Richard Earnshaw points out that if you enter an out-of-range number

in the game description, the solver will fail to notice it and
overrun an array leading to assertion failure, silent wrong answers
or (in extreme cases) segfaults. Hence, validate_desc() now spots
them and kicks them out.

[originally from svn r6383]

diff --git a/solo.c b/solo.c
index cb9ac7f5c8bcd4cfde38f7e71aa6083eeae3a748..2079da952fa0d4a26bc1aeea8bb9de137ffc91e7 100644 (file)
--- a/solo.c
+++ b/solo.c
@@ -2293,6 +2293,9 @@ static char *validate_desc(game_params *params, char *desc)
         } else if (n == '_') {
             /* do nothing */;
         } else if (n > '0' && n <= '9') {
+            int val = atoi(desc-1);
+            if (val < 1 || val > params->c * params->r)
+                return "Out-of-range number in game description";
             squares++;
             while (*desc >= '0' && *desc <= '9')
                 desc++;