Make sure that moves in Flood use only valid colours

If execute_move() receieves a move that uses a colour beyond the range
for the current game, it now rejects it.  Without this a solve string
containing an invalid colour would cause an assertion failure: "fill:
Assertion `oldcolour != newcolour' failed."  While I was in the area I
put a range check on colours for normal moves as well.  To demonstrate
the problem, load this save file:

SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME    :5:Flood
PARAMS  :7:6x6c6m5
CPARAMS :7:6x6c6m3
DESC    :39:432242034203340350204502505323231342,17
NSTATES :1:2
STATEPOS:1:2
MOVE    :2:S6

1 files changed, 7 insertions, 5 deletions

diff --git a/flood.c b/flood.c
index 7a83e52..441119c 100644
--- a/flood.c
+++ b/flood.c
@@ -886,7 +886,7 @@ static game_state *execute_move(const game_state *state, const char *move)
 
     if (move[0] == 'M' &&
         sscanf(move+1, "%d", &c) == 1 &&
-        c >= 0 &&
+        c >= 0 && c < state->colours &&
         c != state->grid[FILLY * state->w + FILLX] &&
         !state->complete) {
         int *queue = snewn(state->w * state->h, int);
@@ -945,10 +945,12 @@ static game_state *execute_move(const game_state *state, const char *move)
                 return NULL;
             };
             sol->moves[i] = atoi(p);
-            if (i == 0 ?
-                sol->moves[i] == state->grid[FILLY * state->w + FILLX] :
-                sol->moves[i] == sol->moves[i-1])
-                /* Solution contains a fill with the current colour. */
+            if (sol->moves[i] < 0 || sol->moves[i] >= state->colours ||
+                (i == 0 ?
+                 sol->moves[i] == state->grid[FILLY * state->w + FILLX] :
+                 sol->moves[i] == sol->moves[i-1]))
+                /* Solution contains a fill with an invalid colour or
+                 * the current colour. */
                 goto badsolve;
             p += strspn(p, "0123456789");
             if (*p) {