From f4d9fcfc5b183a4183d74ccd1ba1a3557d546993 Mon Sep 17 00:00:00 2001
From: 3393304070 <49681813+3393304070@users.noreply.github.com>
Date: Sun, 15 Sep 2024 17:59:56 +0100
Subject: [PATCH] Fixed out-of-bound write in libbf.c

---
 libbf.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libbf.c b/libbf.c
index 05d62ed..b40f28c 100644
--- a/libbf.c
+++ b/libbf.c
@@ -1715,6 +1715,11 @@ static int __bf_div(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec,
         slimb_t d;
 
         na = n + nb;
+      
+        if (na >= (SIZE_MAX / sizeof(limb_t)) - 1) {
+            return BF_ST_MEM_ERROR;
+        }
+      
         taba = bf_malloc(s, (na + 1) * sizeof(limb_t));
         if (!taba)
             goto fail;