ReadV1GameFmt: guard num half moves

author: Markus Uhlin <markus@nifty-networks.net> 2025-04-01 22:03:44 +0200
committer: Markus Uhlin <markus@nifty-networks.net> 2025-04-01 22:03:44 +0200
commit: 4807938df9720bc26acc2b73bbf8d1c06ec97a7c (patch)
tree: 0719b0dfcec6e4deb45bfc802bea8d63b4637e36 /FICS
parent: 69288653367a0311b402ec73b4f2a7a9ee7a710b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/FICS/gamedb.c b/FICS/gamedb.c
index 2293ba7..ce0842c 100644
--- a/FICS/gamedb.c
+++ b/FICS/gamedb.c
@@ -47,6 +47,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <limits.h>
 
 #include "command.h"
 #include "config.h"
@@ -1320,6 +1321,12 @@ ReadV1GameFmt(game *g, FILE *fp, const char *file, int version)
 	if (ret[0] != 4 || ret[1] != 1) {
 		warnx("%s: fscanf error: %s", __func__, file);
 		return -1;
+	} else if (g->numHalfMoves < 0 || (size_t)g->numHalfMoves >
+	    INT_MAX / sizeof(move_t)) {
+		warnx("%s: warning: num half moves out-of-bounds (%d)",
+		    __func__,
+		    g->numHalfMoves);
+		return -1;
 	}
 
 	if (ReadV1Moves(g, fp) != 0) {
author	Markus Uhlin <markus@nifty-networks.net>	2025-04-01 22:03:44 +0200
committer	Markus Uhlin <markus@nifty-networks.net>	2025-04-01 22:03:44 +0200
commit	4807938df9720bc26acc2b73bbf8d1c06ec97a7c (patch)
tree	0719b0dfcec6e4deb45bfc802bea8d63b4637e36 /FICS
parent	69288653367a0311b402ec73b4f2a7a9ee7a710b (diff)