zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-21 08:01:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Mosaic: reject game descriptions containing bad characters

Browse Source 
Only numbers and lower-case letters are allowed.  Without this
restriction, a buffer overrun is possible.

To demonstrate the problem, load this save file into a build of Mosaic
with AddressSanitizer:

SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME    :6:Mosaic
PARAMS  :7:8x8a0h1
CPARAMS :7:8x8a0h1
DESC    :41:b2c3b~~2a5c6e3a55c6a5a4244e0c3a64d4b4232b
NSTATES :1:1
STATEPOS:1:1
This commit is contained in:
Ben Harris
2023-01-07 20:56:48 +00:00
parent 5279fd24b2
commit a539f38efd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mosaic.c
View File

@ -840,7 +840,8 @@ static const char *validate_desc(const game_params *params,
while (*curr_desc != '\0') { while (*curr_desc != '\0') {
if (*curr_desc >= 'a' && *curr_desc <= 'z') { if (*curr_desc >= 'a' && *curr_desc <= 'z') {
length += *curr_desc - 'a'; length += *curr_desc - 'a';
} } else if (*curr_desc < '0' || *curr_desc >= '9')
return "Invalid character in game description";
length++; length++;
curr_desc++; curr_desc++;
} }