Out-of-bounds read via bn_sqr_basic
guidovranken opened this issue · comments
Guido Vranken commented
#include <relic_conf.h>
#include <relic.h>
int main(void)
{
if ( core_init() != RLC_OK ) abort();
bn_t A, R;
bn_null(A); bn_new(A);
bn_null(R); bn_new(R);
const char* s = "107374180410001700060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000045270000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001073741804";
/* noret */ bn_read_str(A, s, strlen(s), 10);
/* noret */ bn_sqr_basic(R, A);
bn_free(A);
bn_free(R);
return 0;
}
Compile relic with ALLOC=DYNAMIC, compile the program and run it under valgrind to observe an out-of-bounds read in bn_sqra_low