG -g3 -O0 -c integer.cpp

$ valgrind -- ./cryptest.exe v 9997
==13696== Memcheck, a memory error detector
==13696== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==13696== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==13696== Command: ./cryptest.exe v 9997
Using seed: 1633666228

Testing Integer bit operations...

passed:  Bitwise AND over 32-bits to 1024-bits
passed:  Bitwise OR over 32-bits to 1024-bits
passed:  Bitwise XOR over 32-bits to 1024-bits

Seed used was 1633666228
Test started at Fri Oct 8 00:10:28 2021
Test ended at Fri Oct 8 00:10:31 2021
==13696== HEAP SUMMARY:
==13696==     in use at exit: 0 bytes in 0 blocks
==13696==   total heap usage: 451,126 allocs, 451,126 frees,
22,872,284 bytes allocated
==13696== All heap blocks were freed -- no leaks are possible
==13696== For lists of detected and suppressed errors, rerun with: -s
==13696== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to