From 8c5279cf75e41f1ae75b2daf0d06c883a5ae0bca Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sat, 7 Jan 2023 23:24:39 +0000
Subject: [PATCH] Same Game: reject moves with unexpected characters in

Previously if a move string starting with "M" contained anything else
other than a digit or a comma, execute_move() would spin trying to
parse it.  Now it returns NULL.
---
 samegame.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/samegame.c b/samegame.c
index 3abd042..c161234 100644
--- a/samegame.c
+++ b/samegame.c
@@ -1346,6 +1346,10 @@ static game_state *execute_move(const game_state *from, const char *move)
 	move++;
 
 	while (*move) {
+            if (!isdigit((unsigned char)*move)) {
+                free_game(ret);
+                return NULL;
+            }
 	    i = atoi(move);
 	    if (i < 0 || i >= ret->n) {
 		free_game(ret);