From 896a73bd7ff8cbde44e97d89cef57346478f0072 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sat, 11 Feb 2023 22:00:49 +0000
Subject: [PATCH] Cleanly reject more ill-formed solve moves in Flood

The fix in e4112b3 was incomplete: there was another assertion that could be failed by a save file with an ill-formed solve move.  That now gets rejected properly.  Here's an example save file to demonstrate the problem:

SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
GAME    :5:Flood
PARAMS  :7:6x6c6m0
CPARAMS :7:6x6c6m0
DESC    :39:000000000000000000000000000000000000,00
NSTATES :1:2
STATEPOS:1:2
MOVE    :1:S
---
 flood.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/flood.c b/flood.c
index 8f4df00..f1ac5e1 100644
--- a/flood.c
+++ b/flood.c
@@ -938,15 +938,16 @@ static game_state *execute_move(const game_state *state, const char *move)
 
         sol->moves = snewn(sol->nmoves, char);
         for (i = 0, p = move; i < sol->nmoves; i++) {
-            assert(*p);
+            if (!*p) {
+              badsolve:
+                sfree(sol->moves);
+                sfree(sol);
+                return NULL;
+            };
             sol->moves[i] = atoi(p);
             p += strspn(p, "0123456789");
             if (*p) {
-                if (*p != ',') {
-                    sfree(sol->moves);
-                    sfree(sol);
-                    return NULL;
-                }
+                if (*p != ',') goto badsolve;
                 p++;
             }
         }