diff options
| author | Ben Harris <bjh21@bjh21.me.uk> | 2023-02-13 14:31:39 +0000 |
|---|---|---|
| committer | Ben Harris <bjh21@bjh21.me.uk> | 2023-02-13 20:49:05 +0000 |
| commit | 73c7bc090155ab8c4661feaeea9e6a6e74ee6f77 (patch) | |
| tree | ca289611200f6ed14b992b9da5db959b94e35a5e /twiddle.c | |
| parent | d577aaecab09506988a657fa257c4d0ab85d0cd6 (diff) | |
| download | puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.zip puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.gz puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.bz2 puzzles-73c7bc090155ab8c4661feaeea9e6a6e74ee6f77.tar.xz | |
Twiddle: don't read off the end of parameter strings ending 'm'
The overrun could be demonstrated by specifying a parameter string of
"3x3m" to a build with AddressSanitizer.
Diffstat (limited to 'twiddle.c')
| -rw-r--r-- | twiddle.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -124,14 +124,16 @@ static void decode_params(game_params *ret, char const *string) while (*string) { if (*string == 'r') { ret->rowsonly = true; + string++; } else if (*string == 'o') { ret->orientable = true; + string++; } else if (*string == 'm') { string++; ret->movetarget = atoi(string); - while (string[1] && isdigit((unsigned char)string[1])) string++; - } - string++; + while (*string && isdigit((unsigned char)*string)) string++; + } else + string++; } } |