[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] over 2000 packages depend on abort()ing libgmp

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] over 2000 packages depend on abort()ing libgmp
From: Georgi Guninski <gguninski@xxxxxxxxx>
Date: Wed, 14 Sep 2022 14:44:39 +0300

ping world

libgmp is library about big numbers.

it is not a library for very big numbers, because
if libgmp meets a very big number, it calls abort()
and coredumps.

2442 packages depend on libgmp on ubuntu20.

guest3@ubuntu20:~/prim$ apt-cache rdepends libgmp10 | wc -l
2442

gawk crash:

guest3@ubuntu20:~/prim$ gawk --bignum 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
gmp: overflow in mpz type
Aborted (core dumped)

guest3@ubuntu20:~/prim$ gawk 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
a = +inf
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Follow-Ups:
- Re: [FD] over 2000 packages depend on abort()ing libgmp
  - From: Matthew Fernandez

Prev by Date: [FD] APPLE-SA-2022-09-12-5 Safari 16
Next by Date: [FD] SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter
Previous by thread: [FD] APPLE-SA-2022-09-12-5 Safari 16
Next by thread: Re: [FD] over 2000 packages depend on abort()ing libgmp
Index(es):
- Date
- Thread