# Extended 5.11 — LargeIntegers primMontgomeryTimesModulo: empty operands → OOB read

Bug ref      : pharo.md §5.11
Severity     : MEDIUM (OOB read on degenerate inputs)
File         : extracted/plugins/LargeIntegers/src/common/LargeIntegers.c
Lines (HEAD) : 2278-2317

## Problem

```c
firstLen = ((slotSizeOf(firstLarge)) + 3) / 4;
secondLen = ((slotSizeOf(secondLarge)) + 3) / 4;
thirdLen = ((slotSizeOf(thirdLarge)) + 3) / 4;
if (!((firstLen <= thirdLen) && (secondLen <= thirdLen))) {
    _return_value = primitiveFail(); goto l2;
}
...
accum3 = (accum3 * (SQ_SWAP_4_BYTES_IF_BIGENDIAN((pSecond[0])))) + (SQ_SWAP_4_BYTES_IF_BIGENDIAN((pRes[0])));
```

`pSecond[0]` and `pThird[0]` are read without checking `secondLen
>= 1` and `thirdLen >= 1`. An empty `secondLarge` (size 0) yields
`secondLen == 0` and `pSecond[0]` reads past the array.

## Fix

```diff
diff --git a/plugins/LargeIntegers/src/common/LargeIntegers.c b/plugins/LargeIntegers/src/common/LargeIntegers.c
index 5bac5ba9a..002aced2f 100644
--- a/plugins/LargeIntegers/src/common/LargeIntegers.c
+++ b/plugins/LargeIntegers/src/common/LargeIntegers.c
@@ -2278,6 +2278,12 @@ primMontgomeryTimesModulo(void)
 		firstLen = ((slotSizeOf(firstLarge)) + 3) / 4;
 		secondLen = ((slotSizeOf(secondLarge)) + 3) / 4;
 		thirdLen = ((slotSizeOf(thirdLarge)) + 3) / 4;
+		if (firstLen < 1 || secondLen < 1 || thirdLen < 1) {
+			/* The loop reads pSecond[0]/pThird[0] without checking
+			 * secondLen/thirdLen >= 1. Empty operand → OOB read. */
+			_return_value = primitiveFailFor(PrimErrBadArgument);
+			goto l2;
+		}
 		if (!((firstLen <= thirdLen)
 			 && (secondLen <= thirdLen))) {
 			_return_value = primitiveFail();

```

## Test plan

- Call with an empty LargePositiveInteger: primitive fails cleanly.
- Normal Montgomery multiplication: unchanged.

## Risk notes

- Strict pre-loop validation; no behaviour change for legitimate
  inputs.