From: Simon Tatham <anakin@pobox.com>
Date: Mon, 10 Oct 2005 16:29:58 +0000 (+0000)
Subject: Richard Earnshaw points out that if you enter an out-of-range number
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=813cd5e3bf17c426bfafcf9d64f94ddeaf8deac0;p=sgt-puzzles.git

Richard Earnshaw points out that if you enter an out-of-range number
in the game description, the solver will fail to notice it and
overrun an array leading to assertion failure, silent wrong answers
or (in extreme cases) segfaults. Hence, validate_desc() now spots
them and kicks them out.

[originally from svn r6383]
---

diff --git a/solo.c b/solo.c
index cb9ac7f..2079da9 100644
--- a/solo.c
+++ b/solo.c
@@ -2293,6 +2293,9 @@ static char *validate_desc(game_params *params, char *desc)
         } else if (n == '_') {
             /* do nothing */;
         } else if (n > '0' && n <= '9') {
+            int val = atoi(desc-1);
+            if (val < 1 || val > params->c * params->r)
+                return "Out-of-range number in game description";
             squares++;
             while (*desc >= '0' && *desc <= '9')
                 desc++;