shithub: puzzles

Download patch

ref: dd00e9c532abc7517bd7ca72c8e4db91bb2da821
parent: 40ec3aaf09824face187218f899494aef429a9c6
author: Ben Harris <[email protected]>
date: Wed Jan 11 18:15:44 EST 2023

Integer overflow protection in Pattern

Both for grid sizes and for clue values.

--- a/pattern.c
+++ b/pattern.c
@@ -7,6 +7,7 @@
 #include <string.h>
 #include <assert.h>
 #include <ctype.h>
+#include <limits.h>
 #include <math.h>
 
 #include "puzzles.h"
@@ -177,6 +178,9 @@
 {
     if (params->w <= 0 || params->h <= 0)
 	return "Width and height must both be greater than zero";
+    if (params->w > INT_MAX - 1 || params->h > INT_MAX - 1 ||
+        params->w > INT_MAX / params->h)
+        return "Puzzle must not be unreasonably large";
     return NULL;
 }
 
@@ -909,6 +913,8 @@
                 p = desc;
                 while (*desc && isdigit((unsigned char)*desc)) desc++;
                 n = atoi(p);
+                if (n > INT_MAX - 1)
+                    return "at least one clue is grossly excessive";
                 rowspace -= n+1;
 
                 if (rowspace < 0) {