zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-21 16:05:44 -07:00
Code Issues Packages Projects Releases Wiki Activity

Net: assert that cx and cy are in range in compute_active()

Browse Source 
This avoids an out-of-range heap write shortly afterwards.  An assertion
failure is better than a buffer overrun, but still not ideal.  Fixing
the problem properly will require fairly wide-ranging changes, though.

The bug can be demonstrated by loading this save file into a build with
AddressSanitizer:

SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME    :3:Net
PARAMS  :4:5x5w
CPARAMS :4:5x5w
DESC    :25:9893e85285bb72e6de5182741
UI      :9:O0,0;C6,6
NSTATES :1:1
STATEPOS:1:1
This commit is contained in:
Ben Harris
2023-02-13 22:14:26 +00:00
parent d505f08f67
commit e411db788c
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net.c
View File

@ -1872,6 +1872,8 @@ static unsigned char *compute_active(const game_state *state, int cx, int cy)
active = snewn(state->width * state->height, unsigned char); active = snewn(state->width * state->height, unsigned char);
memset(active, 0, state->width * state->height); memset(active, 0, state->width * state->height);
assert(0 <= cx && cx < state->width);
assert(0 <= cy && cy < state->height);
/* /*
* We only store (x,y) pairs in todo, but it's easier to reuse * We only store (x,y) pairs in todo, but it's easier to reuse
* xyd_cmp and just store direction 0 every time. * xyd_cmp and just store direction 0 every time.