ref: ed75535fc24217c51f900d42385309c8c8b36cc3
parent: 261a9568faeeb7acc6e56bd67147917c5109ac8a
author: Ben Harris <[email protected]>
date: Mon Jan 9 19:19:02 EST 2023
Last-ditch maximum size limit for Map This makes sure that width * height <= INT_MAX, which it rather needs to be. Also a similar check in decode_params when defaulting the number of regions.
--- a/map.c
+++ b/map.c
@@ -14,6 +14,7 @@
#include <string.h>
#include <assert.h>
#include <ctype.h>
+#include <limits.h>
#include <math.h>
#include "puzzles.h"
@@ -180,7 +181,9 @@
params->n = atoi(p);
while (*p && (*p == '.' || isdigit((unsigned char)*p))) p++;
} else {
- params->n = params->w * params->h / 8;
+ if (params->h > 0 && params->w > 0 &&
+ params->w <= INT_MAX / params->h)
+ params->n = params->w * params->h / 8;
}
if (*p == 'd') {
int i;
@@ -252,6 +255,8 @@
{
if (params->w < 2 || params->h < 2)
return "Width and height must be at least two";
+ if (params->w > INT_MAX / params->h)
+ return "Width times height must not be unreasonably large";
if (params->n < 5)
return "Must have at least five regions";
if (params->n > params->w * params->h)