1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Wed, 11 Jan 2023 23:15:44 +0000
Subject: [PATCH 328/389] Integer overflow protection in Pattern
Origin: https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=dd00e9c532abc7517bd7ca72c8e4db91bb2da821
Bug-Debian: https://bugs.debian.org/1028986
Both for grid sizes and for clue values.
pattern.c | 6 ++++++
1 file changed, 6 insertions(+)
@@ -7,6 +7,7 @@
#include <string.h>
#include <assert.h>
#include <ctype.h>
+#include <limits.h>
#include <math.h>
#include "puzzles.h"
@@ -175,6 +176,9 @@ static const char *validate_params(const
{
if (params->w <= 0 || params->h <= 0)
return "Width and height must both be greater than zero";
+ if (params->w > INT_MAX - 1 || params->h > INT_MAX - 1 ||
+ params->w > INT_MAX / params->h)
+ return "Puzzle must not be unreasonably large";
return NULL;
}
@@ -908,6 +912,8 @@ static const char *validate_desc(const g
p = desc;
while (*desc && isdigit((unsigned char)*desc)) desc++;
n = atoi(p);
+ if (n > INT_MAX - 1)
+ return "at least one clue is grossly excessive";
rowspace -= n+1;
if (rowspace < 0) {
|
