ref: dd00e9c532abc7517bd7ca72c8e4db91bb2da821
parent: 40ec3aaf09824face187218f899494aef429a9c6
author: Ben Harris <bjh21@bjh21.me.uk>
date: Wed Jan 11 18:15:44 EST 2023
Integer overflow protection in Pattern Both for grid sizes and for clue values.
--- a/pattern.c
+++ b/pattern.c
@@ -7,6 +7,7 @@
#include <string.h>
#include <assert.h>
#include <ctype.h>
+#include <limits.h>
#include <math.h>
#include "puzzles.h"
@@ -177,6 +178,9 @@
{if (params->w <= 0 || params->h <= 0)
return "Width and height must both be greater than zero";
+ if (params->w > INT_MAX - 1 || params->h > INT_MAX - 1 ||
+ params->w > INT_MAX / params->h)
+ return "Puzzle must not be unreasonably large";
return NULL;
}
@@ -909,6 +913,8 @@
p = desc;
while (*desc && isdigit((unsigned char)*desc)) desc++;
n = atoi(p);
+ if (n > INT_MAX - 1)
+ return "at least one clue is grossly excessive";
rowspace -= n+1;
if (rowspace < 0) {