nixpkgs/pkgs/development/libraries/gmp/5.1.3-CVE-2021-43618.patch
2021-12-09 00:43:15 +00:00

20 lines
600 B
Diff

Based on https://gmplib.org/repo/gmp-6.2/raw-rev/561a9c25298e,
adapted for 5.x by ris
diff -r e1fd9db13b47 -r 561a9c25298e mpz/inp_raw.c
--- a/mpz/inp_raw.c Tue Dec 22 23:49:51 2020 +0100
+++ b/mpz/inp_raw.c Thu Oct 21 19:06:49 2021 +0200
@@ -81,8 +81,11 @@
abs_csize = ABS (csize);
+ if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+ return 0; /* Bit size overflows */
+
/* round up to a multiple of limbs */
- abs_xsize = (abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
+ abs_xsize = ((mp_bitcnt_t)abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
if (abs_xsize != 0)
{