Fix array overruns in the new Filling solver pass.

Probably because I wrote a couple of loops up to the maximum cell
value using the non-idiomatic <= for their termination test, I also
managed to use <= inappropriately for iterating over every cell of the
grid, leading to a couple of references just off the end of arrays.

Amusingly, it was the Emscripten front end which pointed this out to
me by actually crashing as a result! Though valgrind found it just
fine too, once I thought to run that. But it comes to something when
running your C program in Javascript detects your memory errors :-)

diff --git a/filling.c b/filling.c
index 2edec91dca824340a98f20fbca1fe4ea0c29afe2..3797e5c5ff94515879d857d2a6c7f3aef3f08d70 100644 (file)
--- a/filling.c
+++ b/filling.c
@@ -977,7 +977,7 @@ static int learn_bitmap_deductions(struct solver_state *s, int w, int h)
         * reached by extending an existing region - we don't need to
         * know exactly _how far_ out of reach it is.
         */
-       for (i = 0; i <= sz; i++) {
+       for (i = 0; i < sz; i++) {
            if (s->board[i] == n) {
                /* Square is part of an existing CC. */
                minsize[i] = dsf_size(s->dsf, i);
@@ -1024,7 +1024,7 @@ static int learn_bitmap_deductions(struct solver_state *s, int w, int h)
         * in the bitmap reinstated, because we've found that it's
         * potentially reachable by extending an existing CC.
         */
-       for (i = 0; i <= sz; i++)
+       for (i = 0; i < sz; i++)
            if (minsize[i] <= n)
                bm[i] |= 1<<n;
     }