Net: assert that cx and cy are in range in compute_active()

This avoids an out-of-range heap write shortly afterwards.  An assertion
failure is better than a buffer overrun, but still not ideal.  Fixing
the problem properly will require fairly wide-ranging changes, though.

The bug can be demonstrated by loading this save file into a build with
AddressSanitizer:

SAVEFILE:41:Simon Tatham's Portable Puzzle Collection
VERSION :1:1
GAME    :3:Net
PARAMS  :4:5x5w
CPARAMS :4:5x5w
DESC    :25:9893e85285bb72e6de5182741
UI      :9:O0,0;C6,6
NSTATES :1:1
STATEPOS:1:1

1 files changed, 2 insertions, 0 deletions

diff --git a/net.c b/net.c
index 6f7d149..7f90047 100644
--- a/net.c
+++ b/net.c
@@ -1872,6 +1872,8 @@ static unsigned char *compute_active(const game_state *state, int cx, int cy)
     active = snewn(state->width * state->height, unsigned char);
     memset(active, 0, state->width * state->height);
 
+    assert(0 <= cx && cx < state->width);
+    assert(0 <= cy && cy < state->height);
     /*
      * We only store (x,y) pairs in todo, but it's easier to reuse
      * xyd_cmp and just store direction 0 every time.