Torbjorn Granlund <t...@gmplib.org> writes: > This is a (partial?) patch. It seems to fix the present problem. > + rp = MPZ_REALLOC (r, an + 1); > + > + ap = a->_mp_d; > + bp = b->_mp_d; > + > if (an < bn) > MPN_PTR_SWAP (ap, an, bp, bn); > > cy = mpn_add (rp, ap, an, bp, bn); > rp[an] = cy;
I think this fix to mpz_abs_add is almost right, but the realloc must use a size MAX(an, bn) + 1. Maybe it ought to be reorganized a bit, eliminating the ap, bp pointers and the swapping. Something like rn = GMP_MAX (an, bn); rp = MPZ_REALLOC (r, rn + 1); if (an < bn) cy = mpn_add (rp, b->_mp_d, bn, a->_mp_d, an); else cy = mpn_add (rp, a->_mp_d, an, b->_mp_d, bn); if (cy > 0) rp[rn++] = cy; Will you commit these fixes, or do you want me to do that? I have found the same four direct MPZ_REALLOC problems when reviewing the code: mpz_abs_add, mpz_and, mpz_ior and mpz_xor. Then I have loooked for functions which use cached pointers over a call to a function using MPZ_REALLOC. But I didn't find any problems of that type. There are couple of additional pointers cached over an MPZ_REALLOC of a temporary, but that shouldn't be a problem since the temporary never overlaps anything else. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ gmp-devel mailing list gmp-devel@gmplib.org http://gmplib.org/mailman/listinfo/gmp-devel