simon-git: puzzles (main): Ben Harris

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Sun Jan 15 16:46:13 GMT 2023


TL;DR:
  c84af67 Guess: Don't allow any moves once the game is solved
  5279fd2 Guess: validate peg colours in decode_ui()
  a539f38 Mosaic: reject game descriptions containing bad characters
  1aded12 Netslide: Reject moves wider than the grid
  023ce75 Sixteen: limit length of moves
  a02c55b Undead: check for valid commands in execute_move()
  952ef8c Undead: fix buffer overrun in "M" command
  4845f3e Correct RANGECHECK macro in Black Box
  942d883 Range-check normal moves in Undead
  e5717d1 Range-check record lengths when deserialising games
  b3d4a41 Don't load too many states just because there's no STATEPOS
  21193ea Palisade: forbid moves that remove grid edges
  97484b0 Last-ditch maximum size limit for Bridges
  b3f3345 Last-ditch grid-size limit for Dominosa
  d422dd6 Last-ditch grid-size limit for Galaxies
  522588f Last-ditch grid-size limit for Fifteen
  26d0633 Last-ditch maximum size limit for Flip
  da220a7 Last-ditch grid-size limit for Flood
  d601925 Insist that Flood grids must have non-zero size
  98724b9 Last-ditch grid-size limit for Inertia
  fcda12f Last-ditch maximum size limit for Light Up
  d71bba1 Limit maximum grid size in Loopy
  261a956 Last-ditch maximum size limit for Magnets
  ed75535 Last-ditch maximum size limit for Map
  5cc9bfb Last-ditch maximum size limit for Mines
  9e2e069 Also check for tiny grids in Mines
  48e3452 Avoid integer overflow in Mosaic maximum-size check
  051357b Last-ditch maximum size limit for Net
  40ec3aa Last-ditch maximum size limit for Netslide
  dd00e9c Integer overflow protection in Pattern
  91c0fac Last-ditch maximum size limit for Palisade
  8a3fb82 Last-ditch maximum size limit for Pearl
  6e40605 Last-ditch maximum size limit for Pegs
  b090c82 Also limit Pegs to at least 1x1 even when not doing full validation
  d5ec275 Last-ditch maximum size limit for Same Game
  5c36e15 Last-ditch maximum size limit for Signpost
  91d96fa Last-ditch maximum size limit for Sixteen
  0799944 Limit size of puzzle in Tents to avoid integer overflow
  c53e0d3 Last-ditch maximum size limit for Tracks
  51dcf4a Last-ditch maximum size limit for Twiddle
  85ccdf2 Adjust Undead upper grid-size limit to avoid overflow
  d5b8a20 Last-ditch point-count limit for Untangle
  c2eedee Black Box: correct order of validation checks for "F" commands
  38cf195 Palisade: don't leak memory on a bad move
  e5d106e Don't allow negative clues in Pattern
  68f9fae When loading, don't decode_ui unless we have a UI
  e616d7a Mosaic: fault out-of-bounds moves in execute_move()
  0dbbd52 Palisade: remove assertion from decode_ui()
  8c5279c Same Game: reject moves with unexpected characters in
  a45f183 Explain what decode_ui() should do with invalid input
  8a06ff2 Filling: validate length of auto-solve move strings
  ba944f9 Tighten Bridges' validate_desc()
  d329019 Untangle: forbid descriptions that connect a node to itself
  5bd02f9 Mines: No moving once you're dead!
  15974d0 Towers: reject descriptions with odd characters at the end
  5782e29 Tracks: make sure moves are valid in execute_move()

Repository:     https://git.tartarus.org/simon/puzzles.git
On the web:     https://git.tartarus.org/?p=simon/puzzles.git
Branch updated: main
Committer:      Ben Harris <bjh21 at bjh21.me.uk>
Date:           2023-01-15 16:46:13

commit c84af670b52f09e9e47587584c0559c508d4a37d
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=c84af670b52f09e9e47587584c0559c508d4a37d;hp=09b16293865301543bd8db9e038b5608c44f2656
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 19:45:03 2023 +0000

    Guess: Don't allow any moves once the game is solved
    
    If the game is solved (either by a win or a loss), interpret_move()
    can never return a move, but execute_move() should also reject any
    moves in case we're loading a corrupt or malicious save file.
    Otherwise a save file with more guesses than the maximum allowed can
    cause a buffer overrun.
    
    This save file demonstrates the problem when loaded into a build of
    Puzzles with AddressSanitizer:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :5:Guess
    PARAMS  :9:c6p4g1Bm
    CPARAMS :9:c6p4g1Bm
    DESC    :8:b5f3faed
    NSTATES :1:3
    STATEPOS:1:3
    MOVE    :8:G1,1,2,2
    MOVE    :8:G4,3,1,1

 guess.c | 2 ++
 1 file changed, 2 insertions(+)

commit 5279fd24b2f4a51e760bfde873fe1d29547220a6
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5279fd24b2f4a51e760bfde873fe1d29547220a6;hp=c84af670b52f09e9e47587584c0559c508d4a37d
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 20:28:23 2023 +0000

    Guess: validate peg colours in decode_ui()
    
    Peg colours in the current guess must be within the range of colours
    for the current game, just as they must be for completed moves.
    Otherwise is_markable() can cause a buffer overrun.
    
    Since there's no way for decode_ui() to report an error, it just ignores
    the bad peg colours.  I've also added an assertion to catch this problem
    in is_markable().
    
    The following save file demonstrates the problem when loaded in a build
    with AddressSanitizer:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :5:Guess
    PARAMS  :9:c6p4g10Bm
    CPARAMS :9:c6p4g10Bm
    DESC    :8:2de917c0
    UI      :7:7,7,7,7
    NSTATES :1:1
    STATEPOS:1:1

 guess.c | 4 ++++
 1 file changed, 4 insertions(+)

commit a539f38efd0d821c8325846fc879a3e46d6412bf
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=a539f38efd0d821c8325846fc879a3e46d6412bf;hp=5279fd24b2f4a51e760bfde873fe1d29547220a6
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 20:56:48 2023 +0000

    Mosaic: reject game descriptions containing bad characters
    
    Only numbers and lower-case letters are allowed.  Without this
    restriction, a buffer overrun is possible.
    
    To demonstrate the problem, load this save file into a build of Mosaic
    with AddressSanitizer:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :6:Mosaic
    PARAMS  :7:8x8a0h1
    CPARAMS :7:8x8a0h1
    DESC    :41:b2c3b~~2a5c6e3a55c6a5a4244e0c3a64d4b4232b
    NSTATES :1:1
    STATEPOS:1:1

 mosaic.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

commit 1aded127eb3fb7194a1752d96bfba95a5b7fa4dc
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=1aded127eb3fb7194a1752d96bfba95a5b7fa4dc;hp=a539f38efd0d821c8325846fc879a3e46d6412bf
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 22:05:33 2023 +0000

    Netslide: Reject moves wider than the grid
    
    Also add a corresponding assertion to the underlying move primitive.
    Without this limit, long moves cause a buffer overrun.
    
    To demonstrate the problem, build Netslide with AddressSanitizer and
    load this save file:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :8:Netslide
    PARAMS  :3:4x4
    CPARAMS :3:4x4
    DESC    :16:49b59aca247714b4
    NSTATES :1:2
    STATEPOS:1:2
    MOVE    :5:R3,51

 netslide.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

commit 023ce7554c19dcf6f4432407b9eedb850acc7289
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=023ce7554c19dcf6f4432407b9eedb850acc7289;hp=1aded127eb3fb7194a1752d96bfba95a5b7fa4dc
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 23:06:13 2023 +0000

    Sixteen: limit length of moves
    
    The code that actually executes the moves can only cope with moves of
    at most the width (or height as appropriate) of the grid.  Reject any
    longer move, and for symmetry also negative moves of the same
    magnitude.
    
    Without this, the tile-moving code tends to access off the start of the
    tile array.  To demonstrate this, build Sixteen with AddressSanitizer
    and load this save file:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :7:Sixteen
    PARAMS  :3:4x4
    CPARAMS :3:4x4
    DESC    :38:2,16,3,10,13,8,7,4,9,14,12,11,15,1,5,6
    NSTATES :1:2
    STATEPOS:1:2
    MOVE    :4:C1,9

 sixteen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

commit a02c55b0492453ea7ca4e4ae63cb90ba4c93a3a5
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=a02c55b0492453ea7ca4e4ae63cb90ba4c93a3a5;hp=023ce7554c19dcf6f4432407b9eedb850acc7289
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 23:31:25 2023 +0000

    Undead: check for valid commands in execute_move()
    
    Previously, Undead's execute_move would go into a spin when it
    encountered an unexpected command character in a move string.  Now it
    rejects the move instead.

 undead.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

commit 952ef8ca565d803da1134466358bd85683a489a3
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=952ef8ca565d803da1134466358bd85683a489a3;hp=a02c55b0492453ea7ca4e4ae63cb90ba4c93a3a5
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 23:44:31 2023 +0000

    Undead: fix buffer overrun in "M" command
    
    The guessable squares are numbered up to num_total, not "wh".  The
    latter includes mirror squares that aren't included in the various
    arrays describing the game state.
    
    To reproduce the problem, build Undead with AddressSanitizer and press
    "M".

 undead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 4845f3e913a02417fe7a8d84c6407d40807ec0ec
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=4845f3e913a02417fe7a8d84c6407d40807ec0ec;hp=952ef8ca565d803da1134466358bd85683a489a3
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 10:05:12 2023 +0000

    Correct RANGECHECK macro in Black Box
    
    Lasers are numbered from 0 to nlasers-1 inclusive, so the upper limit
    should be "<", not "<=".

 blackbox.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 942d883d9bf86f4240dc7ec22b726d64f6db9af2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=942d883d9bf86f4240dc7ec22b726d64f6db9af2;hp=4845f3e913a02417fe7a8d84c6407d40807ec0ec
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 10:20:26 2023 +0000

    Range-check normal moves in Undead
    
    Normal moves shouldn't be allowed to write outside the board.  This
    buffer overrun can be demonstrated by building Undead with
    AddressSanitizer and loading this save file:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :6:Undead
    PARAMS  :5:4x4dn
    CPARAMS :5:4x4dn
    DESC    :48:5,0,5,cRRaLRcLRc,0,2,1,3,1,0,0,3,4,3,2,3,4,2,1,1
    NSTATES :1:2
    STATEPOS:1:2
    MOVE    :3:Z10

 undead.c | 2 ++
 1 file changed, 2 insertions(+)

commit e5717d1ba2184eb6e38b4e2a9d29dc4704aeef30
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=e5717d1ba2184eb6e38b4e2a9d29dc4704aeef30;hp=942d883d9bf86f4240dc7ec22b726d64f6db9af2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 11:31:36 2023 +0000

    Range-check record lengths when deserialising games
    
    "1999999999999999999999999999999999999999999999999999" as a record
    length should lead to an error, not a buffer overrun.
    
    (fun fact that was less obvious to me than it should have been: very
    large powers of ten are multiples of large powers of two, so that number
    is -1 mod 2^32)
    
    This bug can be demonstrated by building any puzzle with
    AddressSanitizer and then loading this save file:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1999999999999999999999999999999999999999999999999999:1

 midend.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

commit b3d4a4197954c21ac78b68c58dff8f84fe743ea2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=b3d4a4197954c21ac78b68c58dff8f84fe743ea2;hp=e5717d1ba2184eb6e38b4e2a9d29dc4704aeef30
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 19:32:08 2023 +0000

    Don't load too many states just because there's no STATEPOS
    
    If we start seeing state records in a save file (MOVE, SOLVE, or
    RESTART), we should already have seen STATEPOS, so emit an error if not.
    This avoids the situation where we overrun the end of the state array
    because we're continuing loading states in the hope a STATEPOS will come
    along.  I've also added an assertion that we're not overrunning the
    state array for added paranoia.
    
    An earlier version of this fix just removed the test for data.statepos
    at the head of the loop, but that's wrong for a file that only has the
    initial state.
    
    This bug can be demonstrated by building Bridges with AddressSanitizer
    and loading this save file:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :7:Bridges
    PARAMS  :13:7x7i30e10m2d0
    CPARAMS :13:7x7i30e10m2d0
    DESC    :24:a4b4a1g1a2a8a4a4m2b2b3e3
    NSTATES :1:2
    MOVE    :10:L1,0,4,0,1
    MOVE    :10:L1,0,4,0,2

 midend.c | 5 +++++
 1 file changed, 5 insertions(+)

commit 21193eaf9308ace41004a19180ff382ec6e8754b
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=21193eaf9308ace41004a19180ff382ec6e8754b;hp=b3d4a4197954c21ac78b68c58dff8f84fe743ea2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Thu Jan 12 20:55:56 2023 +0000

    Palisade: forbid moves that remove grid edges
    
    Without this check, a corrupt save file can include a move that
    removes an edge of the grid, and then is_solved() walks off the edge
    of the grid causing a buffer over- or under-run.
    
    To demonstrate the bug, load this save file in a build with
    AddressSanitizer:
    
    SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
    VERSION :1:1
    GAME    :8:Palisade
    PARAMS  :5:5x5n5
    CPARAMS :5:5x5n5
    DESC    :0:
    NSTATES :1:2
    STATEPOS:1:2
    MOVE    :6:F0,0,1

 palisade.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

commit 97484b098f33266f6c747c292c708281cb15a286
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=97484b098f33266f6c747c292c708281cb15a286;hp=21193eaf9308ace41004a19180ff382ec6e8754b
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:09:11 2023 +0000

    Last-ditch maximum size limit for Bridges
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 bridges.c | 3 +++
 1 file changed, 3 insertions(+)

commit b3f3345764b0808a7a97b9c3a2a1888fd62383a0
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=b3f3345764b0808a7a97b9c3a2a1888fd62383a0;hp=97484b098f33266f6c747c292c708281cb15a286
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Wed Jan 11 00:03:57 2023 +0000

    Last-ditch grid-size limit for Dominosa
    
    At least prevent integer overflow when constructing the grid.

 dominosa.c | 5 +++++
 1 file changed, 5 insertions(+)

commit d422dd6009f3e48e13d5f7f162813537902e125c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d422dd6009f3e48e13d5f7f162813537902e125c;hp=b3f3345764b0808a7a97b9c3a2a1888fd62383a0
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:53:07 2023 +0000

    Last-ditch grid-size limit for Galaxies
    
    At least prevent integer overflow when constructing the grid.

 galaxies.c | 5 +++++
 1 file changed, 5 insertions(+)

commit 522588f699b3c910c5a47f8b8185e69250665313
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=522588f699b3c910c5a47f8b8185e69250665313;hp=d422dd6009f3e48e13d5f7f162813537902e125c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 23:37:21 2023 +0000

    Last-ditch grid-size limit for Fifteen
    
    At least prevent integer overflow when constructing the grid.

 fifteen.c | 3 +++
 1 file changed, 3 insertions(+)

commit 26d0633f87ccdbaf7035e2e14d9dfbfd7f379527
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=26d0633f87ccdbaf7035e2e14d9dfbfd7f379527;hp=522588f699b3c910c5a47f8b8185e69250665313
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 11:07:14 2023 +0000

    Last-ditch maximum size limit for Flip
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.  Also in Flip's case that the square of the area still fits in
    an int.

 flip.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

commit da220a77d1793edd14144fd96584b7f461f06dfb
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=da220a77d1793edd14144fd96584b7f461f06dfb;hp=26d0633f87ccdbaf7035e2e14d9dfbfd7f379527
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 21:20:35 2023 +0000

    Last-ditch grid-size limit for Flood
    
    At least prevent integer overflow when constructing the grid.

 flood.c | 3 +++
 1 file changed, 3 insertions(+)

commit d60192531e3ee6b492151f6aa8edd481ebddcdf7
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d60192531e3ee6b492151f6aa8edd481ebddcdf7;hp=da220a77d1793edd14144fd96584b7f461f06dfb
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Wed Jan 11 09:35:51 2023 +0000

    Insist that Flood grids must have non-zero size

 flood.c | 2 ++
 1 file changed, 2 insertions(+)

commit 98724b90936c46e457234a0189bb09242fc727d1
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=98724b90936c46e457234a0189bb09242fc727d1;hp=d60192531e3ee6b492151f6aa8edd481ebddcdf7
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Wed Jan 11 00:04:59 2023 +0000

    Last-ditch grid-size limit for Inertia
    
    At least prevent integer overflow when constructing the grid.

 inertia.c | 3 +++
 1 file changed, 3 insertions(+)

commit fcda12f4b73e69841fd8957b8e33930c584093e5
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=fcda12f4b73e69841fd8957b8e33930c584093e5;hp=98724b90936c46e457234a0189bb09242fc727d1
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:31:10 2023 +0000

    Last-ditch maximum size limit for Light Up
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 lightup.c | 3 +++
 1 file changed, 3 insertions(+)

commit d71bba1a17d6b228e7dd8b437dccbd3f6bc4698c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d71bba1a17d6b228e7dd8b437dccbd3f6bc4698c;hp=fcda12f4b73e69841fd8957b8e33930c584093e5
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Wed Jan 11 23:11:46 2023 +0000

    Limit maximum grid size in Loopy
    
    Every grid shape has its own limit, so this involved adding a new
    interface between loopy.c and grid.c.  The limits are based on ensuring
    that the co-ordinate system of the grid doesn't overflow INT_MAX and
    neither do the lengths of the face and dot arrays.
    
    Though now I come to look at it I think the actual limits of grid.c are
    much lower.  Hmm.

 grid.c  | 206 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 grid.h  |   2 +
 loopy.c |   3 +
 3 files changed, 210 insertions(+), 1 deletion(-)

commit 261a9568faeeb7acc6e56bd67147917c5109ac8a
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=261a9568faeeb7acc6e56bd67147917c5109ac8a;hp=d71bba1a17d6b228e7dd8b437dccbd3f6bc4698c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Wed Jan 11 09:43:01 2023 +0000

    Last-ditch maximum size limit for Magnets
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 magnets.c | 3 +++
 1 file changed, 3 insertions(+)

commit ed75535fc24217c51f900d42385309c8c8b36cc3
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=ed75535fc24217c51f900d42385309c8c8b36cc3;hp=261a9568faeeb7acc6e56bd67147917c5109ac8a
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:19:02 2023 +0000

    Last-ditch maximum size limit for Map
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.  Also a similar check in decode_params when defaulting the
    number of regions.

 map.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

commit 5cc9bfb811854b66c4a570e8100b8a1aad037f0e
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5cc9bfb811854b66c4a570e8100b8a1aad037f0e;hp=ed75535fc24217c51f900d42385309c8c8b36cc3
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:20:36 2023 +0000

    Last-ditch maximum size limit for Mines
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.  Also a similar check in decode_params when defaulting the
    number of mines.

 mines.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

commit 9e2e0692ed087dbe0d5f4abbddf3aebd6a11b30e
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=9e2e0692ed087dbe0d5f4abbddf3aebd6a11b30e;hp=5cc9bfb811854b66c4a570e8100b8a1aad037f0e
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:22:57 2023 +0000

    Also check for tiny grids in Mines
    
    A zero-size grid isn't acceptable even if someone has generated it for
    us.

 mines.c | 2 ++
 1 file changed, 2 insertions(+)

commit 48e34522640e25a8186a1e133ac2c74041de3387
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=48e34522640e25a8186a1e133ac2c74041de3387;hp=9e2e0692ed087dbe0d5f4abbddf3aebd6a11b30e
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 21:12:46 2023 +0000

    Avoid integer overflow in Mosaic maximum-size check

 mosaic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 051357bb24c0f05c291d6f9e6b460839847923b4
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=051357bb24c0f05c291d6f9e6b460839847923b4;hp=48e34522640e25a8186a1e133ac2c74041de3387
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:24:49 2023 +0000

    Last-ditch maximum size limit for Net
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 net.c | 3 +++
 1 file changed, 3 insertions(+)

commit 40ec3aaf09824face187218f899494aef429a9c6
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=40ec3aaf09824face187218f899494aef429a9c6;hp=051357bb24c0f05c291d6f9e6b460839847923b4
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:25:52 2023 +0000

    Last-ditch maximum size limit for Netslide
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 netslide.c | 3 +++
 1 file changed, 3 insertions(+)

commit dd00e9c532abc7517bd7ca72c8e4db91bb2da821
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=dd00e9c532abc7517bd7ca72c8e4db91bb2da821;hp=40ec3aaf09824face187218f899494aef429a9c6
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Wed Jan 11 23:15:44 2023 +0000

    Integer overflow protection in Pattern
    
    Both for grid sizes and for clue values.

 pattern.c | 6 ++++++
 1 file changed, 6 insertions(+)

commit 91c0fac1dc98be2ecc074d83368df74f9f755641
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=91c0fac1dc98be2ecc074d83368df74f9f755641;hp=dd00e9c532abc7517bd7ca72c8e4db91bb2da821
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:28:09 2023 +0000

    Last-ditch maximum size limit for Palisade
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 palisade.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

commit 8a3fb82e230c5cf18b82f54687c2a56f53875a38
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=8a3fb82e230c5cf18b82f54687c2a56f53875a38;hp=91c0fac1dc98be2ecc074d83368df74f9f755641
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:39:57 2023 +0000

    Last-ditch maximum size limit for Pearl
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 pearl.c | 3 +++
 1 file changed, 3 insertions(+)

commit 6e40605f1ed4ecce400faae5b41c03995e7f862c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=6e40605f1ed4ecce400faae5b41c03995e7f862c;hp=8a3fb82e230c5cf18b82f54687c2a56f53875a38
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:30:48 2023 +0000

    Last-ditch maximum size limit for Pegs
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 pegs.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

commit b090c82df1527dcf348c96765f10ab5736c68c29
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=b090c82df1527dcf348c96765f10ab5736c68c29;hp=6e40605f1ed4ecce400faae5b41c03995e7f862c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 00:32:25 2023 +0000

    Also limit Pegs to at least 1x1 even when not doing full validation

 pegs.c | 2 ++
 1 file changed, 2 insertions(+)

commit d5ec2758ee3b7a8934475a1122813ad2312dc850
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d5ec2758ee3b7a8934475a1122813ad2312dc850;hp=b090c82df1527dcf348c96765f10ab5736c68c29
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 10:54:37 2023 +0000

    Last-ditch maximum size limit for Same Game
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 samegame.c | 3 +++
 1 file changed, 3 insertions(+)

commit 5c36e1536a05abf514b09476813cf71bc9dc1e31
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5c36e1536a05abf514b09476813cf71bc9dc1e31;hp=d5ec2758ee3b7a8934475a1122813ad2312dc850
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:41:24 2023 +0000

    Last-ditch maximum size limit for Signpost
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 signpost.c | 3 +++
 1 file changed, 3 insertions(+)

commit 91d96fa0bc133c8d967f3c4b01804e7773de8504
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=91d96fa0bc133c8d967f3c4b01804e7773de8504;hp=5c36e1536a05abf514b09476813cf71bc9dc1e31
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:24:59 2023 +0000

    Last-ditch maximum size limit for Sixteen
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 sixteen.c | 3 +++
 1 file changed, 3 insertions(+)

commit 07999443c24414602cf046fefc84d1d17b5afd69
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=07999443c24414602cf046fefc84d1d17b5afd69;hp=91d96fa0bc133c8d967f3c4b01804e7773de8504
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Thu Jan 12 14:34:14 2023 +0000

    Limit size of puzzle in Tents to avoid integer overflow

 tents.c | 3 +++
 1 file changed, 3 insertions(+)

commit c53e0d386793840ad84b8bbcb4760cfb2b6897d4
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=c53e0d386793840ad84b8bbcb4760cfb2b6897d4;hp=07999443c24414602cf046fefc84d1d17b5afd69
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:39:06 2023 +0000

    Last-ditch maximum size limit for Tracks
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 tracks.c | 3 +++
 1 file changed, 3 insertions(+)

commit 51dcf4add6e046568557cee2fa01975f14716889
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=51dcf4add6e046568557cee2fa01975f14716889;hp=c53e0d386793840ad84b8bbcb4760cfb2b6897d4
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:28:19 2023 +0000

    Last-ditch maximum size limit for Twiddle
    
    This makes sure that width * height <= INT_MAX, which it rather needs
    to be.

 twiddle.c | 3 +++
 1 file changed, 3 insertions(+)

commit 85ccdf2f75e3ea55d5e92d9790e50394e1bec089
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=85ccdf2f75e3ea55d5e92d9790e50394e1bec089;hp=51dcf4add6e046568557cee2fa01975f14716889
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:34:06 2023 +0000

    Adjust Undead upper grid-size limit to avoid overflow

 undead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit d5b8a20def7634d4df79800fe54d8e34c6353974
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d5b8a20def7634d4df79800fe54d8e34c6353974;hp=85ccdf2f75e3ea55d5e92d9790e50394e1bec089
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Tue Jan 10 20:46:24 2023 +0000

    Last-ditch point-count limit for Untangle
    
    Anything over INT_MAX/3 will cause an integer overflow, so put the
    limit there for now.

 untangle.c | 3 +++
 1 file changed, 3 insertions(+)

commit c2eedeedfe3c48f3f013fb1308f61d7ef94e8b2c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=c2eedeedfe3c48f3f013fb1308f61d7ef94e8b2c;hp=d5b8a20def7634d4df79800fe54d8e34c6353974
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 10:03:10 2023 +0000

    Black Box: correct order of validation checks for "F" commands
    
    It doesn't do much good to range-check an argument after using it as
    an array index.

 blackbox.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

commit 38cf1955e5861f67d385ede006c5b5d1701aca8d
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=38cf1955e5861f67d385ede006c5b5d1701aca8d;hp=c2eedeedfe3c48f3f013fb1308f61d7ef94e8b2c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Thu Jan 12 21:00:22 2023 +0000

    Palisade: don't leak memory on a bad move
    
    Invalid moves can turn up in corrupted save files, and puzzles
    shouldn't leak memory when failing to load a corrupted save file.

 palisade.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

commit e5d106eb279c12d2454802421e723873e4bae6c2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=e5d106eb279c12d2454802421e723873e4bae6c2;hp=38cf1955e5861f67d385ede006c5b5d1701aca8d
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Thu Jan 12 21:09:39 2023 +0000

    Don't allow negative clues in Pattern

 pattern.c | 2 ++
 1 file changed, 2 insertions(+)

commit 68f9fae973e2ffb6c0b9ed1e0761d3a0768455ad
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=68f9fae973e2ffb6c0b9ed1e0761d3a0768455ad;hp=e5d106eb279c12d2454802421e723873e4bae6c2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 19:06:51 2023 +0000

    When loading, don't decode_ui unless we have a UI
    
    If the save file doesn't have a UI line, it's not sensible to try to
    decode it.

 midend.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

commit e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803;hp=68f9fae973e2ffb6c0b9ed1e0761d3a0768455ad
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 20:33:42 2023 +0000

    Mosaic: fault out-of-bounds moves in execute_move()
    
    Returning NULL in this case is better than dereferencing it.

 mosaic.c | 8 ++++++++
 1 file changed, 8 insertions(+)

commit 0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b;hp=e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 22:29:17 2023 +0000

    Palisade: remove assertion from decode_ui()
    
    Other games tolerate receiving an encoded game_ui even if they can
    never generate one.  This is sensible, since it means that if a new
    version starts saving UI state, old versions can load save files
    generated by those newer versions.

 palisade.c | 1 -
 1 file changed, 1 deletion(-)

commit 8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca;hp=0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 23:24:39 2023 +0000

    Same Game: reject moves with unexpected characters in
    
    Previously if a move string starting with "M" contained anything else
    other than a digit or a comma, execute_move() would spin trying to
    parse it.  Now it returns NULL.

 samegame.c | 4 ++++
 1 file changed, 4 insertions(+)

commit a45f1830cf4af0fbaf2fad448f717a6458b48b24
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=a45f1830cf4af0fbaf2fad448f717a6458b48b24;hp=8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sat Jan 7 23:53:36 2023 +0000

    Explain what decode_ui() should do with invalid input
    
    It can't signal an error, but it's worth documenting that it can
    receive invalid input and should do what it can with it.  I assume
    that failing to decode game_ui data from a newer version generally
    won't be disastrous the way failing to decode a description or move
    string would be.

 devel.but | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

commit 8a06ff26fc6abd77a4b4a08b839943f588d92dcf
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=8a06ff26fc6abd77a4b4a08b839943f588d92dcf;hp=a45f1830cf4af0fbaf2fad448f717a6458b48b24
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 09:57:53 2023 +0000

    Filling: validate length of auto-solve move strings
    
    Without this, execute_move() can end up reading off the end of the
    move string, which isn't very friendly.  Also remove the comment
    saying that the move string doesn't have to be null-terminated,
    because now it does.

 filling.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

commit ba944f9f95238d0b820e63d9b6c2d83efc09b8a2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=ba944f9f95238d0b820e63d9b6c2d83efc09b8a2;hp=8a06ff26fc6abd77a4b4a08b839943f588d92dcf
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 10:42:45 2023 +0000

    Tighten Bridges' validate_desc()
    
    It allowed V, W, X, Y, H, I, J, and K to appear in game descriptions
    even though new_game() didn't ascribe any meaning to those letters and
    would fail an assertion if they ever occurred.  As far as I can tell,
    those letters have never done anything, so I've just removed the
    checks for them from validate_desc().

 bridges.c | 5 -----
 1 file changed, 5 deletions(-)

commit d3290195da55beae04d1bb86f811b6f8dd6b0663
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d3290195da55beae04d1bb86f811b6f8dd6b0663;hp=ba944f9f95238d0b820e63d9b6c2d83efc09b8a2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 12:34:57 2023 +0000

    Untangle: forbid descriptions that connect a node to itself
    
    These cause an assertion failure in new_game(), so they should be
    rejected by validate_desc().

 untangle.c | 2 ++
 1 file changed, 2 insertions(+)

commit 5bd02f982a878312065b4d81d05a90bc41a98c6c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5bd02f982a878312065b4d81d05a90bc41a98c6c;hp=d3290195da55beae04d1bb86f811b6f8dd6b0663
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Sun Jan 8 21:59:27 2023 +0000

    Mines: No moving once you're dead!
    
    If a Mines save file contains a move after the player has already
    died, this can lead to an assertion failure once there are more mines
    that covered squares.  Better to just reject any move after the
    player's died.

 mines.c | 3 +++
 1 file changed, 3 insertions(+)

commit 15974d06bbaad287382c6eeb8deb7c6f3a627278
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=15974d06bbaad287382c6eeb8deb7c6f3a627278;hp=5bd02f982a878312065b4d81d05a90bc41a98c6c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Mon Jan 9 15:07:24 2023 +0000

    Towers: reject descriptions with odd characters at the end
    
    Towers' new_game() causes an assertion failure on game description
    strings that contain spurious characters after a valid description, so
    validate_desc() should also refuse such a description.  The problem
    could be demonstrated by editing the game description in the
    "Specific" dialogue box to add a '!' at the end, which caused
    "new_game: Assertion `!*p' failed.".

 towers.c | 1 +
 1 file changed, 1 insertion(+)

commit 5782e29db43034574763b1d10c48486c3e95f0d2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5782e29db43034574763b1d10c48486c3e95f0d2;hp=15974d06bbaad287382c6eeb8deb7c6f3a627278
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date:   Mon Jan 9 20:24:15 2023 +0000

    Tracks: make sure moves are valid in execute_move()
    
    Tracks allowed moves in execute_move() that shouldn't have been allowed,
    like changing the state of the edges of the board.  This moves couldn't
    be generated by interpret_move(), but could be loaded from a save file.
    Now execute_move() uses the same ui_can_flip_*() functions as
    interpret_move() to decide whether a particular move is allowed.  This
    should prevent some assertion failures when loading corrupted save
    files.

 tracks.c | 4 ++++
 1 file changed, 4 insertions(+)



More information about the tartarus-commits mailing list