From 5a491c5ad333ef34c1e7713f920f51cbb205af60 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Sun, 26 Feb 2023 23:18:44 +0000 Subject: [PATCH] Inertia: insist that solutions must be non-empty Any solution actually generated by the solver will contain at least one move, because it refuses to solve games that are already solved. However, a save file might contain an empty "solve" move. This causes an uninitialised read when execute_move() then tries to check if the next move is in accordance with the solution, because the check for running off the end of the solution happens after that. We now avoid this by treating a zero-length "solution" as an invalid move. --- inertia.c | 1 + 1 file changed, 1 insertion(+) diff --git a/inertia.c b/inertia.c index ed50c7a..1a958af 100644 --- a/inertia.c +++ b/inertia.c @@ -1697,6 +1697,7 @@ static game_state *execute_move(const game_state *state, const char *move) * This is a solve move, so we don't actually _change_ the * grid but merely set up a stored solution path. */ + if (move[1] == '\0') return NULL; /* Solution must be non-empty. */ ret = dup_game(state); install_new_solution(ret, move); return ret;