ref: 023ce7554c19dcf6f4432407b9eedb850acc7289
parent: 1aded127eb3fb7194a1752d96bfba95a5b7fa4dc
author: Ben Harris <bjh21@bjh21.me.uk>
date: Sat Jan 7 18:06:13 EST 2023
Sixteen: limit length of moves The code that actually executes the moves can only cope with moves of at most the width (or height as appropriate) of the grid. Reject any longer move, and for symmetry also negative moves of the same magnitude. Without this, the tile-moving code tends to access off the start of the tile array. To demonstrate this, build Sixteen with AddressSanitizer and load this save file: SAVEFILE:41:Simon Tatham's Portable Puzzle Collection VERSION :1:1 GAME :7:Sixteen PARAMS :3:4x4 CPARAMS :3:4x4 DESC :38:2,16,3,10,13,8,7,4,9,14,12,11,15,1,5,6 NSTATES :1:2 STATEPOS:1:2 MOVE :4:C1,9
--- a/sixteen.c
+++ b/sixteen.c
@@ -762,11 +762,11 @@
}
if (move[0] == 'R' && sscanf(move+1, "%d,%d", &cy, &dx) == 2 &&
- cy >= 0 && cy < from->h) {+ cy >= 0 && cy < from->h && -from->h <= dx && dx <= from->w ) {cx = dy = 0;
n = from->w;
} else if (move[0] == 'C' && sscanf(move+1, "%d,%d", &cx, &dy) == 2 &&
- cx >= 0 && cx < from->w) {+ cx >= 0 && cx < from->w && -from->h <= dy && dy <= from->h) {cy = dx = 0;
n = from->h;
} else