From owner-freebsd-stable@FreeBSD.ORG  Thu Nov  8 02:13:40 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 1A393488
 for <freebsd-stable@freebsd.org>; Thu,  8 Nov 2012 02:13:40 +0000 (UTC)
 (envelope-from janm@transactionware.com)
Received: from mail3.transactionware.com (mail3.transactionware.com
 [202.68.173.211])
 by mx1.freebsd.org (Postfix) with SMTP id 55B588FC18
 for <freebsd-stable@freebsd.org>; Thu,  8 Nov 2012 02:13:38 +0000 (UTC)
Received: (qmail 6346 invoked by uid 907); 8 Nov 2012 02:06:56 -0000
Received: from Unknown (HELO jmmacpro.tmst.com.au) (202.68.173.218)
 (smtp-auth username janm, mechanism plain)
 by mail3.transactionware.com (qpsmtpd/0.84) with (AES128-SHA encrypted)
 ESMTPSA; Thu, 08 Nov 2012 13:06:56 +1100
From: Jan Mikkelsen <janm@transactionware.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Subject: dc(1) fails with "big number failure" on 2^64
Message-Id: <2ABD38E2-A9F7-4AD3-9364-B21F6566F7CB@transactionware.com>
Date: Thu, 8 Nov 2012 13:06:55 +1100
To: FreeBSD Stable <freebsd-stable@freebsd.org>
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 02:13:40 -0000

Hi,

I am seeing this in dc:

janm@gray: dc $ dc
18446744073709551616 18446744073709551616 / ps
dc: big number failure 306b06b: No such file or directory

That number is 2^64. The error is coming from BN_check in bdiv(), which =
is complaining about the number at the top of the stack being =
uninitialised. Looking at the data, after the second pop in bdiv() in =
bdata.c, b->number->d[b->number->top - 1] =3D=3D 0. After a while poking =
around in a debugger, it looks like the first word of the second number =
(a->number->d) is being allocated at the same location as the last word =
of the second number, it gets zeroed, and then looks uninitialised.

All of this seems to be happening in the BN_* routines in openssl.

I am seeing this on my builds for 9.1-RC3 and 9.0-p3, as well as the =
CDROM shell on the 9.1-RC3 ISO, so I'm pretty sure it isn't my build =
process or compiler flags. I have checked an OpenBSD 5.2 installation, =
and it works fine.

Can anyone confirm this? Am I just seeing things? Is there an obvious =
fix?

Thanks,

Jan Mikkelsen