With Big Endian export, this did odd things: Content in 'data' appeared at the end of the buffer, so given the parameters mpz_export_data() actually overstepped boundaries. Fix it by exporting the full data (just like string_type_print() does) into a large enough buffer, then create the constant expression from the significant part. Initialize 'data' to zero just to be on the safe side, this is actually not needed. Signed-off-by: Phil Sutter --- src/segtree.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/segtree.c b/src/segtree.c index 5a334efc8bebb..ab107493ea97b 100644 --- a/src/segtree.c +++ b/src/segtree.c @@ -403,10 +403,11 @@ void concat_range_aggregate(struct expr *set) if (prefix_len >= 0 && (prefix_len % BITS_PER_BYTE) == 0 && string_type) { + unsigned int r1len = div_round_up(r1->len, BITS_PER_BYTE); unsigned int str_len = prefix_len / BITS_PER_BYTE; - char data[str_len + 2]; + char data[r1len + 1] = {}; - mpz_export_data(data, r1->value, BYTEORDER_BIG_ENDIAN, str_len); + mpz_export_data(data, r1->value, BYTEORDER_BIG_ENDIAN, r1len); data[str_len] = '*'; tmp = constant_expr_alloc(&r1->location, r1->dtype, -- 2.51.0