shithub: puzzles

Download patch

ref: 8a06ff26fc6abd77a4b4a08b839943f588d92dcf
parent: a45f1830cf4af0fbaf2fad448f717a6458b48b24
author: Ben Harris <[email protected]>
date: Sun Jan 8 04:57:53 EST 2023

Filling: validate length of auto-solve move strings

Without this, execute_move() can end up reading off the end of the
move string, which isn't very friendly.  Also remove the comment
saying that the move string doesn't have to be null-terminated,
because now it does.

--- a/filling.c
+++ b/filling.c
@@ -1110,8 +1110,6 @@
         **solution = 's';
         for (i = 0; i < sz; ++i) (*solution)[i + 1] = ss.board[i] + '0';
         (*solution)[sz + 1] = '\0';
-        /* We don't need the \0 for execute_move (the only user)
-         * I'm just being printf-friendly in case I wanna print */
     }
 
     sfree(ss.dsf);
@@ -1589,6 +1587,7 @@
 
     if (*move == 's') {
         int i = 0;
+        if (strlen(move) != sz + 1) return NULL;
         new_state = dup_game(state);
         for (++move; i < sz; ++i) new_state->board[i] = move[i] - '0';
         new_state->cheated = true;