zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-21 08:01:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bridges: fix an out-of-bounds read.

Browse Source 
Occurs when dragging from an island next to an edge in the direction
of that edge.

This bug was discovered using ASan.
This commit is contained in:
Evgeny Kapun
2024-11-04 13:59:43 +00:00
committed by Simon Tatham
parent 05f4f6349f
commit ebb50f0af2
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bridges.c
View File

@ -2306,11 +2306,15 @@ static char *update_drag_dst(const game_state *state, game_ui *ui,
if (abs(nx-ox) < abs(ny-oy)) { if (abs(nx-ox) < abs(ny-oy)) {
dx = 0; dx = 0;
dy = (ny-oy) < 0 ? -1 : 1; dy = (ny-oy) < 0 ? -1 : 1;
if (!INGRID(state, ui->dragx_src+dx, ui->dragy_src+dy))
return MOVE_UI_UPDATE;
gtype = G_LINEV; ntype = G_NOLINEV; mtype = G_MARKV; gtype = G_LINEV; ntype = G_NOLINEV; mtype = G_MARKV;
maxb = INDEX(state, maxv, ui->dragx_src+dx, ui->dragy_src+dy); maxb = INDEX(state, maxv, ui->dragx_src+dx, ui->dragy_src+dy);
} else { } else {
dy = 0; dy = 0;
dx = (nx-ox) < 0 ? -1 : 1; dx = (nx-ox) < 0 ? -1 : 1;
if (!INGRID(state, ui->dragx_src+dx, ui->dragy_src+dy))
return MOVE_UI_UPDATE;
gtype = G_LINEH; ntype = G_NOLINEH; mtype = G_MARKH; gtype = G_LINEH; ntype = G_NOLINEH; mtype = G_MARKH;
maxb = INDEX(state, maxh, ui->dragx_src+dx, ui->dragy_src+dy); maxb = INDEX(state, maxh, ui->dragx_src+dx, ui->dragy_src+dy);
} }