From e616d7aac9fff2d65bde4c6f8dcfc8d1222dc803 Mon Sep 17 00:00:00 2001
From: Ben Harris <bjh21@bjh21.me.uk>
Date: Sat, 7 Jan 2023 20:33:42 +0000
Subject: [PATCH] Mosaic: fault out-of-bounds moves in execute_move()

Returning NULL in this case is better than dereferencing it.
---
 mosaic.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mosaic.c b/mosaic.c
index 84ea1f3..3ccd10d 100644
--- a/mosaic.c
+++ b/mosaic.c
@@ -1297,6 +1297,10 @@ static game_state *execute_move(const game_state *state, const char *move)
             return new_state;
         }
         cell = get_coords(new_state, new_state->cells_contents, x, y);
+        if (cell == NULL) {
+            sfree(new_state);
+            return NULL;
+        }
         if (*cell >= STATE_OK_NUM) {
             *cell &= STATE_OK_NUM;
         }
@@ -1363,6 +1367,10 @@ static game_state *execute_move(const game_state *state, const char *move)
         for (i = 0; i < diff; i++) {
             cell = get_coords(new_state, new_state->cells_contents,
                               x + (dirX * i), y + (dirY * i));
+            if (cell == NULL) {
+                sfree(new_state);
+                return NULL;
+            }
             if ((*cell & STATE_OK_NUM) == 0) {
                 *cell = last_state;
                 update_board_state_around(new_state, x + (dirX * i),