gnugo-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnugo-devel] arraybound violation in 3.3.16


From: Gunnar Farneback
Subject: Re: [gnugo-devel] arraybound violation in 3.3.16
Date: Fri, 31 Jan 2003 17:15:39 +0100
User-agent: EMH/1.14.1 SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.3 Emacs/20.7 (sparc-sun-solaris2.7) (with unibyte mode)

Inge wrote:
> What happens if k < 8?  Looks to me like pos1 is undefined in that
> case and the test ON_BOARD(pos1) can give any random result.

Agreed.

Dan wrote:
> Since the board is convex and both pos2 and pos are on
> the board, and pos1 is half way between them, one's first
> impression is that if pos and pos2 are on the board so is
> pos1. But I guess that if pos is on the left or right
> edge, pos2 could be on the other side of the board.

Yes. What is more important though, is that if we are positioned on
the top edge, NORTH(NORTH(pos)) will not only be off the board but
also outside the valid indices for the board array. That's why we need
to first check that NORTH(pos) is on the board and then if
NORTH(NORTH(pos)) also is.

> So Inge is right and the function could be written something like:
> 
>    for (k = 0; k < 12; k++) {
>       int pos1, pos2;
>       if (k < 8) {
>         pos2 = pos + delta[k];
>       } else {
>         pos1 = pos + delta[k - 8];
>         pos2 = pos + 2 * delta[k - 8];
>       }
>       
>       if (ON_BOARD(pos2)
>         && (k < 8 || ON_BOARD(pos1))
>         && worm[pos2].color == color
>         && dragon[pos2].status != DEAD
>         && !disconnect(pos, pos2, NULL)) {
>            result = 1;
>            break;
>       }
>     }

This has the same potential for arraybound violations as the original
code. Below is a smaller patch which I believe is a proper fix.

/Gunnar

Index: engine/value_moves.c
===================================================================
RCS file: /cvsroot/gnugo/gnugo/engine/value_moves.c,v
retrieving revision 1.80
diff -u -r1.80 value_moves.c
--- engine/value_moves.c        28 Jan 2003 12:12:19 -0000      1.80
+++ engine/value_moves.c        31 Jan 2003 16:03:24 -0000
@@ -1302,8 +1302,10 @@
       int pos2;
       if (k < 8)
        pos2 = pos + delta[k];
-      else
+      else if (ON_BOARD(pos + delta[k - 8]))
        pos2 = pos + 2 * delta[k - 8];
+      else
+       continue;
       
       if (ON_BOARD(pos2)
          && worm[pos2].color == color




reply via email to

[Prev in Thread] Current Thread [Next in Thread]