From 7364ce8e266d947be146d635958a7b282752aac6 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Tue, 14 Feb 2023 22:02:35 +0000 Subject: [PATCH] Make sure that moves in Flood use only valid colours If execute_move() receieves a move that uses a colour beyond the range for the current game, it now rejects it. Without this a solve string containing an invalid colour would cause an assertion failure: "fill: Assertion `oldcolour != newcolour' failed." While I was in the area I put a range check on colours for normal moves as well. To demonstrate the problem, load this save file: SAVEFILE:41:Simon Tatham's Portable Puzzle Collection VERSION :1:1 GAME :5:Flood PARAMS :7:6x6c6m5 CPARAMS :7:6x6c6m3 DESC :39:432242034203340350204502505323231342,17 NSTATES :1:2 STATEPOS:1:2 MOVE :2:S6 --- flood.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/flood.c b/flood.c index 7a83e52..441119c 100644 --- a/flood.c +++ b/flood.c @@ -886,7 +886,7 @@ static game_state *execute_move(const game_state *state, const char *move) if (move[0] == 'M' && sscanf(move+1, "%d", &c) == 1 && - c >= 0 && + c >= 0 && c < state->colours && c != state->grid[FILLY * state->w + FILLX] && !state->complete) { int *queue = snewn(state->w * state->h, int); @@ -945,10 +945,12 @@ static game_state *execute_move(const game_state *state, const char *move) return NULL; }; sol->moves[i] = atoi(p); - if (i == 0 ? - sol->moves[i] == state->grid[FILLY * state->w + FILLX] : - sol->moves[i] == sol->moves[i-1]) - /* Solution contains a fill with the current colour. */ + if (sol->moves[i] < 0 || sol->moves[i] >= state->colours || + (i == 0 ? + sol->moves[i] == state->grid[FILLY * state->w + FILLX] : + sol->moves[i] == sol->moves[i-1])) + /* Solution contains a fill with an invalid colour or + * the current colour. */ goto badsolve; p += strspn(p, "0123456789"); if (*p) {