From: Tim Mann <tim@tim-mann.org>
Date: Sun, 29 May 2011 04:01:25 +0000 (-0700)
Subject: Fix a size mismatch in scanf.  Untested, but the code could not have
X-Git-Url: http://winboard.nl/cgi-bin?p=xboard.git;a=commitdiff_plain;h=e433631c9b9449829b54526e0d0ebaeec71b270a

Fix a size mismatch in scanf.  Untested, but the code could not have
worked properly without this fix -- scanf would have written 32-bit
values to 16-bit fields, thus smashing adjacent memory.
---

diff --git a/book.c b/book.c
index 3a764b9..5c5eea6 100644
--- a/book.c
+++ b/book.c
@@ -585,7 +585,7 @@ int TextToMoves(char *text, int moveNum, entry_t *entries)
 	    valid = ParseOneMove(text, moveNum, &moveType, &fromX, &fromY, &toX, &toY, &promoChar);
 	    text = strstr(text, yy_textstr) + strlen(yy_textstr); // skip what we parsed
 	    if(!valid || moveType != NormalMove) continue;
-	    if(*text == ' ' && sscanf(text+1, "{%d/%d}", &entries[count].learnPoints, &entries[count].learnCount) == 2) {
+	    if(*text == ' ' && sscanf(text+1, "{%hd/%hd}", &entries[count].learnPoints, &entries[count].learnCount) == 2) {
 		text = strchr(text+1, '}') + 1;
 	    } else {
 		entries[count].learnPoints = 0;