diff options
| author | Ben Harris <bjh21@bjh21.me.uk> | 2023-01-11 23:15:44 +0000 |
|---|---|---|
| committer | Ben Harris <bjh21@bjh21.me.uk> | 2023-01-15 16:24:27 +0000 |
| commit | dd00e9c532abc7517bd7ca72c8e4db91bb2da821 (patch) | |
| tree | a18e9e56bc555cf303937afdbe26d3dc99d95692 | |
| parent | 40ec3aaf09824face187218f899494aef429a9c6 (diff) | |
| download | puzzles-dd00e9c532abc7517bd7ca72c8e4db91bb2da821.zip puzzles-dd00e9c532abc7517bd7ca72c8e4db91bb2da821.tar.gz puzzles-dd00e9c532abc7517bd7ca72c8e4db91bb2da821.tar.bz2 puzzles-dd00e9c532abc7517bd7ca72c8e4db91bb2da821.tar.xz | |
Integer overflow protection in Pattern
Both for grid sizes and for clue values.
| -rw-r--r-- | pattern.c | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -7,6 +7,7 @@ #include <string.h> #include <assert.h> #include <ctype.h> +#include <limits.h> #include <math.h> #include "puzzles.h" @@ -177,6 +178,9 @@ static const char *validate_params(const game_params *params, bool full) { if (params->w <= 0 || params->h <= 0) return "Width and height must both be greater than zero"; + if (params->w > INT_MAX - 1 || params->h > INT_MAX - 1 || + params->w > INT_MAX / params->h) + return "Puzzle must not be unreasonably large"; return NULL; } @@ -909,6 +913,8 @@ static const char *validate_desc(const game_params *params, const char *desc) p = desc; while (*desc && isdigit((unsigned char)*desc)) desc++; n = atoi(p); + if (n > INT_MAX - 1) + return "at least one clue is grossly excessive"; rowspace -= n+1; if (rowspace < 0) { |