From 26d0633f87ccdbaf7035e2e14d9dfbfd7f379527 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Tue, 10 Jan 2023 11:07:14 +0000
Subject: [PATCH] Last-ditch maximum size limit for Flip

This makes sure that width * height <= INT_MAX, which it rather needs
to be.  Also in Flip's case that the square of the area still fits in
an int.
---
 flip.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/flip.c b/flip.c
index e6ff0a2..9486f19 100644
--- a/flip.c
+++ b/flip.c
@@ -8,6 +8,7 @@
 #include <string.h>
 #include <assert.h>
 #include <ctype.h>
+#include <limits.h>
 #include <math.h>
 
 #include "puzzles.h"
@@ -181,9 +182,16 @@ static game_params *custom_params(const config_item *cfg)
 
 static const char *validate_params(const game_params *params, bool full)
 {
+    int wh;
+
     if (params->w <= 0 || params->h <= 0)
         return "Width and height must both be greater than zero";
-    return NULL;
+    if (params->w > (INT_MAX - 3) / params->h)
+        return "Width times height must not be unreasonably large";
+    wh = params->w * params->h;
+    if (wh > (INT_MAX - 3) / wh)
+        return "Width times height is too large";    
+   return NULL;
 }
 
 static char *encode_bitmap(unsigned char *bmp, int len)