From ec754962d3f4c581c380c688cba773811b5719da Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sat, 5 Apr 2025 15:18:05 +0200
Subject: alg_parse_move: also check 'tmpr'

---
 FICS/algcheck.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'FICS')

diff --git a/FICS/algcheck.c b/FICS/algcheck.c
index 2fc2451..4e3d18d 100644
--- a/FICS/algcheck.c
+++ b/FICS/algcheck.c
@@ -269,6 +269,11 @@ alg_parse_move(char *mstr, game_state_t *gs, move_t *mt)
 			} else {
 				tmpr = r - 1;
 			}
+			if (tmpr < 0 || tmpr >= 8) {
+				warnx("%s: out-of-bounds array read/write: "
+				    "tmpr=%d", __func__, tmpr);
+				return MOVE_AMBIGUOUS;
+			}
 
 			if (gs->board[tf][tmpr] == NOPIECE) {
 				if ((gs->ep_possible[((gs->onMove == WHITE) ?
-- 
cgit v1.2.3