[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mpz_divexact bug

From: Mark Reichert
Subject: mpz_divexact bug
Date: Wed, 3 Jul 2002 13:10:54 -0400

This bug is in 3.1.1, but looking at the source code, it's still in 4.1.
In mpz_divexact, the quotient size, qsize, is calculated as:
qsize = nsize - dsize + 1
where nsize is the size of the numerator and dsize is the size of the denominator.
When the denominator is signficantly larger than the numerator, qsize is a negative number.  Eventually this negative quantity is assigned to tsize (MIN(qsize, dsize)) and TMP_ALLOC is called with a negative number toward the end of the function.  This results in a fairly large unsigned quantity being passed to alloca, which fails.
An example on my machine is dividing 1 by 100000000000000000000000000000000000.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]