ref: df783b93e3271264a8d54f90876f41a80ef2247d
parent: da2767a3f9bf4abb0436157972366202ad53a407
author: Ben Harris <bjh21@bjh21.me.uk>
date: Sun Feb 12 19:14:22 EST 2023
Avoid division by zero in Cube grid-size checks On a triangular grid, Cube allows either d1 or d2 (but not both) to be zero, so it's important to check that each one is not zero before dividing by it. The crash could be triggered by, for instance "cube t0x2".
--- a/cube.c
+++ b/cube.c
@@ -567,9 +567,11 @@
* can safely multiply them and compare against the
* _remaining_ space.
*/
- if ((params->d1 > INT_MAX / params->d1) ||
- (params->d2 > (INT_MAX - params->d1*params->d1) / params->d2) ||
- (params->d1*params->d2 > (INT_MAX - params->d1*params->d1 -
+ if ((params->d1 > 0 && params->d1 > INT_MAX / params->d1) ||
+ (params->d2 > 0 &&
+ params->d2 > (INT_MAX - params->d1*params->d1) / params->d2) ||
+ (params->d2 > 0 &&
+ params->d1*params->d2 > (INT_MAX - params->d1*params->d1 -
params->d2*params->d2) / params->d2))
return "Grid area must not be unreasonably large";
}