ref: 1cf403ceb81482dea7107a49573d6834c5a650d1
parent: 90af15b43ed57a6835091bb1c98227052590b3ea
author: Simon Tatham <anakin@pobox.com>
date: Wed Oct 21 14:32:15 EDT 2015
Fix array overruns in the new Filling solver pass. Probably because I wrote a couple of loops up to the maximum cell value using the non-idiomatic <= for their termination test, I also managed to use <= inappropriately for iterating over every cell of the grid, leading to a couple of references just off the end of arrays. Amusingly, it was the Emscripten front end which pointed this out to me by actually crashing as a result! Though valgrind found it just fine too, once I thought to run that. But it comes to something when running your C program in Javascript detects your memory errors :-)
--- a/filling.c
+++ b/filling.c
@@ -977,7 +977,7 @@
* reached by extending an existing region - we don't need to
* know exactly _how far_ out of reach it is.
*/
- for (i = 0; i <= sz; i++) {+ for (i = 0; i < sz; i++) { if (s->board[i] == n) {/* Square is part of an existing CC. */
minsize[i] = dsf_size(s->dsf, i);
@@ -1024,7 +1024,7 @@
* in the bitmap reinstated, because we've found that it's
* potentially reachable by extending an existing CC.
*/
- for (i = 0; i <= sz; i++)
+ for (i = 0; i < sz; i++)
if (minsize[i] <= n)
bm[i] |= 1<<n;
}