ref: 5a491c5ad333ef34c1e7713f920f51cbb205af60
parent: 6ee62a43abe7d7e77226415b21d1cbf16dbda85a
author: Ben Harris <[email protected]>
date: Sun Feb 26 18:18:44 EST 2023
Inertia: insist that solutions must be non-empty Any solution actually generated by the solver will contain at least one move, because it refuses to solve games that are already solved. However, a save file might contain an empty "solve" move. This causes an uninitialised read when execute_move() then tries to check if the next move is in accordance with the solution, because the check for running off the end of the solution happens after that. We now avoid this by treating a zero-length "solution" as an invalid move.
--- a/inertia.c
+++ b/inertia.c
@@ -1697,6 +1697,7 @@
* This is a solve move, so we don't actually _change_ the
* grid but merely set up a stored solution path.
*/
+ if (move[1] == '\0') return NULL; /* Solution must be non-empty. */
ret = dup_game(state);
install_new_solution(ret, move);
return ret;