From 75225284c0db99aa14f72a630cc11d3b91ed79cf Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Thu, 23 Jun 2005 23:11:59 +0000
Subject: [PATCH] Array overflow fix from James Harvey.

[originally from svn r6005]
---
 guess.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/guess.c b/guess.c
index 3a53f4b..ce4e05e 100644
--- a/guess.c
+++ b/guess.c
@@ -221,12 +221,9 @@ static pegrow new_pegrow(int npegs)
 
 static pegrow dup_pegrow(pegrow pegs)
 {
-    pegrow newpegs = snew(struct pegrow);
+    pegrow newpegs = new_pegrow(pegs->npegs);
 
-    newpegs->npegs = pegs->npegs;
-    newpegs->pegs = snewn(newpegs->npegs, int);
     memcpy(newpegs->pegs, pegs->pegs, newpegs->npegs * sizeof(int));
-    newpegs->feedback = snewn(newpegs->npegs, int);
     memcpy(newpegs->feedback, pegs->feedback, newpegs->npegs * sizeof(int));
 
     return newpegs;
@@ -325,6 +322,7 @@ static game_state *dup_game(game_state *state)
     int i;
 
     *ret = *state;
+
     ret->guesses = snewn(state->params.nguesses, pegrow);
     for (i = 0; i < state->params.nguesses; i++)
 	ret->guesses[i] = dup_pegrow(state->guesses[i]);
@@ -463,8 +461,9 @@ static int is_markable(game_params *params, pegrow pegs)
     nrequired = params->allow_blank ? 1 : params->npegs;
 
     for (i = 0; i < params->npegs; i++) {
-        if (pegs->pegs[i] > 0) {
-            colcount->pegs[pegs->pegs[i]]++;
+        int c = pegs->pegs[i];
+        if (c > 0) {
+            colcount->pegs[c-1]++;
             nset++;
         }
     }
-- 
2.30.2