I really can't understand how people can be so proud on crashing engines and the associated security risk that they even mark it as "won't fix". As if basic string parsing cost Elo or were that much work to implement.
I have dedicated years of my life to making a good chess engine.
I hope that users can dedicate 1 minute to send proper input to it.
#WeAreAllDraude #JusticeForDraude #RememberDraude #LeptirBigUltra "Those who can't do, clone instead" - Eduard ( A real life friend, not this forum's Eduard )
AndrewGrant wrote: ↑Tue Aug 21, 2018 6:23 pm
I have dedicated years of my life to making a good chess engine.
I hope that users can dedicate 1 minute to send proper input to it.
Well, the problem is not about (good) users spending few time on sending proper input but about bad users (hackers) spending a little more time on preparing special input that may let them execute their own code via your engine.
This is of course not your problem and I must admit that my own engine also doesn't test fen input but it may be a problem for hosters of chess sites that use possibly vulnerable engines like SF and Ethereal for "public anaysis".