From b4745088b1dad2c57d04048297da3e302f3bf011 Mon Sep 17 00:00:00 2001
From: sebres <sebres@users.sourceforge.net>
Date: Mon, 7 Jan 2019 01:11:32 +0000
Subject: cherry-pick [3e4d907d8e] from 8.6: prevent buffer overrun in
 fast_s_mp_mul_digs().

---
 libtommath/bn_fast_s_mp_mul_digs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libtommath/bn_fast_s_mp_mul_digs.c b/libtommath/bn_fast_s_mp_mul_digs.c
index ab157b9..4cc98ce 100644
--- a/libtommath/bn_fast_s_mp_mul_digs.c
+++ b/libtommath/bn_fast_s_mp_mul_digs.c
@@ -87,7 +87,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
   {
     register mp_digit *tmpc;
     tmpc = c->dp;
-    for (ix = 0; ix < pa+1; ix++) {
+    for (ix = 0; ix < pa; ix++) {
       /* now extract the previous digit [below the carry] */
       *tmpc++ = W[ix];
     }
-- 
cgit v0.12