In mam_api_channel_create, line api->channel_ord++; may overflow value of channel_ord which is defined as trint18_t channel_ord. trint18_t is implemented as:
/*! \brief Signed integer type capable of storing 18 trits
with values in range [-(3^18-1)/2,..,-1,0,1,..,(3^18-1)/2]. */
typedef int32_t trint18_t;
#define MAM_TRINT18_MAX ((trint18_t)193710244)
#define MAM_TRINT18_MIN (-MAM_TRINT18_MAX)
The overflow may happen when api->channel_ord has value of MAM_TRINT18_MAX which will lead to UB (most likely -- channel name reuse and hence channel reuse! as trits_put18 is used to encode value of api->channel_ord).
Possible solution:
add bounds check to api->channel_ord in mam_api_channel_create which efficiently limits the number of channels per seed to (3^18-1)/2 which may be limiting for some applications;
make channel_ord be of type trit_t [243] which will correspond to a total number of channels/channel ids. The initial value can be all zeros, increment - is a natural increment of trit array.
In
mam_api_channel_create, lineapi->channel_ord++;may overflow value ofchannel_ordwhich is defined astrint18_t channel_ord.trint18_tis implemented as:The overflow may happen when
api->channel_ordhas value ofMAM_TRINT18_MAXwhich will lead to UB (most likely -- channel name reuse and hence channel reuse! astrits_put18is used to encode value ofapi->channel_ord).Possible solution:
api->channel_ordinmam_api_channel_createwhich efficiently limits the number of channels per seed to(3^18-1)/2which may be limiting for some applications;channel_ordbe of typetrit_t [243]which will correspond to a total number of channels/channel ids. The initial value can be all zeros, increment - is a natural increment of trit array.