From b907e278751b740da7b9dc00c0cbdb93e7498919 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 22 Jan 2023 09:30:57 +0000 Subject: Add validate_params bounds checks in a few more games. Ben tells me that his recent work in this area was entirely driven by fuzzing: he added bounds checks in validate_params when the fuzzer had managed to prove that the lack of them allowed something buggy to happen. It seemed worth doing an eyeball-review pass to complement that strategy, so in this commit I've gone through and added a few more checks that restrict the area of the grid to be less than INT_MAX. Notable in this commit: cube.c had to do something complicated because in the triangular-grid modes the area isn't calculated as easily as w*h, and Range's existing check that w+h-1 < SCHAR_MAX is sufficient to rule out w*h being overlarge _but_ should be done before w*h is ever computed. --- unruly.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'unruly.c') diff --git a/unruly.c b/unruly.c index 7a5512e..0a9403e 100644 --- a/unruly.c +++ b/unruly.c @@ -286,6 +286,8 @@ static const char *validate_params(const game_params *params, bool full) return "Width and height must both be even"; if (params->w2 < 6 || params->h2 < 6) return "Width and height must be at least 6"; + if (params->w2 > INT_MAX / params->h2) + return "Width times height must not be unreasonably large"; if (params->unique) { static const long A177790[] = { /* -- cgit v1.1