Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#621 closed defect (fixed)

"numbers" egg dumps core if base argument to string->number is too large

Reported by: pdh Owned by:
Priority: major Milestone: 4.9.0
Component: extensions Version: 4.7.x
Keywords: Cc:
Estimated difficulty:


After loading the "numbers" egg, if the base is too large for
string->number, csi dumps core.

Looks like this:

$ csi
Version 4.7.0
openbsd-unix-gnu-x86-64 [ 64bit manyargs dload ptables ]

#;1> (use numbers)
#;2> (string->number "10" (- (expt 2 (/ (- (* 8 8) 2) 2)) 1))
#;3> (string->number "10" (expt 2 (/ (- (* 8 8) 2) 2)))
Abort trap (core dumped)

It is failing in string_to_big() in numbers-c.c at line 2328:

BIGNUM_ASSERT ((radix > 1) && (radix <= BIGNUM_RADIX_ROOT));

BIGNUM_ASSERT just calls "abort" if the test fails, which causes the
core dump.

Observed in the "numbers" egg Version 2.6. (That is, the version
that I installed today.)

Change History (2)

comment:1 Changed 10 years ago by sjamaan

Resolution: fixed
Status: newclosed

It even failed for negative or zero bases. Turns out the original C assert was wrong too since bignum_destructive_scale_up can only deal with numbers strictly *smaller* than BIGNUM_RADIX_ROOT. I've added a check so that it throws a "bad base" exception when you pass in a base that's smaller than 1 or larger/equal to BIGNUM_RADIX_ROOT.

It's fixed in numbers trunk, changeset [24227]

comment:2 Changed 9 years ago by felix winkelmann


Milestone 4.8.0 deleted

Note: See TracTickets for help on using tickets.