ref: d422dd6009f3e48e13d5f7f162813537902e125c
parent: b3f3345764b0808a7a97b9c3a2a1888fd62383a0
author: Ben Harris <[email protected]>
date: Tue Jan 10 15:53:07 EST 2023
Last-ditch grid-size limit for Galaxies At least prevent integer overflow when constructing the grid.
--- a/galaxies.c
+++ b/galaxies.c
@@ -42,6 +42,7 @@
#include <string.h>
#include <assert.h>
#include <ctype.h>
+#include <limits.h>
#include <math.h>
#include "puzzles.h"
@@ -282,6 +283,10 @@
{
if (params->w < 3 || params->h < 3)
return "Width and height must both be at least 3";
+ if (params->w > INT_MAX / 2 || params->h > INT_MAX / 2 ||
+ params->w > (INT_MAX - params->w*2 - params->h*2 - 1) / 4 / params->h)
+ return "Width times height must not be unreasonably large";
+
/*
* This shouldn't be able to happen at all, since decode_params
* and custom_params will never generate anything that isn't