• Alberto Donizetti's avatar
    math/big: protect against aliasing in nat.divLarge · ff534e21
    Alberto Donizetti authored
    In nat.divLarge (having signature (z nat).divLarge(u, uIn, v nat)),
    we check whether z aliases uIn or v, but aliasing is currently not
    checked for the u parameter.
    
    Unfortunately, z and u aliasing each other can in some cases cause
    errors in the computation.
    
    The q return parameter (which will hold the result's quotient), is
    unconditionally initialized as
    
        q = z.make(m + 1)
    
    When cap(z) ≥ m+1, z.make() will reuse z's backing array, causing q
    and z to share the same backing array. If then z aliases u, setting q
    during the quotient computation will then corrupt u, which at that
    point already holds computation state.
    
    To fix this, we add an alias(z, u) check at the beginning of the
    function, taking care of aliasing the same way we already do for uIn
    and v.
    
    Fixes #22830
    
    Change-Id: I3ab81120d5af6db7772a062bb1dfc011de91f7ad
    Reviewed-on: https://go-review.googlesource.com/78995
    Run-TryBot: Alberto Donizetti <alb.donizetti@gmail.com>
    Run-TryBot: Robert Griesemer <gri@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: 's avatarRobert Griesemer <gri@golang.org>
    ff534e21
nat.go 26.8 KB