john/McRogueFace
1
0
Fork 0
Code Issues 26 Pull requests Projects Releases Wiki Activity

DijkstraMap pathfinding accepts out-of-bounds coords and aborts via TCOD assertion #311

New issue
Closed
opened 2026-04-11 21:22:16 +00:00 by john · 0 comments
john commented 2026-04-11 21:22:16 +00:00
Owner
Copy link

Found by: fuzz_pathfinding_behavior target (W9)

Summary

DijkstraMap::stepFrom at src/UIGridPathfinding.cpp:63 does not bounds-check its x/y arguments before forwarding them to TCOD_dijkstra_path_set. Out-of-range coordinates trigger TCOD's internal assertion, which calls abort() directly from C code at libtcod/path_c.c:600. This kills the interpreter with no recoverable Python exception.

Reproduction

Crash input preserved at:

tests/fuzz/crashes/pathfinding_behavior-crash-b7ea442fd31774b9b16c8ae99c728f609c8c25d8

W9's own verification run also predicted this finding before the fuzz suite landed, so this is a known hazard we now have a concrete crasher for.

Root Cause

// src/UIGridPathfinding.cpp:63 (DijkstraMap::stepFrom)
TCOD_dijkstra_path_set(..., x, y);  // x,y unchecked

Suggested Fix

Add bounds checks in the C++ layer before calling into TCOD. Raise ValueError / IndexError from the binding layer rather than aborting the process.

The same pattern almost certainly applies to sibling methods on DijkstraMap:

  • distance(x, y)
  • getPathFrom(x, y)

Audit all DijkstraMap entry points that take coordinates and apply consistent bounds validation.

Scope

Part of ongoing memory-safety / input-validation hardening driven by the fuzz suite. Grouping all DijkstraMap coordinate validation into this one issue since the fix is a single consistent pattern across methods.

**Found by:** `fuzz_pathfinding_behavior` target (W9) ## Summary `DijkstraMap::stepFrom` at `src/UIGridPathfinding.cpp:63` does not bounds-check its `x`/`y` arguments before forwarding them to `TCOD_dijkstra_path_set`. Out-of-range coordinates trigger TCOD's internal assertion, which calls `abort()` directly from C code at `libtcod/path_c.c:600`. This kills the interpreter with no recoverable Python exception. ## Reproduction Crash input preserved at: ``` tests/fuzz/crashes/pathfinding_behavior-crash-b7ea442fd31774b9b16c8ae99c728f609c8c25d8 ``` W9's own verification run also predicted this finding before the fuzz suite landed, so this is a known hazard we now have a concrete crasher for. ## Root Cause ```cpp // src/UIGridPathfinding.cpp:63 (DijkstraMap::stepFrom) TCOD_dijkstra_path_set(..., x, y); // x,y unchecked ``` ## Suggested Fix Add bounds checks in the C++ layer before calling into TCOD. Raise `ValueError` / `IndexError` from the binding layer rather than aborting the process. The same pattern almost certainly applies to sibling methods on `DijkstraMap`: - `distance(x, y)` - `getPathFrom(x, y)` Audit all DijkstraMap entry points that take coordinates and apply consistent bounds validation. ## Scope Part of ongoing memory-safety / input-validation hardening driven by the fuzz suite. Grouping all DijkstraMap coordinate validation into this one issue since the fix is a single consistent pattern across methods.
john closed this issue 2026-04-18 00:05:58 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
threedee
emscripten-mcrogueface
rogueliketutorial25
alpha_presentable
alpha_streamline_2
alpha_streamline_1
interpreter_mode
grid_entity_integration
reprs_and_member_names
break_up_ui_h
standardize_font_handling
standardize_vector_handling
standardize_color_handling
standardize_texture_handling
raii_pyobjects
rebase-for-7DRL_Feb-2024
engjam_uicollection
engjam_ui_overhaul
0.2.3-prerelease-7drl2026-emscripten
Labels
Clear labels   
Alpha Release Requirement

This issue is a blocker to 0.1 Alpha release of McRogueFace.

  
Bugfix

   
Demo Target

Functionality to demonstrate; Depends on new features, but this issue isn't for writing them.

  
Documentation

   
Major Feature

Significant time and effort required.

  
Minor Feature

Some effort required to create or overhaul functionality.

  
priority:tier1-active

Current development focus - critical path to v1.0

  
priority:tier2-foundation

Important foundation work - not blocking v1.0

  
priority:tier3-future

Future features - deferred until after v1.0

  
priority:tier4-deferred

   
Refactoring & Cleanup

no new functionality, just improving the codebase.

  
system:animation

Animation and property interpolation

  
system:documentation

Documentation infrastructure

  
system:grid

Grid system and spatial containers

  
system:input

Input handling and events

  
system:performance

Performance optimization and profiling

  
system:procgen

Procedural Generation (Noise, BSP, Heightmap)

  
system:python-binding

Python/C++ binding layer

  
system:rendering

Rendering pipeline and visuals

  
system:ui-hierarchy

UI component hierarchy and composition

  
Tiny Feature

quick and easy - a few lines or with little interconnection around the codebase

  
workflow:blocked

Blocked by other work - waiting on dependencies

  
workflow:needs-benchmark

Needs performance testing and benchmarks

  
workflow:needs-documentation

Needs documentation before or after implementation

No labels
Alpha Release Requirement
Bugfix
Demo Target
Documentation
Major Feature
Minor Feature
priority:tier1-active
priority:tier2-foundation
priority:tier3-future
priority:tier4-deferred
Refactoring & Cleanup
system:animation
system:documentation
system:grid
system:input
system:performance
system:procgen
system:python-binding
system:rendering
system:ui-hierarchy
Tiny Feature
workflow:blocked
workflow:needs-benchmark
workflow:needs-documentation
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
john/McRogueFace#311
No description provided.