On Fri, Oct 8, 2021 at 12:02 AM Jeffrey Walton <noloa...@gmail.com> wrote: > > On Thu, Oct 7, 2021 at 5:11 AM Tony Stead <thst...@gmail.com> wrote: > > > > I have been using the Integer class for some big number operations and seem > > to have found a buffer overflow in at least the Integer::And routine, I > > have not yet inspected any more.. > > > > ... > > The issue is casued in the temporary result variable. When result copies t > > or this in its constructor, it calculates the minimum size required to fit > > the current number in t or this. If the top order bits of t or this have > > gone zero it will allocate less bytes than the size of t or this. However > > the following AndWords routine performs a copy using the size of the > > original number, either t or this. > > > > Changing the value to result.reg.size() appears to fix the issue at least > > for my use case. > > Thanks Tony. > > Do you have a reproducer? I'd like to look at it. > > We have test cases setup and they are run under the sanitizers. I > don't recall seeing a finding. We might be missing a test case for it, > however.
By the way, here's the test data we use for testing the integer operations. It was generated using Java, so you should get the same result between Crypto++ and Java. You can find the Java program at http://github.com/weidai11/cryptopp/issues/336. https://github.com/weidai11/cryptopp/blob/master/validat2.cpp#L34 Jeff -- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8%3DV0irdq2q0NuhWuOSz7d%3Db7c5%3Dntk0ra6R1M8wckzGrg%40mail.gmail.com.