Dear developers/maintainers, Hope this email finds you well! I'm writing to report a crash we met while using libgmp. The POC looks like this: ``` mpz_t n; mpz_init(n); mpz_fac_ui(n, 0x10006f);
mpz_t n2; mpz_init(n2); mpz_nextprime(n2, n); ``` It seems like in `mpz_nextprime` this line ( https://gmplib.org/repo/gmp/file/tip/mpz/nextprime.c#l204), when `n` is very large, it doesn't restrict the value of `odds_in_composite_sieve` which leads to the `alloca` below crash and might cause more buffer overflow. Could you please help us to verify this bug? Looking forward to your reply, thanks! Best regards, Jiayi Lin _______________________________________________ gmp-bugs mailing list gmp-bugs@gmplib.org https://gmplib.org/mailman/listinfo/gmp-bugs