|Date:||Wed, 3 Jul 2002 13:10:54 -0400|
This bug is in 3.1.1, but looking at the source code, it's still in 4.1.
In mpz_divexact, the quotient size, qsize, is calculated as:
qsize = nsize - dsize + 1
where nsize is the size of the numerator and dsize is the size of the denominator.
When the denominator is signficantly larger than the numerator, qsize is a negative number. Eventually this negative quantity is assigned to tsize (MIN(qsize, dsize)) and TMP_ALLOC is called with a negative number toward the end of the function. This results in a fairly large unsigned quantity being passed to alloca, which fails.
An example on my machine is dividing 1 by 100000000000000000000000000000000000.
|[Prev in Thread]||Current Thread||[Next in Thread]|