fix buffer overflows found by fuzzer

panstromek · panstromek · commit f80f86623ae1 · 2022-02-20T18:56:04.000+01:00
diff --git a/midgame.c b/midgame.c
@@ -1366,7 +1366,7 @@ middle_game( int side_to_move, int max_depth,
 
     /* Update the stored scores */
 
-    if ( (!stage_reached[base_stage + depth] || full_length_line) &&
+    if ((base_stage + depth > 0 && base_stage + depth < 62) && (!stage_reached[base_stage + depth] || full_length_line) &&
 	 update_evals ) {
       stage_reached[base_stage + depth] = TRUE;
       if ( side_to_move == BLACKSQ )
@@ -1378,7 +1378,7 @@ middle_game( int side_to_move, int max_depth,
     /* Adjust the eval for oscillations odd/even by simply averaging the
        last two stages (if they are available). */
 
-    if ( stage_reached[base_stage + depth] &&
+    if ((base_stage + depth > 0 && base_stage + depth < 62) && stage_reached[base_stage + depth] &&
 	 stage_reached[base_stage + depth - 1] && update_evals ) {
       if ( side_to_move == BLACKSQ )
 	adjusted_val = (stage_score[base_stage + depth] +
diff --git a/search.c b/search.c
@@ -99,7 +99,7 @@ void
 inherit_move_lists( int stage ) {
   int i;
   int last;
-    if(stage >= 61) {
+    if(stage >= 61 || stage < 0) {
         return;
     }
   if ( list_inherited[stage] )
