zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-20 15:41:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Add validate_params bounds checks in a few more games.

Browse Source 
Ben tells me that his recent work in this area was entirely driven by
fuzzing: he added bounds checks in validate_params when the fuzzer had
managed to prove that the lack of them allowed something buggy to
happen.

It seemed worth doing an eyeball-review pass to complement that
strategy, so in this commit I've gone through and added a few more
checks that restrict the area of the grid to be less than INT_MAX.

Notable in this commit: cube.c had to do something complicated because
in the triangular-grid modes the area isn't calculated as easily as
w*h, and Range's existing check that w+h-1 < SCHAR_MAX is sufficient
to rule out w*h being overlarge _but_ should be done before w*h is
ever computed.
This commit is contained in:
Simon Tatham
2023-01-22 09:30:57 +00:00
parent 5cac6a09c4
commit b907e27875
6 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
range.c
View File

@ -911,8 +911,8 @@ static const char *validate_params(const game_params *params, bool full)
int const w = params->w, h = params->h;
if (w < 1) return "Error: width is less than 1";
if (h < 1) return "Error: height is less than 1";
if (w > SCHAR_MAX - (h - 1)) return "Error: w + h is too big";
if (w * h < 1) return "Error: size is less than 1";
if (w + h - 1 > SCHAR_MAX) return "Error: w + h is too big";
/* I might be unable to store clues in my puzzle_size *grid; */
if (full) {
if (w == 2 && h == 2) return "Error: can't create 2x2 puzzles";