ref: 8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca
parent: 0dbbd52935b8b17b3b3ab3d9ae6271cde891f70b
author: Ben Harris <[email protected]>
date: Sat Jan 7 18:24:39 EST 2023
Same Game: reject moves with unexpected characters in Previously if a move string starting with "M" contained anything else other than a digit or a comma, execute_move() would spin trying to parse it. Now it returns NULL.
--- a/samegame.c
+++ b/samegame.c
@@ -1346,6 +1346,10 @@
move++;
while (*move) {
+ if (!isdigit((unsigned char)*move)) {
+ free_game(ret);
+ return NULL;
+ }
i = atoi(move);
if (i < 0 || i >= ret->n) {
free_game(ret);