|
From: | Mark Reichert |
Subject: | mpz_divexact bug |
Date: | Wed, 3 Jul 2002 13:10:54 -0400 |
This bug is in 3.1.1, but looking at the source code, it's
still in 4.1.
In mpz_divexact, the quotient size, qsize, is calculated
as:
qsize = nsize - dsize + 1
where nsize is the size of the numerator and dsize is the size
of the denominator.
When the denominator is signficantly larger than the
numerator, qsize is a negative number. Eventually this negative quantity
is assigned to tsize (MIN(qsize, dsize)) and TMP_ALLOC is called with a negative
number toward the end of the function. This results in a fairly large
unsigned quantity being passed to alloca, which fails.
An example on my machine is dividing 1 by
100000000000000000000000000000000000.
|
[Prev in Thread] | Current Thread | [Next in Thread] |