ref: 8a06ff26fc6abd77a4b4a08b839943f588d92dcf
parent: a45f1830cf4af0fbaf2fad448f717a6458b48b24
author: Ben Harris <[email protected]>
date: Sun Jan 8 04:57:53 EST 2023
Filling: validate length of auto-solve move strings Without this, execute_move() can end up reading off the end of the move string, which isn't very friendly. Also remove the comment saying that the move string doesn't have to be null-terminated, because now it does.
--- a/filling.c
+++ b/filling.c
@@ -1110,8 +1110,6 @@
**solution = 's';
for (i = 0; i < sz; ++i) (*solution)[i + 1] = ss.board[i] + '0';
(*solution)[sz + 1] = '\0';
- /* We don't need the \0 for execute_move (the only user)
- * I'm just being printf-friendly in case I wanna print */
}
sfree(ss.dsf);
@@ -1589,6 +1587,7 @@
if (*move == 's') {
int i = 0;
+ if (strlen(move) != sz + 1) return NULL;
new_state = dup_game(state);
for (++move; i < sz; ++i) new_state->board[i] = move[i] - '0';
new_state->cheated = true;