If after 'moves' there is a space then we crash.
The problem is that operator>>() trims whitespaces so that
after 'moves' has been extract we are still not at eof()
but remaining string contains only spaces. So that the next
extarction operation uip >> token ends up with unchanged token
value that remains 'moves', this garbage value is then feeded
to RootPosition.do_move() through move_from_string() that does
not detect the invalid move value leading to a crash.
This bug is triggered by Shredder 12 interface under Mac that
puts a space after 'moves' without any actual move list.
Bug fixed by Justin Blanchard
After reviewing UCI parsing code I spotted other possible weak
points due to the fact that we don't test if the last extract
operation has been succesful. So I have extended Justing patch
to fix the remaining possible holes in uci.cpp
No functional change.
Signed-off-by: Marco Costalba <mcostalba@gmail.com>
UCIInputParser uip(command);
string token;
UCIInputParser uip(command);
string token;
- uip >> token; // operator>>() skips any whitespace
+ if (!(uip >> token)) // operator>>() skips any whitespace
+ return true;
if (token == "quit")
return false;
if (token == "quit")
return false;
else if (token == "perft")
perft(uip);
else
else if (token == "perft")
perft(uip);
else
cout << "Unknown command: " << command << endl;
cout << "Unknown command: " << command << endl;
- while (!uip.eof())
- {
- uip >> token;
- cout << token << endl;
- }
- }
- uip >> token; // operator>>() skips any whitespace
+ if (!(uip >> token)) // operator>>() skips any whitespace
+ return;
if (token == "startpos")
RootPosition.from_fen(StartPosition);
else if (token == "fen")
{
string fen;
if (token == "startpos")
RootPosition.from_fen(StartPosition);
else if (token == "fen")
{
string fen;
- while (token != "moves" && !uip.eof())
+ while (uip >> token && token != "moves")
fen += token;
fen += ' ';
}
RootPosition.from_fen(fen);
}
fen += token;
fen += ' ';
}
RootPosition.from_fen(fen);
}
{
if (token != "moves")
uip >> token;
{
if (token != "moves")
uip >> token;
if (token == "moves")
{
Move move;
StateInfo st;
if (token == "moves")
{
Move move;
StateInfo st;
move = move_from_string(RootPosition, token);
RootPosition.do_move(move, st);
if (RootPosition.rule_50_counter() == 0)
move = move_from_string(RootPosition, token);
RootPosition.do_move(move, st);
if (RootPosition.rule_50_counter() == 0)
- uip >> token;
- if (token == "name")
- {
- uip >> name;
- while (!uip.eof())
- {
- uip >> token;
- if (token == "value")
- break;
+ if (!(uip >> token)) // operator>>() skips any whitespace
+ return;
+ if (token == "name" && uip >> name)
+ {
+ while (uip >> token && token != "value")
if (token == "value")
{
// Reads until end of line and left trim white space
if (token == "value")
{
// Reads until end of line and left trim white space
searchMoves[0] = MOVE_NONE;
searchMoves[0] = MOVE_NONE;
if (token == "infinite")
infinite = true;
else if (token == "ponder")
if (token == "infinite")
infinite = true;
else if (token == "ponder")
int depth, tm, n;
Position pos = RootPosition;
int depth, tm, n;
Position pos = RootPosition;
tm = get_system_time();
n = perft(pos, depth * OnePly);
tm = get_system_time();
n = perft(pos, depth * OnePly);