Cleanly reject ill-formed solve moves in Flood

A solve move containing characters other than digits and commas would
cause an assertion failure, "*p == ','", in execute_move().  Such a move
can't as far as I know be generated in play, but can be read from a
corrupt save file.

Here's a sample of such a save file:

SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME    :5:Flood
PARAMS  :7:3x3c6m5
CPARAMS :7:3x3c6m5
DESC    :12:403011503,10
NSTATES :1:2
STATEPOS:1:2
SOLVE   :2:SA

1 files changed, 5 insertions, 1 deletions

diff --git a/flood.c b/flood.c
index 08410ba..c015c7e 100644
--- a/flood.c
+++ b/flood.c
@@ -942,7 +942,11 @@ static game_state *execute_move(const game_state *state, const char *move)
             sol->moves[i] = atoi(p);
             p += strspn(p, "0123456789");
             if (*p) {
-                assert(*p == ',');
+                if (*p != ',') {
+                    sfree(sol->moves);
+                    sfree(sol);
+                    return NULL;
+                }
                 p++;
             }
         }