Overview

File gmp-6.2.1-CVE-2021-43618.patch of Package gmp.21886

Backport

# HG changeset patch
# User Marco Bodrato <bodrato@mail.dm.unipi.it>
# Date 1634836009 -7200
# Node ID 561a9c25298e17bb01896801ff353546c6923dbd
# Parent  e1fd9db13b475209a864577237ea4b9105b3e96e
mpz/inp_raw.c: Avoid bit size overflows

Index: gmp-5.1.3/mpz/inp_raw.c
===================================================================
--- gmp-5.1.3.orig/mpz/inp_raw.c
+++ gmp-5.1.3/mpz/inp_raw.c
@@ -81,8 +81,11 @@ mpz_inp_raw (mpz_ptr x, FILE *fp)
 
   abs_csize = ABS (csize);
 
+  if (UNLIKELY (abs_csize > ~(mp_bitcnt_t) 0 / 8))
+    return 0; /* Bit size overflows */
+
   /* round up to a multiple of limbs */
-  abs_xsize = (abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
+  abs_xsize = ((mp_bitcnt_t)abs_csize*8 + GMP_NUMB_BITS-1) / GMP_NUMB_BITS;
 
   if (abs_xsize != 0)
     {
openSUSE Build Service is sponsored by
Places