simon-git: puzzles (main): Ben Harris
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sun Jan 15 16:46:13 GMT 2023
TL;DR:
c84af67 Guess: Don't allow any moves once the game is solved
5279fd2 Guess: validate peg colours in decode_ui()
a539f38 Mosaic: reject game descriptions containing bad characters
1aded12 Netslide: Reject moves wider than the grid
023ce75 Sixteen: limit length of moves
a02c55b Undead: check for valid commands in execute_move()
952ef8c Undead: fix buffer overrun in "M" command
4845f3e Correct RANGECHECK macro in Black Box
942d883 Range-check normal moves in Undead
e5717d1 Range-check record lengths when deserialising games
b3d4a41 Don't load too many states just because there's no STATEPOS
21193ea Palisade: forbid moves that remove grid edges
97484b0 Last-ditch maximum size limit for Bridges
b3f3345 Last-ditch grid-size limit for Dominosa
d422dd6 Last-ditch grid-size limit for Galaxies
522588f Last-ditch grid-size limit for Fifteen
26d0633 Last-ditch maximum size limit for Flip
da220a7 Last-ditch grid-size limit for Flood
d601925 Insist that Flood grids must have non-zero size
98724b9 Last-ditch grid-size limit for Inertia
fcda12f Last-ditch maximum size limit for Light Up
d71bba1 Limit maximum grid size in Loopy
261a956 Last-ditch maximum size limit for Magnets
ed75535 Last-ditch maximum size limit for Map
5cc9bfb Last-ditch maximum size limit for Mines
9e2e069 Also check for tiny grids in Mines
48e3452 Avoid integer overflow in Mosaic maximum-size check
051357b Last-ditch maximum size limit for Net
40ec3aa Last-ditch maximum size limit for Netslide
dd00e9c Integer overflow protection in Pattern
91c0fac Last-ditch maximum size limit for Palisade
8a3fb82 Last-ditch maximum size limit for Pearl
6e40605 Last-ditch maximum size limit for Pegs
b090c82 Also limit Pegs to at least 1x1 even when not doing full validation
d5ec275 Last-ditch maximum size limit for Same Game
5c36e15 Last-ditch maximum size limit for Signpost
91d96fa Last-ditch maximum size limit for Sixteen
0799944 Limit size of puzzle in Tents to avoid integer overflow
c53e0d3 Last-ditch maximum size limit for Tracks
51dcf4a Last-ditch maximum size limit for Twiddle
85ccdf2 Adjust Undead upper grid-size limit to avoid overflow
d5b8a20 Last-ditch point-count limit for Untangle
c2eedee Black Box: correct order of validation checks for "F" commands
38cf195 Palisade: don't leak memory on a bad move
e5d106e Don't allow negative clues in Pattern
68f9fae When loading, don't decode_ui unless we have a UI
e616d7a Mosaic: fault out-of-bounds moves in execute_move()
0dbbd52 Palisade: remove assertion from decode_ui()
8c5279c Same Game: reject moves with unexpected characters in
a45f183 Explain what decode_ui() should do with invalid input
8a06ff2 Filling: validate length of auto-solve move strings
ba944f9 Tighten Bridges' validate_desc()
d329019 Untangle: forbid descriptions that connect a node to itself
5bd02f9 Mines: No moving once you're dead!
15974d0 Towers: reject descriptions with odd characters at the end
5782e29 Tracks: make sure moves are valid in execute_move()
Repository: https://git.tartarus.org/simon/puzzles.git
On the web: https://git.tartarus.org/?p=simon/puzzles.git
Branch updated: main
Committer: Ben Harris <bjh21 at bjh21.me.uk>
Date: 2023-01-15 16:46:13
commit c84af670b52f09e9e47587584c0559c508d4a37d
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=c84af670b52f09e9e47587584c0559c508d4a37d;hp=09b16293865301543bd8db9e038b5608c44f2656
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 19:45:03 2023 +0000
Guess: Don't allow any moves once the game is solved
If the game is solved (either by a win or a loss), interpret_move()
can never return a move, but execute_move() should also reject any
moves in case we're loading a corrupt or malicious save file.
Otherwise a save file with more guesses than the maximum allowed can
cause a buffer overrun.
This save file demonstrates the problem when loaded into a build of
Puzzles with AddressSanitizer:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :5:Guess
PARAMS :9:c6p4g1Bm
CPARAMS :9:c6p4g1Bm
DESC :8:b5f3faed
NSTATES :1:3
STATEPOS:1:3
MOVE :8:G1,1,2,2
MOVE :8:G4,3,1,1
guess.c | 2 ++
1 file changed, 2 insertions(+)
commit 5279fd24b2f4a51e760bfde873fe1d29547220a6
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5279fd24b2f4a51e760bfde873fe1d29547220a6;hp=c84af670b52f09e9e47587584c0559c508d4a37d
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 20:28:23 2023 +0000
Guess: validate peg colours in decode_ui()
Peg colours in the current guess must be within the range of colours
for the current game, just as they must be for completed moves.
Otherwise is_markable() can cause a buffer overrun.
Since there's no way for decode_ui() to report an error, it just ignores
the bad peg colours. I've also added an assertion to catch this problem
in is_markable().
The following save file demonstrates the problem when loaded in a build
with AddressSanitizer:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :5:Guess
PARAMS :9:c6p4g10Bm
CPARAMS :9:c6p4g10Bm
DESC :8:2de917c0
UI :7:7,7,7,7
NSTATES :1:1
STATEPOS:1:1
guess.c | 4 ++++
1 file changed, 4 insertions(+)
commit a539f38efd0d821c8325846fc879a3e46d6412bf
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=a539f38efd0d821c8325846fc879a3e46d6412bf;hp=5279fd24b2f4a51e760bfde873fe1d29547220a6
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 20:56:48 2023 +0000
Mosaic: reject game descriptions containing bad characters
Only numbers and lower-case letters are allowed. Without this
restriction, a buffer overrun is possible.
To demonstrate the problem, load this save file into a build of Mosaic
with AddressSanitizer:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :6:Mosaic
PARAMS :7:8x8a0h1
CPARAMS :7:8x8a0h1
DESC :41:b2c3b~~2a5c6e3a55c6a5a4244e0c3a64d4b4232b
NSTATES :1:1
STATEPOS:1:1
mosaic.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit 1aded127eb3fb7194a1752d96bfba95a5b7fa4dc
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=1aded127eb3fb7194a1752d96bfba95a5b7fa4dc;hp=a539f38efd0d821c8325846fc879a3e46d6412bf
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 22:05:33 2023 +0000
Netslide: Reject moves wider than the grid
Also add a corresponding assertion to the underlying move primitive.
Without this limit, long moves cause a buffer overrun.
To demonstrate the problem, build Netslide with AddressSanitizer and
load this save file:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :8:Netslide
PARAMS :3:4x4
CPARAMS :3:4x4
DESC :16:49b59aca247714b4
NSTATES :1:2
STATEPOS:1:2
MOVE :5:R3,51
netslide.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
commit 023ce7554c19dcf6f4432407b9eedb850acc7289
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=023ce7554c19dcf6f4432407b9eedb850acc7289;hp=1aded127eb3fb7194a1752d96bfba95a5b7fa4dc
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 23:06:13 2023 +0000
Sixteen: limit length of moves
The code that actually executes the moves can only cope with moves of
at most the width (or height as appropriate) of the grid. Reject any
longer move, and for symmetry also negative moves of the same
magnitude.
Without this, the tile-moving code tends to access off the start of the
tile array. To demonstrate this, build Sixteen with AddressSanitizer
and load this save file:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :7:Sixteen
PARAMS :3:4x4
CPARAMS :3:4x4
DESC :38:2,16,3,10,13,8,7,4,9,14,12,11,15,1,5,6
NSTATES :1:2
STATEPOS:1:2
MOVE :4:C1,9
sixteen.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit a02c55b0492453ea7ca4e4ae63cb90ba4c93a3a5
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=a02c55b0492453ea7ca4e4ae63cb90ba4c93a3a5;hp=023ce7554c19dcf6f4432407b9eedb850acc7289
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 23:31:25 2023 +0000
Undead: check for valid commands in execute_move()
Previously, Undead's execute_move would go into a spin when it
encountered an unexpected command character in a move string. Now it
rejects the move instead.
undead.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
commit 952ef8ca565d803da1134466358bd85683a489a3
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=952ef8ca565d803da1134466358bd85683a489a3;hp=a02c55b0492453ea7ca4e4ae63cb90ba4c93a3a5
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 23:44:31 2023 +0000
Undead: fix buffer overrun in "M" command
The guessable squares are numbered up to num_total, not "wh". The
latter includes mirror squares that aren't included in the various
arrays describing the game state.
To reproduce the problem, build Undead with AddressSanitizer and press
"M".
undead.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 4845f3e913a02417fe7a8d84c6407d40807ec0ec
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=4845f3e913a02417fe7a8d84c6407d40807ec0ec;hp=952ef8ca565d803da1134466358bd85683a489a3
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 10:05:12 2023 +0000
Correct RANGECHECK macro in Black Box
Lasers are numbered from 0 to nlasers-1 inclusive, so the upper limit
should be "<", not "<=".
blackbox.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 942d883d9bf86f4240dc7ec22b726d64f6db9af2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=942d883d9bf86f4240dc7ec22b726d64f6db9af2;hp=4845f3e913a02417fe7a8d84c6407d40807ec0ec
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 10:20:26 2023 +0000
Range-check normal moves in Undead
Normal moves shouldn't be allowed to write outside the board. This
buffer overrun can be demonstrated by building Undead with
AddressSanitizer and loading this save file:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :6:Undead
PARAMS :5:4x4dn
CPARAMS :5:4x4dn
DESC :48:5,0,5,cRRaLRcLRc,0,2,1,3,1,0,0,3,4,3,2,3,4,2,1,1
NSTATES :1:2
STATEPOS:1:2
MOVE :3:Z10
undead.c | 2 ++
1 file changed, 2 insertions(+)
commit e5717d1ba2184eb6e38b4e2a9d29dc4704aeef30
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=e5717d1ba2184eb6e38b4e2a9d29dc4704aeef30;hp=942d883d9bf86f4240dc7ec22b726d64f6db9af2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 11:31:36 2023 +0000
Range-check record lengths when deserialising games
"1999999999999999999999999999999999999999999999999999" as a record
length should lead to an error, not a buffer overrun.
(fun fact that was less obvious to me than it should have been: very
large powers of ten are multiples of large powers of two, so that number
is -1 mod 2^32)
This bug can be demonstrated by building any puzzle with
AddressSanitizer and then loading this save file:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1999999999999999999999999999999999999999999999999999:1
midend.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit b3d4a4197954c21ac78b68c58dff8f84fe743ea2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=b3d4a4197954c21ac78b68c58dff8f84fe743ea2;hp=e5717d1ba2184eb6e38b4e2a9d29dc4704aeef30
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 19:32:08 2023 +0000
Don't load too many states just because there's no STATEPOS
If we start seeing state records in a save file (MOVE, SOLVE, or
RESTART), we should already have seen STATEPOS, so emit an error if not.
This avoids the situation where we overrun the end of the state array
because we're continuing loading states in the hope a STATEPOS will come
along. I've also added an assertion that we're not overrunning the
state array for added paranoia.
An earlier version of this fix just removed the test for data.statepos
at the head of the loop, but that's wrong for a file that only has the
initial state.
This bug can be demonstrated by building Bridges with AddressSanitizer
and loading this save file:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :7:Bridges
PARAMS :13:7x7i30e10m2d0
CPARAMS :13:7x7i30e10m2d0
DESC :24:a4b4a1g1a2a8a4a4m2b2b3e3
NSTATES :1:2
MOVE :10:L1,0,4,0,1
MOVE :10:L1,0,4,0,2
midend.c | 5 +++++
1 file changed, 5 insertions(+)
commit 21193eaf9308ace41004a19180ff382ec6e8754b
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=21193eaf9308ace41004a19180ff382ec6e8754b;hp=b3d4a4197954c21ac78b68c58dff8f84fe743ea2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Thu Jan 12 20:55:56 2023 +0000
Palisade: forbid moves that remove grid edges
Without this check, a corrupt save file can include a move that
removes an edge of the grid, and then is_solved() walks off the edge
of the grid causing a buffer over- or under-run.
To demonstrate the bug, load this save file in a build with
AddressSanitizer:
SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME :8:Palisade
PARAMS :5:5x5n5
CPARAMS :5:5x5n5
DESC :0:
NSTATES :1:2
STATEPOS:1:2
MOVE :6:F0,0,1
palisade.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
commit 97484b098f33266f6c747c292c708281cb15a286
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=97484b098f33266f6c747c292c708281cb15a286;hp=21193eaf9308ace41004a19180ff382ec6e8754b
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:09:11 2023 +0000
Last-ditch maximum size limit for Bridges
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
bridges.c | 3 +++
1 file changed, 3 insertions(+)
commit b3f3345764b0808a7a97b9c3a2a1888fd62383a0
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=b3f3345764b0808a7a97b9c3a2a1888fd62383a0;hp=97484b098f33266f6c747c292c708281cb15a286
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Wed Jan 11 00:03:57 2023 +0000
Last-ditch grid-size limit for Dominosa
At least prevent integer overflow when constructing the grid.
dominosa.c | 5 +++++
1 file changed, 5 insertions(+)
commit d422dd6009f3e48e13d5f7f162813537902e125c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d422dd6009f3e48e13d5f7f162813537902e125c;hp=b3f3345764b0808a7a97b9c3a2a1888fd62383a0
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:53:07 2023 +0000
Last-ditch grid-size limit for Galaxies
At least prevent integer overflow when constructing the grid.
galaxies.c | 5 +++++
1 file changed, 5 insertions(+)
commit 522588f699b3c910c5a47f8b8185e69250665313
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=522588f699b3c910c5a47f8b8185e69250665313;hp=d422dd6009f3e48e13d5f7f162813537902e125c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 23:37:21 2023 +0000
Last-ditch grid-size limit for Fifteen
At least prevent integer overflow when constructing the grid.
fifteen.c | 3 +++
1 file changed, 3 insertions(+)
commit 26d0633f87ccdbaf7035e2e14d9dfbfd7f379527
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=26d0633f87ccdbaf7035e2e14d9dfbfd7f379527;hp=522588f699b3c910c5a47f8b8185e69250665313
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 11:07:14 2023 +0000
Last-ditch maximum size limit for Flip
This makes sure that width * height <= INT_MAX, which it rather needs
to be. Also in Flip's case that the square of the area still fits in
an int.
flip.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
commit da220a77d1793edd14144fd96584b7f461f06dfb
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=da220a77d1793edd14144fd96584b7f461f06dfb;hp=26d0633f87ccdbaf7035e2e14d9dfbfd7f379527
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 21:20:35 2023 +0000
Last-ditch grid-size limit for Flood
At least prevent integer overflow when constructing the grid.
flood.c | 3 +++
1 file changed, 3 insertions(+)
commit d60192531e3ee6b492151f6aa8edd481ebddcdf7
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d60192531e3ee6b492151f6aa8edd481ebddcdf7;hp=da220a77d1793edd14144fd96584b7f461f06dfb
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Wed Jan 11 09:35:51 2023 +0000
Insist that Flood grids must have non-zero size
flood.c | 2 ++
1 file changed, 2 insertions(+)
commit 98724b90936c46e457234a0189bb09242fc727d1
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=98724b90936c46e457234a0189bb09242fc727d1;hp=d60192531e3ee6b492151f6aa8edd481ebddcdf7
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Wed Jan 11 00:04:59 2023 +0000
Last-ditch grid-size limit for Inertia
At least prevent integer overflow when constructing the grid.
inertia.c | 3 +++
1 file changed, 3 insertions(+)
commit fcda12f4b73e69841fd8957b8e33930c584093e5
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=fcda12f4b73e69841fd8957b8e33930c584093e5;hp=98724b90936c46e457234a0189bb09242fc727d1
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:31:10 2023 +0000
Last-ditch maximum size limit for Light Up
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
lightup.c | 3 +++
1 file changed, 3 insertions(+)
commit d71bba1a17d6b228e7dd8b437dccbd3f6bc4698c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d71bba1a17d6b228e7dd8b437dccbd3f6bc4698c;hp=fcda12f4b73e69841fd8957b8e33930c584093e5
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Wed Jan 11 23:11:46 2023 +0000
Limit maximum grid size in Loopy
Every grid shape has its own limit, so this involved adding a new
interface between loopy.c and grid.c. The limits are based on ensuring
that the co-ordinate system of the grid doesn't overflow INT_MAX and
neither do the lengths of the face and dot arrays.
Though now I come to look at it I think the actual limits of grid.c are
much lower. Hmm.
grid.c | 206 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
grid.h | 2 +
loopy.c | 3 +
3 files changed, 210 insertions(+), 1 deletion(-)
commit 261a9568faeeb7acc6e56bd67147917c5109ac8a
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=261a9568faeeb7acc6e56bd67147917c5109ac8a;hp=d71bba1a17d6b228e7dd8b437dccbd3f6bc4698c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Wed Jan 11 09:43:01 2023 +0000
Last-ditch maximum size limit for Magnets
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
magnets.c | 3 +++
1 file changed, 3 insertions(+)
commit ed75535fc24217c51f900d42385309c8c8b36cc3
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=ed75535fc24217c51f900d42385309c8c8b36cc3;hp=261a9568faeeb7acc6e56bd67147917c5109ac8a
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:19:02 2023 +0000
Last-ditch maximum size limit for Map
This makes sure that width * height <= INT_MAX, which it rather needs
to be. Also a similar check in decode_params when defaulting the
number of regions.
map.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit 5cc9bfb811854b66c4a570e8100b8a1aad037f0e
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5cc9bfb811854b66c4a570e8100b8a1aad037f0e;hp=ed75535fc24217c51f900d42385309c8c8b36cc3
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:20:36 2023 +0000
Last-ditch maximum size limit for Mines
This makes sure that width * height <= INT_MAX, which it rather needs
to be. Also a similar check in decode_params when defaulting the
number of mines.
mines.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit 9e2e0692ed087dbe0d5f4abbddf3aebd6a11b30e
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=9e2e0692ed087dbe0d5f4abbddf3aebd6a11b30e;hp=5cc9bfb811854b66c4a570e8100b8a1aad037f0e
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:22:57 2023 +0000
Also check for tiny grids in Mines
A zero-size grid isn't acceptable even if someone has generated it for
us.
mines.c | 2 ++
1 file changed, 2 insertions(+)
commit 48e34522640e25a8186a1e133ac2c74041de3387
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=48e34522640e25a8186a1e133ac2c74041de3387;hp=9e2e0692ed087dbe0d5f4abbddf3aebd6a11b30e
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 21:12:46 2023 +0000
Avoid integer overflow in Mosaic maximum-size check
mosaic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit 051357bb24c0f05c291d6f9e6b460839847923b4
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=051357bb24c0f05c291d6f9e6b460839847923b4;hp=48e34522640e25a8186a1e133ac2c74041de3387
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:24:49 2023 +0000
Last-ditch maximum size limit for Net
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
net.c | 3 +++
1 file changed, 3 insertions(+)
commit 40ec3aaf09824face187218f899494aef429a9c6
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=40ec3aaf09824face187218f899494aef429a9c6;hp=051357bb24c0f05c291d6f9e6b460839847923b4
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:25:52 2023 +0000
Last-ditch maximum size limit for Netslide
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
netslide.c | 3 +++
1 file changed, 3 insertions(+)
commit dd00e9c532abc7517bd7ca72c8e4db91bb2da821
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=dd00e9c532abc7517bd7ca72c8e4db91bb2da821;hp=40ec3aaf09824face187218f899494aef429a9c6
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Wed Jan 11 23:15:44 2023 +0000
Integer overflow protection in Pattern
Both for grid sizes and for clue values.
pattern.c | 6 ++++++
1 file changed, 6 insertions(+)
commit 91c0fac1dc98be2ecc074d83368df74f9f755641
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=91c0fac1dc98be2ecc074d83368df74f9f755641;hp=dd00e9c532abc7517bd7ca72c8e4db91bb2da821
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:28:09 2023 +0000
Last-ditch maximum size limit for Palisade
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
palisade.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
commit 8a3fb82e230c5cf18b82f54687c2a56f53875a38
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=8a3fb82e230c5cf18b82f54687c2a56f53875a38;hp=91c0fac1dc98be2ecc074d83368df74f9f755641
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:39:57 2023 +0000
Last-ditch maximum size limit for Pearl
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
pearl.c | 3 +++
1 file changed, 3 insertions(+)
commit 6e40605f1ed4ecce400faae5b41c03995e7f862c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=6e40605f1ed4ecce400faae5b41c03995e7f862c;hp=8a3fb82e230c5cf18b82f54687c2a56f53875a38
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:30:48 2023 +0000
Last-ditch maximum size limit for Pegs
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
pegs.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
commit b090c82df1527dcf348c96765f10ab5736c68c29
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=b090c82df1527dcf348c96765f10ab5736c68c29;hp=6e40605f1ed4ecce400faae5b41c03995e7f862c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 00:32:25 2023 +0000
Also limit Pegs to at least 1x1 even when not doing full validation
pegs.c | 2 ++
1 file changed, 2 insertions(+)
commit d5ec2758ee3b7a8934475a1122813ad2312dc850
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d5ec2758ee3b7a8934475a1122813ad2312dc850;hp=b090c82df1527dcf348c96765f10ab5736c68c29
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 10:54:37 2023 +0000
Last-ditch maximum size limit for Same Game
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
samegame.c | 3 +++
1 file changed, 3 insertions(+)
commit 5c36e1536a05abf514b09476813cf71bc9dc1e31
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5c36e1536a05abf514b09476813cf71bc9dc1e31;hp=d5ec2758ee3b7a8934475a1122813ad2312dc850
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:41:24 2023 +0000
Last-ditch maximum size limit for Signpost
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
signpost.c | 3 +++
1 file changed, 3 insertions(+)
commit 91d96fa0bc133c8d967f3c4b01804e7773de8504
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=91d96fa0bc133c8d967f3c4b01804e7773de8504;hp=5c36e1536a05abf514b09476813cf71bc9dc1e31
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:24:59 2023 +0000
Last-ditch maximum size limit for Sixteen
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
sixteen.c | 3 +++
1 file changed, 3 insertions(+)
commit 07999443c24414602cf046fefc84d1d17b5afd69
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=07999443c24414602cf046fefc84d1d17b5afd69;hp=91d96fa0bc133c8d967f3c4b01804e7773de8504
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Thu Jan 12 14:34:14 2023 +0000
Limit size of puzzle in Tents to avoid integer overflow
tents.c | 3 +++
1 file changed, 3 insertions(+)
commit c53e0d386793840ad84b8bbcb4760cfb2b6897d4
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=c53e0d386793840ad84b8bbcb4760cfb2b6897d4;hp=07999443c24414602cf046fefc84d1d17b5afd69
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:39:06 2023 +0000
Last-ditch maximum size limit for Tracks
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
tracks.c | 3 +++
1 file changed, 3 insertions(+)
commit 51dcf4add6e046568557cee2fa01975f14716889
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=51dcf4add6e046568557cee2fa01975f14716889;hp=c53e0d386793840ad84b8bbcb4760cfb2b6897d4
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:28:19 2023 +0000
Last-ditch maximum size limit for Twiddle
This makes sure that width * height <= INT_MAX, which it rather needs
to be.
twiddle.c | 3 +++
1 file changed, 3 insertions(+)
commit 85ccdf2f75e3ea55d5e92d9790e50394e1bec089
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=85ccdf2f75e3ea55d5e92d9790e50394e1bec089;hp=51dcf4add6e046568557cee2fa01975f14716889
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:34:06 2023 +0000
Adjust Undead upper grid-size limit to avoid overflow
undead.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
commit d5b8a20def7634d4df79800fe54d8e34c6353974
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d5b8a20def7634d4df79800fe54d8e34c6353974;hp=85ccdf2f75e3ea55d5e92d9790e50394e1bec089
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Tue Jan 10 20:46:24 2023 +0000
Last-ditch point-count limit for Untangle
Anything over INT_MAX/3 will cause an integer overflow, so put the
limit there for now.
untangle.c | 3 +++
1 file changed, 3 insertions(+)
commit c2eedeedfe3c48f3f013fb1308f61d7ef94e8b2c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=c2eedeedfe3c48f3f013fb1308f61d7ef94e8b2c;hp=d5b8a20def7634d4df79800fe54d8e34c6353974
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 10:03:10 2023 +0000
Black Box: correct order of validation checks for "F" commands
It doesn't do much good to range-check an argument after using it as
an array index.
blackbox.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
commit 38cf1955e5861f67d385ede006c5b5d1701aca8d
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=38cf1955e5861f67d385ede006c5b5d1701aca8d;hp=c2eedeedfe3c48f3f013fb1308f61d7ef94e8b2c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Thu Jan 12 21:00:22 2023 +0000
Palisade: don't leak memory on a bad move
Invalid moves can turn up in corrupted save files, and puzzles
shouldn't leak memory when failing to load a corrupted save file.
palisade.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
commit e5d106eb279c12d2454802421e723873e4bae6c2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=e5d106eb279c12d2454802421e723873e4bae6c2;hp=38cf1955e5861f67d385ede006c5b5d1701aca8d
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Thu Jan 12 21:09:39 2023 +0000
Don't allow negative clues in Pattern
pattern.c | 2 ++
1 file changed, 2 insertions(+)
commit 68f9fae973e2ffb6c0b9ed1e0761d3a0768455ad
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=68f9fae973e2ffb6c0b9ed1e0761d3a0768455ad;hp=e5d106eb279c12d2454802421e723873e4bae6c2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 19:06:51 2023 +0000
When loading, don't decode_ui unless we have a UI
If the save file doesn't have a UI line, it's not sensible to try to
decode it.
midend.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
commit e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803;hp=68f9fae973e2ffb6c0b9ed1e0761d3a0768455ad
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 20:33:42 2023 +0000
Mosaic: fault out-of-bounds moves in execute_move()
Returning NULL in this case is better than dereferencing it.
mosaic.c | 8 ++++++++
1 file changed, 8 insertions(+)
commit 0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b;hp=e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 22:29:17 2023 +0000
Palisade: remove assertion from decode_ui()
Other games tolerate receiving an encoded game_ui even if they can
never generate one. This is sensible, since it means that if a new
version starts saving UI state, old versions can load save files
generated by those newer versions.
palisade.c | 1 -
1 file changed, 1 deletion(-)
commit 8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca;hp=0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 23:24:39 2023 +0000
Same Game: reject moves with unexpected characters in
Previously if a move string starting with "M" contained anything else
other than a digit or a comma, execute_move() would spin trying to
parse it. Now it returns NULL.
samegame.c | 4 ++++
1 file changed, 4 insertions(+)
commit a45f1830cf4af0fbaf2fad448f717a6458b48b24
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=a45f1830cf4af0fbaf2fad448f717a6458b48b24;hp=8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sat Jan 7 23:53:36 2023 +0000
Explain what decode_ui() should do with invalid input
It can't signal an error, but it's worth documenting that it can
receive invalid input and should do what it can with it. I assume
that failing to decode game_ui data from a newer version generally
won't be disastrous the way failing to decode a description or move
string would be.
devel.but | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
commit 8a06ff26fc6abd77a4b4a08b839943f588d92dcf
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=8a06ff26fc6abd77a4b4a08b839943f588d92dcf;hp=a45f1830cf4af0fbaf2fad448f717a6458b48b24
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 09:57:53 2023 +0000
Filling: validate length of auto-solve move strings
Without this, execute_move() can end up reading off the end of the
move string, which isn't very friendly. Also remove the comment
saying that the move string doesn't have to be null-terminated,
because now it does.
filling.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
commit ba944f9f95238d0b820e63d9b6c2d83efc09b8a2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=ba944f9f95238d0b820e63d9b6c2d83efc09b8a2;hp=8a06ff26fc6abd77a4b4a08b839943f588d92dcf
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 10:42:45 2023 +0000
Tighten Bridges' validate_desc()
It allowed V, W, X, Y, H, I, J, and K to appear in game descriptions
even though new_game() didn't ascribe any meaning to those letters and
would fail an assertion if they ever occurred. As far as I can tell,
those letters have never done anything, so I've just removed the
checks for them from validate_desc().
bridges.c | 5 -----
1 file changed, 5 deletions(-)
commit d3290195da55beae04d1bb86f811b6f8dd6b0663
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=d3290195da55beae04d1bb86f811b6f8dd6b0663;hp=ba944f9f95238d0b820e63d9b6c2d83efc09b8a2
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 12:34:57 2023 +0000
Untangle: forbid descriptions that connect a node to itself
These cause an assertion failure in new_game(), so they should be
rejected by validate_desc().
untangle.c | 2 ++
1 file changed, 2 insertions(+)
commit 5bd02f982a878312065b4d81d05a90bc41a98c6c
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5bd02f982a878312065b4d81d05a90bc41a98c6c;hp=d3290195da55beae04d1bb86f811b6f8dd6b0663
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Sun Jan 8 21:59:27 2023 +0000
Mines: No moving once you're dead!
If a Mines save file contains a move after the player has already
died, this can lead to an assertion failure once there are more mines
that covered squares. Better to just reject any move after the
player's died.
mines.c | 3 +++
1 file changed, 3 insertions(+)
commit 15974d06bbaad287382c6eeb8deb7c6f3a627278
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=15974d06bbaad287382c6eeb8deb7c6f3a627278;hp=5bd02f982a878312065b4d81d05a90bc41a98c6c
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Mon Jan 9 15:07:24 2023 +0000
Towers: reject descriptions with odd characters at the end
Towers' new_game() causes an assertion failure on game description
strings that contain spurious characters after a valid description, so
validate_desc() should also refuse such a description. The problem
could be demonstrated by editing the game description in the
"Specific" dialogue box to add a '!' at the end, which caused
"new_game: Assertion `!*p' failed.".
towers.c | 1 +
1 file changed, 1 insertion(+)
commit 5782e29db43034574763b1d10c48486c3e95f0d2
web diff https://git.tartarus.org/?p=simon/puzzles.git;a=commitdiff;h=5782e29db43034574763b1d10c48486c3e95f0d2;hp=15974d06bbaad287382c6eeb8deb7c6f3a627278
Author: Ben Harris <bjh21 at bjh21.me.uk>
Date: Mon Jan 9 20:24:15 2023 +0000
Tracks: make sure moves are valid in execute_move()
Tracks allowed moves in execute_move() that shouldn't have been allowed,
like changing the state of the edges of the board. This moves couldn't
be generated by interpret_move(), but could be loaded from a save file.
Now execute_move() uses the same ui_can_flip_*() functions as
interpret_move() to decide whether a particular move is allowed. This
should prevent some assertion failures when loading corrupted save
files.
tracks.c | 4 ++++
1 file changed, 4 insertions(+)
More information about the tartarus-commits
mailing list