At lines 707-724 of src/msolve/msolve.c, there is
int j = 0;
int32_t sum = 0;
for (i = 2 * len_old; i < 2 * len_new; i += 2) {
gens->random_linear_form[j] = ((int32_t)(rand()));
while (gens->random_linear_form[j] == 0) {
gens->random_linear_form[j] = ((int32_t)(rand()));
}
if (i < 2 * len_new - 1) {
sum += nvars_old * abs(gens->random_linear_form[j]);
} else {
gens->random_linear_form[j] = sum;
}
mpz_set_si(*(gens->mpz_cfs[i]), gens->random_linear_form[j]);
mpz_set_ui(*(gens->mpz_cfs[i + 1]), 1);
j++;
}
It seems that the line 716 (sum += ...) may overflow since we use 32 bit signed integers and we multiply a random one (likely close to 29-31 bits) by nvars_old.
Also, if I get the logic well, the else is never entered: i is an even integer less than 2 * len_new, so at all iterations i will be less than 2 * len_new - 1... isn't it? And in that case, the value of sum is actually never used(?).
At lines 707-724 of
src/msolve/msolve.c, there isIt seems that the line 716 (
sum += ...) may overflow since we use 32 bit signed integers and we multiply a random one (likely close to 29-31 bits) bynvars_old.Also, if I get the logic well, the
elseis never entered:iis an even integer less than2 * len_new, so at all iterationsiwill be less than2 * len_new - 1... isn't it? And in that case, the value ofsumis actually never used(?).