On Fri, Oct 8, 2021 at 12:02 AM Jeffrey Walton <noloa...@gmail.com> wrote: > > On Thu, Oct 7, 2021 at 5:11 AM Tony Stead <thst...@gmail.com> wrote: > > > > I have been using the Integer class for some big number operations and seem > > to have found a buffer overflow in at least the Integer::And routine, I > > have not yet inspected any more.. > > > > ... > > The issue is casued in the temporary result variable. When result copies t > > or this in its constructor, it calculates the minimum size required to fit > > the current number in t or this. If the top order bits of t or this have > > gone zero it will allocate less bytes than the size of t or this. However > > the following AndWords routine performs a copy using the size of the > > original number, either t or this. > > > > Changing the value to result.reg.size() appears to fix the issue at least > > for my use case. > > Thanks Tony. > > Do you have a reproducer? I'd like to look at it. > > We have test cases setup and they are run under the sanitizers. I > don't recall seeing a finding. We might be missing a test case for it, > however.
I can't seem to reproduce the issue with our test data. Integer is testing OK with UBsan, Asan and Valgrind. Would you be able to provide a reproducer? Thanks again. ---------- Here's the Valgrind build I am testing. $ CXXFLAGS="-DDEBUG -g3 -O0" make -j 12 Using testing flags: -DDEBUG -g3 -O0 g++ -fPIC -pthread -pipe -DDEBUG -g3 -O0 -c cryptlib.cpp g++ -fPIC -pthread -pipe -DDEBUG -g3 -O0 -c cpu.cpp g++ -fPIC -pthread -pipe -DDEBUG -g3 -O0 -c integer.cpp ... $ valgrind -- ./cryptest.exe v 9997 ==13696== Memcheck, a memory error detector ==13696== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==13696== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==13696== Command: ./cryptest.exe v 9997 ==13696== Using seed: 1633666228 Testing Integer bit operations... passed: Bitwise AND over 32-bits to 1024-bits passed: Bitwise OR over 32-bits to 1024-bits passed: Bitwise XOR over 32-bits to 1024-bits Seed used was 1633666228 Test started at Fri Oct 8 00:10:28 2021 Test ended at Fri Oct 8 00:10:31 2021 ==13696== ==13696== HEAP SUMMARY: ==13696== in use at exit: 0 bytes in 0 blocks ==13696== total heap usage: 451,126 allocs, 451,126 frees, 22,872,284 bytes allocated ==13696== ==13696== All heap blocks were freed -- no leaks are possible ==13696== ==13696== For lists of detected and suppressed errors, rerun with: -s ==13696== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) -- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8mkveoKymgGp2-YsUhLPqJFNtHx5K2dgK7mAXmD7-7HOA%40mail.gmail.com.