~mdw / sgt / puzzles / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4413ef0)
Richard Earnshaw points out that if you enter an out-of-range number
authorsimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Mon, 10 Oct 2005 16:29:58 +0000 (16:29 +0000)
committersimon <simon@cda61777-01e9-0310-a592-d414129be87e>
Mon, 10 Oct 2005 16:29:58 +0000 (16:29 +0000)
in the game description, the solver will fail to notice it and
overrun an array leading to assertion failure, silent wrong answers
or (in extreme cases) segfaults. Hence, validate_desc() now spots
them and kicks them out.

git-svn-id: svn://svn.tartarus.org/sgt/puzzles@6383 cda61777-01e9-0310-a592-d414129be87e

solo.c patch | blob | blame | history

diff --git a/solo.c b/solo.c
index cb9ac7f..2079da9 100644 (file)
--- a/solo.c
+++ b/solo.c
@@ -2293,6 +2293,9 @@ static char *validate_desc(game_params *params, char *desc)
         } else if (n == '_') {
             /* do nothing */;
         } else if (n > '0' && n <= '9') {
+            int val = atoi(desc-1);
+            if (val < 1 || val > params->c * params->r)
+                return "Out-of-range number in game description";
             squares++;
             while (*desc >= '0' && *desc <= '9')
                 desc++;
Simon Tatham's portable puzzles collection; import of svn://svn.tartarus.org/sgt/puzzles