zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-20 23:51:29 -07:00
Code Issues Packages Projects Releases Wiki Activity

Add validate_params bounds checks in a few more games.

Browse Source 
Ben tells me that his recent work in this area was entirely driven by
fuzzing: he added bounds checks in validate_params when the fuzzer had
managed to prove that the lack of them allowed something buggy to
happen.

It seemed worth doing an eyeball-review pass to complement that
strategy, so in this commit I've gone through and added a few more
checks that restrict the area of the grid to be less than INT_MAX.

Notable in this commit: cube.c had to do something complicated because
in the triangular-grid modes the area isn't calculated as easily as
w*h, and Range's existing check that w+h-1 < SCHAR_MAX is sufficient
to rule out w*h being overlarge _but_ should be done before w*h is
ever computed.
This commit is contained in:
Simon Tatham
2023-01-22 09:30:57 +00:00
parent 5cac6a09c4
commit b907e27875
6 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
cube.c
View File

@ -542,12 +542,36 @@ static const char *validate_params(const game_params *params, bool full)
if (params->solid < 0 || params->solid >= lenof(solids))
return "Unrecognised solid type";
if (params->d1 < 0 || params->d2 < 0)
return "Grid dimensions may not be negative";
if (solids[params->solid]->order == 4) {
if (params->d1 <= 1 || params->d2 <= 1)
return "Both grid dimensions must be greater than one";
if (params->d2 > INT_MAX / params->d1)
return "Grid area must not be unreasonably large";
} else {
if (params->d1 <= 0 && params->d2 <= 0)
return "At least one grid dimension must be greater than zero";
/*
* Check whether d1^2 + d2^2 + 4 d1 d2 > INT_MAX, without overflow:
*
* First check d1^2 doesn't overflow by itself.
*
* Then check d2^2 doesn't exceed the remaining space between
* d1^2 and INT_MAX.
*
* If that's all OK then we know both d1 and d2 are
* individually less than the square root of INT_MAX, so we
* can safely multiply them and compare against the
* _remaining_ space.
*/
if ((params->d1 > INT_MAX / params->d1) ||
(params->d2 > (INT_MAX - params->d1*params->d1) / params->d2) ||
(params->d1*params->d2 > (INT_MAX - params->d1*params->d1 -
params->d2*params->d2) / params->d2))
return "Grid area must not be unreasonably large";
}
for (i = 0; i < 4; i++)