Mosaic: fix one-byte-too-short buffer in solve_game().

Thanks to Jason Hood for the report. The crash is trivially reproduced under Address Sanitizer if you set up the game id 15x15#12345 and then use the Solve UI action.
2025-04-20 07:31:30 -07:00 · 2025-02-19 08:28:48 +00:00
parent b99f10727a
commit 7da4641222
1 changed files with 1 additions and 1 deletions
--- a/mosaic.c
+++ b/mosaic.c
@ -951,7 +951,7 @@ static char *solve_game(const game_state *state,
        return NULL;
    }
-    ret = snewn((size / 4) + 3, char);
+    ret = snewn((size / 4) + 4, char);
    ret[0] = 's';
    i = 0;