1 files changed, 48 insertions, 22 deletions

diff --git a/FICS/gamedb.c b/FICS/gamedb.c
index a34fd89..2656447 100644
--- a/FICS/gamedb.c
+++ b/FICS/gamedb.c
@@ -39,6 +39,10 @@
    Markus Uhlin			25/03/18	Fixed unchecked return values
    Markus Uhlin			25/03/25	ReadGameState: fixed truncated
 						stdio return value.
+   Markus Uhlin			25/04/01	Fixed call of risky function
+   Markus Uhlin			25/04/01	ReadV1GameFmt: guard num half
+						moves.
+   Markus Uhlin			25/04/06	Fixed Clang Tidy warnings.
 */
 
 #include "stdinclude.h"
@@ -46,6 +50,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <limits.h>
 
 #include "command.h"
 #include "config.h"
@@ -1063,10 +1068,16 @@ got_attr_value(int g, char *attr, char *value, FILE *fp, char *file)
 	} else if (!strcmp(attr, "type:")) {
 		garray[g].type = atoi(value);
 	} else if (!strcmp(attr, "halfmoves:")) {
-		garray[g].numHalfMoves = atoi(value);
-
-		if (garray[g].numHalfMoves == 0)
+		if ((garray[g].numHalfMoves = atoi(value)) == 0)
 			return 0;
+		else if (garray[g].numHalfMoves < 0 ||
+		    (size_t)garray[g].numHalfMoves > INT_MAX / sizeof(move_t)) {
+			warnx("%s: num half moves out-of-bounds (%d)", __func__,
+			    garray[g].numHalfMoves);
+			return -1;
+		} else {
+			/* null */;
+		}
 
 		garray[g].moveListSize = garray[g].numHalfMoves;
 		garray[g].moveList = reallocarray(NULL, sizeof(move_t),
@@ -1271,8 +1282,10 @@ ReadV1GameFmt(game *g, FILE *fp, const char *file, int version)
 	_Static_assert(17 < ARRAY_SIZE(g->black_name), "Unexpected array size");
 
 	ret[0] = fscanf(fp, "%17s %17s", g->white_name, g->black_name);
-	ret[1] = fscanf(fp, "%d %d", &g->white_rating, &g->black_rating);
-	ret[2] = fscanf(fp, "%d %d %d %d",
+	ret[1] = fscanf(fp, "%d %d", // NOLINT
+	    &g->white_rating,
+	    &g->black_rating);
+	ret[2] = fscanf(fp, "%d %d %d %d", // NOLINT
 	    &g->wInitTime,
 	    &g->wIncrement,
 	    &g->bInitTime,
@@ -1315,10 +1328,16 @@ ReadV1GameFmt(game *g, FILE *fp, const char *file, int version)
 
 	ret[0] = fscanf(fp, "%d %d %d %d", &g->private, &g->type, &g->rated,
 	    &g->clockStopped);
-	ret[1] = fscanf(fp, "%d", &g->numHalfMoves);
+	ret[1] = fscanf(fp, "%d", &g->numHalfMoves); // NOLINT
 	if (ret[0] != 4 || ret[1] != 1) {
 		warnx("%s: fscanf error: %s", __func__, file);
 		return -1;
+	} else if (g->numHalfMoves < 0 || (size_t)g->numHalfMoves >
+	    INT_MAX / sizeof(move_t)) {
+		warnx("%s: warning: num half moves out-of-bounds (%d)",
+		    __func__,
+		    g->numHalfMoves);
+		return -1;
 	}
 
 	if (ReadV1Moves(g, fp) != 0) {
@@ -1629,10 +1648,9 @@ RemoveHistGame(char *file, int maxlines)
 	char		 Opponent[MAX_LOGIN_NAME + 1] = { '\0' };
 	char		 line[MAX_LINE_SIZE] = { '\0' };
 	int		 count = 0;
-	long int	 When, oppWhen;
+	long int	 When = 0, oppWhen = 0;
 
 	_Static_assert(20 < ARRAY_SIZE(Opponent), "Not within bounds");
-	When = oppWhen = 0;
 
 	if ((fp = fopen(file, "r")) == NULL) {
 		return;
@@ -1844,38 +1862,46 @@ write_g_out(int g, char *file, int maxlines, int isDraw, char *EndSymbol,
  * Find from_spot in journal list - return 0 if corrupted
  */
 PUBLIC int
-journal_get_info(int p, char from_spot, char *WhiteName, int *WhiteRating,
-    char *BlackName, int *BlackRating, char *type, int *t, int *i, char *eco,
-    char *ending, char *result, char *fname)
+journal_get_info(struct JGI_context *ctx, const char *fname)
 {
 	FILE	*fp;
 	char	 count;
 
 	if ((fp = fopen(fname, "r")) == NULL) {
 		fprintf(stderr, "Corrupt journal file! %s\n", fname);
-		pprintf(p, "The journal file is corrupt! See an admin.\n");
+		pprintf(ctx->p, "The journal file is corrupt! See an admin.\n");
 		return 0;
 	}
 
 	while (!feof(fp)) {
-		if (fscanf(fp, "%c %s %d %s %d %s %d %d %s %s %s\n",
+		_Static_assert(ARRAY_SIZE(ctx->WhiteName) > 20,
+		    "'WhiteName' too small");
+		_Static_assert(ARRAY_SIZE(ctx->BlackName) > 20,
+		    "'BlackName' too small");
+
+		_Static_assert(ARRAY_SIZE(ctx->type) > 99,   "'type' too small");
+		_Static_assert(ARRAY_SIZE(ctx->eco) > 99,    "'eco' too small");
+		_Static_assert(ARRAY_SIZE(ctx->ending) > 99, "'ending' too small");
+		_Static_assert(ARRAY_SIZE(ctx->result) > 99, "'result' too small");
+
+		if (fscanf(fp, "%c %20s %d %20s %d %99s %d %d %99s %99s %99s\n",
 		    &count,
-		    WhiteName, &(*WhiteRating),
-		    BlackName, &(*BlackRating),
-		    type,
-		    &(*t), &(*i),
-		    eco,
-		    ending,
-		    result) != 11) {
+		    ctx->WhiteName, &ctx->WhiteRating,
+		    ctx->BlackName, &ctx->BlackRating,
+		    ctx->type,
+		    &ctx->t, &ctx->i,
+		    ctx->eco,
+		    ctx->ending,
+		    ctx->result) != 11) {
 			fprintf(stderr, "FICS: Error in journal info format. "
 			    "%s\n", fname);
-			pprintf(p, "The journal file is corrupt! Error in "
+			pprintf(ctx->p, "The journal file is corrupt! Error in "
 			    "internal format.\n");
 			fclose(fp);
 			return 0;
 		}
 
-		if (tolower(count) == from_spot) {
+		if (tolower(count) == ctx->from_spot) {
 			fclose(fp);
 			return 1;
 		}