From: simon <simon@cda61777-01e9-0310-a592-d414129be87e>
Date: Wed, 1 Jul 2009 22:01:21 +0000 (+0000)
Subject: More defensive-coding fixes from James H.
X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/puzzles/commitdiff_plain/8719c2e7d9245278ab694369b971caa7567b2f06

More defensive-coding fixes from James H.


git-svn-id: svn://svn.tartarus.org/sgt/puzzles@8605 cda61777-01e9-0310-a592-d414129be87e
---

diff --git a/cube.c b/cube.c
index ae3f716..18787c0 100644
--- a/cube.c
+++ b/cube.c
@@ -996,6 +996,7 @@ static void free_game(game_state *state)
 	sfree(state->grid->squares);
 	sfree(state->grid);
     }
+    sfree(state->bluemask);
     sfree(state->facecolours);
     sfree(state);
 }
diff --git a/filling.c b/filling.c
index a797d09..3fcc3b1 100644
--- a/filling.c
+++ b/filling.c
@@ -1500,7 +1500,7 @@ static void draw_grid(drawing *dr, game_drawstate *ds, game_state *state,
 
             if (flashy || !shading) {
                 /* clear all background flags */
-            } else if (ui->sel && ui->sel[y*w+x]) {
+            } else if (ui && ui->sel && ui->sel[y*w+x]) {
                 flags |= HIGH_BG;
             } else if (v) {
                 int size = dsf_size(ds->dsf_scratch, y*w+x);
@@ -1509,7 +1509,7 @@ static void draw_grid(drawing *dr, game_drawstate *ds, game_state *state,
                 else if (size > v)
                     flags |= ERROR_BG;
             }
-            if (ui->cur_visible && x == ui->cur_x && y == ui->cur_y)
+            if (ui && ui->cur_visible && x == ui->cur_x && y == ui->cur_y)
               flags |= CURSOR_SQ;
 
             /*
diff --git a/loopy.c b/loopy.c
index 242e983..de4d6a4 100644
--- a/loopy.c
+++ b/loopy.c
@@ -1513,6 +1513,7 @@ static void add_full_clues(game_state *state, random_state *rs)
     face_scores = snewn(num_faces, struct face_score);
     for (i = 0; i < num_faces; i++) {
         face_scores[i].random = random_bits(rs, 31);
+        face_scores[i].black_score = face_scores[i].white_score = 0;
     }
     
     /* Colour a random, finite face white.  The infinite face is implicitly
@@ -3232,6 +3233,8 @@ static game_state *execute_move(game_state *state, char *move)
 
     while (*move) {
         i = atoi(move);
+        if (i < 0 || i >= newstate->game_grid->num_edges)
+            goto fail;
         move += strspn(move, "1234567890");
         switch (*(move++)) {
 	  case 'y':
diff --git a/pattern.c b/pattern.c
index 274fcdb..68383d7 100644
--- a/pattern.c
+++ b/pattern.c
@@ -1045,6 +1045,7 @@ static game_drawstate *game_new_drawstate(drawing *dr, game_state *state)
     ds->visible = snewn(ds->w * ds->h, unsigned char);
     ds->tilesize = 0;                  /* not decided yet */
     memset(ds->visible, 255, ds->w * ds->h);
+    ds->cur_x = ds->cur_y = 0;
 
     return ds;
 }