ref: 7364ce8e266d947be146d635958a7b282752aac6
parent: 5a0a2b9166a144b1775411a47060efa483e61971
author: Ben Harris <bjh21@bjh21.me.uk>
date: Tue Feb 14 17:02:35 EST 2023
Make sure that moves in Flood use only valid colours If execute_move() receieves a move that uses a colour beyond the range for the current game, it now rejects it. Without this a solve string containing an invalid colour would cause an assertion failure: "fill: Assertion `oldcolour != newcolour' failed." While I was in the area I put a range check on colours for normal moves as well. To demonstrate the problem, load this save file: SAVEFILE:41:Simon Tatham's Portable Puzzle Collection VERSION :1:1 GAME :5:Flood PARAMS :7:6x6c6m5 CPARAMS :7:6x6c6m3 DESC :39:432242034203340350204502505323231342,17 NSTATES :1:2 STATEPOS:1:2 MOVE :2:S6
--- a/flood.c
+++ b/flood.c
@@ -886,7 +886,7 @@
if (move[0] == 'M' &&
sscanf(move+1, "%d", &c) == 1 &&
- c >= 0 &&
+ c >= 0 && c < state->colours &&
c != state->grid[FILLY * state->w + FILLX] &&
!state->complete) {int *queue = snewn(state->w * state->h, int);
@@ -945,10 +945,12 @@
return NULL;
};
sol->moves[i] = atoi(p);
- if (i == 0 ?
- sol->moves[i] == state->grid[FILLY * state->w + FILLX] :
- sol->moves[i] == sol->moves[i-1])
- /* Solution contains a fill with the current colour. */
+ if (sol->moves[i] < 0 || sol->moves[i] >= state->colours ||
+ (i == 0 ?
+ sol->moves[i] == state->grid[FILLY * state->w + FILLX] :
+ sol->moves[i] == sol->moves[i-1]))
+ /* Solution contains a fill with an invalid colour or
+ * the current colour. */
goto badsolve;
p += strspn(p, "0123456789");
if (*p) {