From ebb50f0af28591bb1bf28368d62c066333aeb12f Mon Sep 17 00:00:00 2001
From: Evgeny Kapun <abacabadabacaba@gmail.com>
Date: Mon, 4 Nov 2024 13:59:43 +0000
Subject: [PATCH] Bridges: fix an out-of-bounds read.

Occurs when dragging from an island next to an edge in the direction
of that edge.

This bug was discovered using ASan.
---
 bridges.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bridges.c b/bridges.c
index 7e87764..700fd3e 100644
--- a/bridges.c
+++ b/bridges.c
@@ -2306,11 +2306,15 @@ static char *update_drag_dst(const game_state *state, game_ui *ui,
     if (abs(nx-ox) < abs(ny-oy)) {
         dx = 0;
         dy = (ny-oy) < 0 ? -1 : 1;
+        if (!INGRID(state, ui->dragx_src+dx, ui->dragy_src+dy))
+            return MOVE_UI_UPDATE;
         gtype = G_LINEV; ntype = G_NOLINEV; mtype = G_MARKV;
         maxb = INDEX(state, maxv, ui->dragx_src+dx, ui->dragy_src+dy);
     } else {
         dy = 0;
         dx = (nx-ox) < 0 ? -1 : 1;
+        if (!INGRID(state, ui->dragx_src+dx, ui->dragy_src+dy))
+            return MOVE_UI_UPDATE;
         gtype = G_LINEH; ntype = G_NOLINEH; mtype = G_MARKH;
         maxb = INDEX(state, maxh, ui->dragx_src+dx, ui->dragy_src+dy);
     }