Unsoundness of safe `reciprocal_mg10`

[shinmao]

Hello, we are PhD researchers of Rust's safety. We find there are potential undefined behaviors in the safe API reciprocal_mg10, which is also visible to external crate user so require to add some safety check.

OOB in safe reciprocal_mg10

uint/src/algorithms/div/reciprocal.rs

Lines 79 to 87 in 17c9b3e

	debug_assert!(d >= (1 << 63));
	let d = Wrapping(d);
	let d0 = d & ONE;
	let d9 = d >> 55;
	let d40 = ONE + (d >> 24);
	let d63 = (d + ONE) >> 1;
	// let v0 = Wrapping(TABLE[(d9.0 - 256) as usize] as u64);
	let v0 = Wrapping(*unsafe { TABLE.get_unchecked((d9.0 - 256) as usize) } as u64);

Even though line 79 has added the check to guarantee d > 0, debug_assert! will be optimized and removed in the release mode. Therefore, potential attackers could still pass 0 as d to the function to trigger out-of-bound access at line 87. Please consider using assert! rather than debug_assert!.