From 73c7bc090155ab8c4661feaeea9e6a6e74ee6f77 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Mon, 13 Feb 2023 14:31:39 +0000
Subject: [PATCH] Twiddle: don't read off the end of parameter strings ending
 'm'

The overrun could be demonstrated by specifying a parameter string of
"3x3m" to a build with AddressSanitizer.
---
 twiddle.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/twiddle.c b/twiddle.c
index 6d86264..8c565a0 100644
--- a/twiddle.c
+++ b/twiddle.c
@@ -124,14 +124,16 @@ static void decode_params(game_params *ret, char const *string)
     while (*string) {
 	if (*string == 'r') {
 	    ret->rowsonly = true;
+            string++;
 	} else if (*string == 'o') {
 	    ret->orientable = true;
+            string++;
 	} else if (*string == 'm') {
             string++;
 	    ret->movetarget = atoi(string);
-            while (string[1] && isdigit((unsigned char)string[1])) string++;
-	}
-	string++;
+            while (*string && isdigit((unsigned char)*string)) string++;
+	} else
+            string++;
     }
 }