shithub: puzzles

Download patch

ref: 1cf403ceb81482dea7107a49573d6834c5a650d1
parent: 90af15b43ed57a6835091bb1c98227052590b3ea
author: Simon Tatham <[email protected]>
date: Wed Oct 21 14:32:15 EDT 2015

Fix array overruns in the new Filling solver pass.

Probably because I wrote a couple of loops up to the maximum cell
value using the non-idiomatic <= for their termination test, I also
managed to use <= inappropriately for iterating over every cell of the
grid, leading to a couple of references just off the end of arrays.

Amusingly, it was the Emscripten front end which pointed this out to
me by actually crashing as a result! Though valgrind found it just
fine too, once I thought to run that. But it comes to something when
running your C program in Javascript detects your memory errors :-)


--- a/filling.c
+++ b/filling.c
@@ -977,7 +977,7 @@
 	 * reached by extending an existing region - we don't need to
 	 * know exactly _how far_ out of reach it is.
 	 */
-	for (i = 0; i <= sz; i++) {
+	for (i = 0; i < sz; i++) {
 	    if (s->board[i] == n) {
 		/* Square is part of an existing CC. */
 		minsize[i] = dsf_size(s->dsf, i);
@@ -1024,7 +1024,7 @@
 	 * in the bitmap reinstated, because we've found that it's
 	 * potentially reachable by extending an existing CC.
 	 */
-	for (i = 0; i <= sz; i++)
+	for (i = 0; i < sz; i++)
 	    if (minsize[i] <= n)
 		bm[i] |= 1<<n;
     }