From 2b552abd4edc775de854014c7b0135902ca2ecd3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Wed, 17 Sep 2014 21:51:46 +0200
Subject: [PATCH] Fixed mpn_get_base256_le buffer overwrite.

---
 ChangeLog  | 4 ++++
 gmp-glue.c | 1 +
 2 files changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 01f6cab7..cb3edea5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2014-09-17  Niels Möller  <nisse@lysator.liu.se>
 
+	* gmp-glue.c (mpn_get_base256_le): Fixed missing update of rn
+	counter, making the function clear some bytes beyond the end of
+	the output buffer. The bug triggered a make check failure on ARM.
+
 	* testsuite/testutils.c (ecc_curves): Include curve25519 in list.
 	(test_ecc_mul_a): Include reference points for curve25519 (with
 	Edwards coordinates). Allow n == 0 and n == 1, comparing to zero
diff --git a/gmp-glue.c b/gmp-glue.c
index 5de167eb..f9a5e358 100644
--- a/gmp-glue.c
+++ b/gmp-glue.c
@@ -293,6 +293,7 @@ mpn_get_base256_le (uint8_t *rp, size_t rn,
 	  in = *xp++;
 	  xn--;
 	  *rp++ = old | (in << bits);
+	  rn--;
 	  in >>= (8 - bits);
 	  bits += GMP_NUMB_BITS - 8;
 	}
-- 
2.47.3