Uninteded Variable Length Array in ec-nist.c

Jussi Kivilinna jussi.kivilinna at iki.fi
Sat Oct 1 08:15:12 CEST 2022


On 30.9.2022 14.36, Ian Goldberg via Gcrypt-devel wrote:
> On Fri, Sep 30, 2022 at 05:14:16PM +0900, NIIBE Yutaka wrote:
>> Thank you for your quick response.
>>
>> Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>>> How about instead define arrays with wanted size and define 'wsize' with
>>> sizeof the array. This would avoid having macros. For example like this:
>>>
>>> index 69b05a6d..0de41e48 100644
>>> --- a/mpi/ec-nist.c
>>> +++ b/mpi/ec-nist.c
>>> @@ -94,9 +94,9 @@ _gcry_mpi_ec_nist192_mod (gcry_mpi_t w, mpi_ec_t ctx)
>>>      };
>>>      const mpi_limb64_t zero = LIMB_TO64(0);
>>>      mpi_ptr_t wp;
>>> -  mpi_size_t wsize = 192 / BITS_PER_MPI_LIMB64;
>>> -  mpi_limb64_t s[wsize + 1];
>>> -  mpi_limb64_t o[wsize + 1];
>>> +  mpi_limb64_t s[192 / BITS_PER_MPI_LIMB64 + 1];
>>> +  mpi_limb64_t o[sizeof(s)];
> 
> Note that sizeof(s) is the number of *bytes* of s, not the number of
> *elements* of s, so the above new code will declare o to be much larger
> than the old code did.

Thanks, I somehow missed that. Next line in my example used DIM macro
which does the right thing of giving number of elements in array.

+  const mpi_size_t wsize = DIM(s) - 1;

Just need to change to use DIM for array definitions too.

-Jussi




More information about the Gcrypt-devel mailing list