Twiddle: don't read off the end of parameter strings ending 'm'

The overrun could be demonstrated by specifying a parameter string of "3x3m" to a build with AddressSanitizer.
author: Ben Harris <bjh21@bjh21.me.uk> 2023-02-13 14:31:39 +0000
committer: Ben Harris <bjh21@bjh21.me.uk> 2023-02-13 20:49:05 +0000
commit: 73c7bc090155ab8c4661feaeea9e6a6e74ee6f77 (patch)
tree: ca289611200f6ed14b992b9da5db959b94e35a5e
parent: d577aaecab09506988a657fa257c4d0ab85d0cd6 (diff)
download: puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.zip
puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.gz
puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.bz2
puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.xz
1 files changed, 5 insertions, 3 deletions
diff --git a/twiddle.c b/twiddle.c
index 6d86264..8c565a0 100644
--- a/twiddle.c
+++ b/twiddle.c
@@ -124,14 +124,16 @@ static void decode_params(game_params *ret, char const *string)
     while (*string) {
 	if (*string == 'r') {
 	    ret->rowsonly = true;
+            string++;
 	} else if (*string == 'o') {
 	    ret->orientable = true;
+            string++;
 	} else if (*string == 'm') {
             string++;
 	    ret->movetarget = atoi(string);
-            while (string[1] && isdigit((unsigned char)string[1])) string++;
-	}
-	string++;
+            while (*string && isdigit((unsigned char)*string)) string++;
+	} else
+            string++;
     }
 }
author	Ben Harris <bjh21@bjh21.me.uk>	2023-02-13 14:31:39 +0000
committer	Ben Harris <bjh21@bjh21.me.uk>	2023-02-13 20:49:05 +0000
commit	73c7bc090155ab8c4661feaeea9e6a6e74ee6f77 (patch)
tree	ca289611200f6ed14b992b9da5db959b94e35a5e
parent	d577aaecab09506988a657fa257c4d0ab85d0cd6 (diff)
download	puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.zip puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.gz puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.bz2 puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.xz