ref: 96315bc2baecb68040600cf93da4b4ce729e1acc
parent: 4a202808ee0be91d3a346076e71f45403bfa41de
author: Simon Tatham <[email protected]>
date: Mon Jan 12 15:30:12 EST 2009
Patch from James H to fix some off-by-one errors in Guess's click rectangle checking, preventing array bounds violation. [originally from svn r8409]
--- a/guess.c
+++ b/guess.c
@@ -655,20 +655,24 @@
if (from->solved) return NULL;
- if (x >= COL_OX && x <= (COL_OX + COL_W) &&
- y >= COL_OY && y <= (COL_OY + COL_H)) {+ if (x >= COL_OX && x < (COL_OX + COL_W) &&
+ y >= COL_OY && y < (COL_OY + COL_H)) {over_col = ((y - COL_OY) / PEGOFF) + 1;
+ assert(over_col >= 1 && over_col <= ds->colours->npegs);
} else if (x >= guess_ox &&
- y >= guess_oy && y <= (guess_oy + GUESS_H)) {- if (x <= (guess_ox + GUESS_W)) {+ y >= guess_oy && y < (guess_oy + GUESS_H)) {+ if (x < (guess_ox + GUESS_W)) {over_guess = (x - guess_ox) / PEGOFF;
+ assert(over_guess >= 0 && over_guess < ds->solution->npegs);
} else {over_hint = 1;
}
- } else if (x >= guess_ox && x <= (guess_ox + GUESS_W) &&
+ } else if (x >= guess_ox && x < (guess_ox + GUESS_W) &&
y >= GUESS_OY && y < guess_oy) {over_past_guess_y = (y - GUESS_OY) / PEGOFF;
over_past_guess_x = (x - guess_ox) / PEGOFF;
+ assert(over_past_guess_y >= 0 && over_past_guess_y < from->next_go);
+ assert(over_past_guess_x >= 0 && over_past_guess_x < ds->solution->npegs);
}
debug(("make_move: over_col %d, over_guess %d, over_hint %d,"" over_past_guess (%d,%d)", over_col, over_guess, over_hint,