From 366e9701239c19df85f4625025ba4e36027df644 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mwooding@good.com>
Date: Fri, 10 Apr 2015 15:19:25 +0100
Subject: [PATCH] math/mpmont.c (mpmont_reduce): Segfault if Karatsuba product
 is short.

In the Karatsuba branch, it's possible (e.g., if the input is actually
zero) that the result is short.  A later `MP_LEN(d) - n' then underflows
causing general badness.  Make sure the result is actually long enough.
---
 math/mpmont.c | 1 +
 math/t/mpmont | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/math/mpmont.c b/math/mpmont.c
index 88efacab..1f9143b6 100644
--- a/math/mpmont.c
+++ b/math/mpmont.c
@@ -160,6 +160,7 @@ mp *mpmont_reduce(mpmont *mm, mp *d, mp *a)
       u->vl = u->v + n;
     u = mp_mul(u, u, mm->m);
     d = mp_add(d, a, u);
+    MP_ENSURE(d, n);
     mp_drop(u);
   }
 
diff --git a/math/t/mpmont b/math/t/mpmont
index 27e03c15..37535af7 100644
--- a/math/t/mpmont
+++ b/math/t/mpmont
@@ -17,6 +17,9 @@ mul {
   7041548659011846562361842096561083537784928869240554198760844555642215260669458833049231069318370838770180094409088437631986867239713464317243824963669990014087444248250948204574690463940534304651099653802302150197753463246181762684347288736386534346725039618007392334267637262008343417972878515511486456037
   21451817224897484023627307128311082613304580637202546848860538836010530320943159719981586919811151828606838777812233053319458755053306547823820900602281867134174742586071226220962576712633552196944784360512851517812225731562588375896089193406088239903885470354101095713609394462435076126493339021945199401247
   48192532305912989641372170084506981675917951543147719789775743631071830656350879578731578070582102149232280305157616093002880139716311910835926678896882798493523792373475521651115163420137602661060123597773253524671874189844988793471524978853764238038494563159505836018994860909028653670132922744758133798212;
+
+  0x1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
+  0 1 0;
 }
 
 exp {
-- 
2.11.0