Re: SIGSEGV on isprime

Karim Belabas on Sun, 15 Jul 2018 15:05:34 +0200

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: SIGSEGV on isprime

To: pari-users@pari.math.u-bordeaux.fr
Subject: Re: SIGSEGV on isprime
From: Karim Belabas <Karim.Belabas@math.u-bordeaux.fr>
Date: Sun, 15 Jul 2018 15:05:30 +0200
Cc: Ján Jančár <johny@neuromancer.sk>
Delivery-date: Sun, 15 Jul 2018 15:05:34 +0200
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=math.u-bordeaux.fr; s=mail; t=1531659932; bh=vdDejA1/PiGZW7oZMrmNQYf5SE4zHnMPKJ4/RFtdyoc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Bm2ZNcrjPvYrdRCN3YR8w4sdC6+CIVVmiO9J9WdP3esl+hj9S0U+apj4BqtJZoBMK sdlQtiZcgSMATRHUdYv9ZJd/4gdfcyL47XQ5TTDwp9pLZvhwwb7fix6N8esi5ws40u F5yWHx9J+8abDApNqW/CLH6LzyfFi05mQ/ddWp+I=
In-reply-to: <20180711152549.GB19054@yellowpig>
Mail-followup-to: pari-users@pari.math.u-bordeaux.fr, Ján Jančár <johny@neuromancer.sk>
References: <372a72a9-4486-760d-02e4-e31d5e91bfd5@neuromancer.sk> <20180710215942.GE4112@yellowpig> <b1355d2d-7cba-af33-b2e6-75d7e4492ce4@neuromancer.sk> <5fb19e95-ee16-da8e-31c5-3f5a633b2762@neuromancer.sk> <9d5eadbe-7cdc-264b-e578-608e89d6781b@neuromancer.sk> <20180711152549.GB19054@yellowpig>
User-agent: Mutt/1.6.0 (2016-04-01)

* Bill Allombert [2018-07-11 17:25]:
> On Wed, Jul 11, 2018 at 04:48:24PM +0200, Ján Jančár wrote:
> > >> I have now tested:
> > >>
> > >> --enable-tls --kernel=none      --> works
> > >> --enable-tls --kernel=none-gmp  --> SEGVs!
> > >> --enalbe-tls --kernel=auto-none --> works
> 
> My guess is that there is a buffer overflow in the function
> red_montgomery in the file src/kernel/gmp/mp.c which only
> cause a SEGV when the stack ends on a page boundary.

Not exactly a buffer overflow but an off-by-1 error causing us to read
one word beyond the boundary of the modulus 'N'. In this particular
case, N happens to be the first object on the PARI stack and we read
1 word in unallocated memory [ and disregard its value, making the bug
very hard to spot ].

I believe the problem is solved in 'master' HEAD.

Cheers,

    K.B.
--
Karim Belabas, IMB (UMR 5251)  Tel: (+33) (0)5 40 00 26 17
Universite de Bordeaux         Fax: (+33) (0)5 40 00 21 23
351, cours de la Liberation    http://www.math.u-bordeaux.fr/~kbelabas/
F-33405 Talence (France)       http://pari.math.u-bordeaux.fr/  [PARI/GP]
`

Follow-Ups:
- Re: SIGSEGV on isprime
  - From: Ján Jančár <johny@neuromancer.sk>

References:
- SIGSEGV on isprime
  - From: Ján Jančár <johny@neuromancer.sk>
- Re: SIGSEGV on isprime
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>
- SIGSEGV on isprime
  - From: Ján Jančár <johny@neuromancer.sk>
- Re: SIGSEGV on isprime
  - From: Ján Jančár <johny@neuromancer.sk>
- Re: SIGSEGV on isprime
  - From: Ján Jančár <johny@neuromancer.sk>
- Re: SIGSEGV on isprime
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux.fr>

Prev by Date: Read/Write file on Android request.
Next by Date: Re: SIGSEGV on isprime
Previous by thread: Re: SIGSEGV on isprime
Next by thread: Re: SIGSEGV on isprime
Index(es):
- Date
- Thread