ref: 813cd5e3bf17c426bfafcf9d64f94ddeaf8deac0
parent: 8a8474a31191804890c2fed03173832f0d81d81e
author: Simon Tatham <anakin@pobox.com>
date: Mon Oct 10 12:29:58 EDT 2005
Richard Earnshaw points out that if you enter an out-of-range number in the game description, the solver will fail to notice it and overrun an array leading to assertion failure, silent wrong answers or (in extreme cases) segfaults. Hence, validate_desc() now spots them and kicks them out. [originally from svn r6383]
--- a/solo.c
+++ b/solo.c
@@ -2293,6 +2293,9 @@
} else if (n == '_') {/* do nothing */;
} else if (n > '0' && n <= '9') {+ int val = atoi(desc-1);
+ if (val < 1 || val > params->c * params->r)
+ return "Out-of-range number in game description";
squares++;
while (*desc >= '0' && *desc <= '9')
desc++;