ref: b907e278751b740da7b9dc00c0cbdb93e7498919
parent: 5cac6a09c4db2b7e05c3e8dfd8920e2cdd1b8b03
author: Simon Tatham <anakin@pobox.com>
date: Sun Jan 22 04:30:57 EST 2023
Add validate_params bounds checks in a few more games. Ben tells me that his recent work in this area was entirely driven by fuzzing: he added bounds checks in validate_params when the fuzzer had managed to prove that the lack of them allowed something buggy to happen. It seemed worth doing an eyeball-review pass to complement that strategy, so in this commit I've gone through and added a few more checks that restrict the area of the grid to be less than INT_MAX. Notable in this commit: cube.c had to do something complicated because in the triangular-grid modes the area isn't calculated as easily as w*h, and Range's existing check that w+h-1 < SCHAR_MAX is sufficient to rule out w*h being overlarge _but_ should be done before w*h is ever computed.