ref: bbe866a3819c6a754a5b1d8c5bc5d0701796acfb
parent: 795ccf60023fd76893345c8ef6cefd535004a240
author: Ben Harris <[email protected]>
date: Mon Feb 20 09:57:31 EST 2023
Flood: don't read off the end of some parameter strings This is essentially the same fix as 73c7bc090155ab8c was for Twiddle. The new code is less clever but more correct (and more obviously correct). The bug could be demonstrated by using a parameter string of "c" or "m" with an AddressSanitizer build of Flood.
--- a/flood.c
+++ b/flood.c
@@ -141,13 +141,13 @@
if (*string == 'c') {
string++;
ret->colours = atoi(string);
- while (string[1] && isdigit((unsigned char)string[1])) string++;
+ while (*string && isdigit((unsigned char)*string)) string++;
} else if (*string == 'm') {
string++;
ret->leniency = atoi(string);
- while (string[1] && isdigit((unsigned char)string[1])) string++;
- }
- string++;
+ while (*string && isdigit((unsigned char)*string)) string++;
+ } else
+ string++;
}
}