In mam_api_channel_create, line api->channel_ord++; may overflow value of channel_ord which is defined as trint18_t channel_ord. trint18_t is implemented as:
/*! \brief Signed integer type capable of storing 18 trits
with values in range [-(3^18-1)/2,..,-1,0,1,..,(3^18-1)/2]. */
typedef int32_t trint18_t;
#define MAM_TRINT18_MAX ((trint18_t)193710244)
#define MAM_TRINT18_MIN (-MAM_TRINT18_MAX)
The overflow may happen when api->channel_ord has value of MAM_TRINT18_MAX which will lead to UB (most likely -- channel name reuse and hence channel reuse! as trits_put18 is used to encode value of api->channel_ord).
Possible solution:
add bounds check to api->channel_ord in mam_api_channel_create which efficiently limits the number of channels per seed to (3^18-1)/2 which may be limiting for some applications;
make channel_ord be of type trit_t [243] which will correspond to a total number of channels/channel ids. The initial value can be all zeros, increment - is a natural increment of trit array.
In
mam_api_channel_create
, lineapi->channel_ord++;
may overflow value ofchannel_ord
which is defined astrint18_t channel_ord
.trint18_t
is implemented as:The overflow may happen when
api->channel_ord
has value ofMAM_TRINT18_MAX
which will lead to UB (most likely -- channel name reuse and hence channel reuse! astrits_put18
is used to encode value ofapi->channel_ord
).Possible solution:
api->channel_ord
inmam_api_channel_create
which efficiently limits the number of channels per seed to(3^18-1)/2
which may be limiting for some applications;channel_ord
be of typetrit_t [243]
which will correspond to a total number of channels/channel ids. The initial value can be all zeros, increment - is a natural increment of trit array.