Uninteded Variable Length Array in ec-nist.c
Ian Goldberg
ian at cypherpunks.ca
Fri Sep 30 13:36:06 CEST 2022
On Fri, Sep 30, 2022 at 05:14:16PM +0900, NIIBE Yutaka wrote:
> Thank you for your quick response.
>
> Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
> > How about instead define arrays with wanted size and define 'wsize' with
> > sizeof the array. This would avoid having macros. For example like this:
> >
> > index 69b05a6d..0de41e48 100644
> > --- a/mpi/ec-nist.c
> > +++ b/mpi/ec-nist.c
> > @@ -94,9 +94,9 @@ _gcry_mpi_ec_nist192_mod (gcry_mpi_t w, mpi_ec_t ctx)
> > };
> > const mpi_limb64_t zero = LIMB_TO64(0);
> > mpi_ptr_t wp;
> > - mpi_size_t wsize = 192 / BITS_PER_MPI_LIMB64;
> > - mpi_limb64_t s[wsize + 1];
> > - mpi_limb64_t o[wsize + 1];
> > + mpi_limb64_t s[192 / BITS_PER_MPI_LIMB64 + 1];
> > + mpi_limb64_t o[sizeof(s)];
Note that sizeof(s) is the number of *bytes* of s, not the number of
*elements* of s, so the above new code will declare o to be much larger
than the old code did.
More information about the Gcrypt-devel
mailing list