Fix out-of-bounds memory access in bit.

* mpi/mpi.c (mp_bit): If the digit index is beyond the available digits in the number, report MP_NO rather than accessing undefined digit material or beyond the array entirely.
author: Kaz Kylheku <kaz@kylheku.com> 2016-06-08 06:03:19 -0700
committer: Kaz Kylheku <kaz@kylheku.com> 2016-06-08 06:03:19 -0700
commit: 07b04ff7268a454ef8017270283d1c8f90c23ffc (patch)
tree: 97ef28b79815aca43de3da010838fd14f0b720c1 /mpi/mpi.c
parent: d8ce6dd806ea12ebafa312f6bb7f762084efd37a (diff)
download: txr-07b04ff7268a454ef8017270283d1c8f90c23ffc.tar.gz
txr-07b04ff7268a454ef8017270283d1c8f90c23ffc.tar.bz2
txr-07b04ff7268a454ef8017270283d1c8f90c23ffc.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/mpi/mpi.c b/mpi/mpi.c
index cb6567a5..178b5fee 100644
--- a/mpi/mpi.c
+++ b/mpi/mpi.c
@@ -2781,7 +2781,7 @@ mp_err mp_bit(mp_int *a, mp_digit bit)
     a = &tmp;
   }
 
-  return (DIGITS(a)[digit] & mask) != 0 ? MP_YES : MP_NO;
+  return (digit < USED(a) && (DIGITS(a)[digit] & mask) != 0) ? MP_YES : MP_NO;
 }
 
 mp_err mp_to_double(mp_int *mp, double *d)
author	Kaz Kylheku <kaz@kylheku.com>	2016-06-08 06:03:19 -0700
committer	Kaz Kylheku <kaz@kylheku.com>	2016-06-08 06:03:19 -0700
commit	07b04ff7268a454ef8017270283d1c8f90c23ffc (patch)
tree	97ef28b79815aca43de3da010838fd14f0b720c1 /mpi/mpi.c
parent	d8ce6dd806ea12ebafa312f6bb7f762084efd37a (diff)
download	txr-07b04ff7268a454ef8017270283d1c8f90c23ffc.tar.gz txr-07b04ff7268a454ef8017270283d1c8f90c23ffc.tar.bz2 txr-07b04ff7268a454ef8017270283d1c8f90c23ffc.zip