The problem is zero coordinates: the point at infinity is encoded as a
zero length word, so zero coordinates must be encoded as a single zero
byte, preceded by a length word of 1 -- which overruns the output buffer
provided, unless we take special care, which we haven't.
{
ec pt = EC_INIT;
if (!PyArg_ParseTuple(arg, "O&:putecpt", convecpt, &pt)) return (0);
- if (EC_ATINF(&pt)) ensure(me, 2);
- else ensure(me, 4 + mp_octets(pt.x) + mp_octets(pt.y));
+ ensure(me, EC_ATINF(&pt) ? 2 : 6 + mp_octets(pt.x) + mp_octets(pt.y));
buf_putec(BUF_B(me), &pt); assert(BOK(BUF_B(me)));
EC_DESTROY(&pt);
RETURN_ME;
if (EC_ATINF(&p))
n = 2;
else
- n = mp_octets(p.x) + mp_octets(p.y) + 4;
+ n = mp_octets(p.x) + mp_octets(p.y) + 6;
rc = bytestring_pywrap(0, n);
buf_init(&b, PyString_AS_STRING(rc), n);
buf_putec(&b, &p);