You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 12, 2020. It is now read-only.
In mam_api_channel_create, line api->channel_ord++; may overflow value of channel_ord which is defined as trint18_t channel_ord. trint18_t is implemented as:
/*! \brief Signed integer type capable of storing 18 trits
with values in range [-(3^18-1)/2,..,-1,0,1,..,(3^18-1)/2]. */
typedef int32_t trint18_t;
#define MAM_TRINT18_MAX ((trint18_t)193710244)
#define MAM_TRINT18_MIN (-MAM_TRINT18_MAX)
The overflow may happen when api->channel_ord has value of MAM_TRINT18_MAX which will lead to UB (most likely -- channel name reuse and hence channel reuse! as trits_put18 is used to encode value of api->channel_ord).
Possible solution:
add bounds check to api->channel_ord in mam_api_channel_create which efficiently limits the number of channels per seed to (3^18-1)/2 which may be limiting for some applications;
make channel_ord be of type trit_t [243] which will correspond to a total number of channels/channel ids. The initial value can be all zeros, increment - is a natural increment of trit array.
In
mam_api_channel_create, lineapi->channel_ord++;may overflow value ofchannel_ordwhich is defined astrint18_t channel_ord.trint18_tis implemented as:The overflow may happen when
api->channel_ordhas value ofMAM_TRINT18_MAXwhich will lead to UB (most likely -- channel name reuse and hence channel reuse! astrits_put18is used to encode value ofapi->channel_ord).Possible solution:
api->channel_ordinmam_api_channel_createwhich efficiently limits the number of channels per seed to(3^18-1)/2which may be limiting for some applications;channel_ordbe of typetrit_t [243]which will correspond to a total number of channels/channel ids. The initial value can be all zeros, increment - is a natural increment of trit array.