Out-of-bounds read via bn_sqr_basic

Question

Out-of-bounds read via bn_sqr_basic

guidovranken opened this issue 4 years ago · 0 comments

#include <relic_conf.h>
#include <relic.h>

int main(void)
{
    if ( core_init() != RLC_OK ) abort();

    bn_t A, R;

    bn_null(A); bn_new(A);
    bn_null(R); bn_new(R);

    const char* s = "107374180410001700060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000045270000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001073741804";
    /* noret */ bn_read_str(A, s, strlen(s), 10);
    /* noret */ bn_sqr_basic(R, A);

    bn_free(A);
    bn_free(R);
    return 0;
}

Compile relic with ALLOC=DYNAMIC, compile the program and run it under valgrind to observe an out-of-bounds read in bn_sqra_low