ref: 73c7bc090155ab8c4661feaeea9e6a6e74ee6f77
parent: d577aaecab09506988a657fa257c4d0ab85d0cd6
author: Ben Harris <[email protected]>
date: Mon Feb 13 09:31:39 EST 2023
Twiddle: don't read off the end of parameter strings ending 'm' The overrun could be demonstrated by specifying a parameter string of "3x3m" to a build with AddressSanitizer.
--- a/twiddle.c
+++ b/twiddle.c
@@ -124,14 +124,16 @@
while (*string) {
if (*string == 'r') {
ret->rowsonly = true;
+ string++;
} else if (*string == 'o') {
ret->orientable = true;
+ string++;
} else if (*string == 'm') {
string++;
ret->movetarget = atoi(string);
- while (string[1] && isdigit((unsigned char)string[1])) string++;
- }
- string++;
+ while (*string && isdigit((unsigned char)*string)) string++;
+ } else
+ string++;
}
}