From 4807938df9720bc26acc2b73bbf8d1c06ec97a7c Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Tue, 1 Apr 2025 22:03:44 +0200
Subject: ReadV1GameFmt: guard num half moves

---
 FICS/gamedb.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/FICS/gamedb.c b/FICS/gamedb.c
index 2293ba7..ce0842c 100644
--- a/FICS/gamedb.c
+++ b/FICS/gamedb.c
@@ -47,6 +47,7 @@
 
 #include <err.h>
 #include <errno.h>
+#include <limits.h>
 
 #include "command.h"
 #include "config.h"
@@ -1320,6 +1321,12 @@ ReadV1GameFmt(game *g, FILE *fp, const char *file, int version)
 	if (ret[0] != 4 || ret[1] != 1) {
 		warnx("%s: fscanf error: %s", __func__, file);
 		return -1;
+	} else if (g->numHalfMoves < 0 || (size_t)g->numHalfMoves >
+	    INT_MAX / sizeof(move_t)) {
+		warnx("%s: warning: num half moves out-of-bounds (%d)",
+		    __func__,
+		    g->numHalfMoves);
+		return -1;
 	}
 
 	if (ReadV1Moves(g, fp) != 0) {
-- 
cgit v1.2.3