From: Simon McVittie <smcv@debian.org>
Date: Sun, 11 Apr 2021 14:00:21 +0100
Subject: Puzzle: Use temporary variables when dereferencing initial_board

If we directly use `(!) initial_board [x, y]`, the C code generated by
valac 0.48.16 sets a temporary variable to a pointer into
`initial_board`, and then frees that pointer when it goes out of scope,
leaving a dangling pointer in `initial_board` which causes a double-free
and a crash.

Signed-off-by: Simon McVittie <smcv@debian.org>
Bug: https://gitlab.gnome.org/GNOME/gnome-tetravex/-/issues/32
Bug-Debian: https://bugs.debian.org/986718
Forwarded: https://gitlab.gnome.org/GNOME/gnome-tetravex/-/merge_requests/18
---
 src/puzzle.vala | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/puzzle.vala b/src/puzzle.vala
index 218b590..aa0cfa8 100644
--- a/src/puzzle.vala
+++ b/src/puzzle.vala
@@ -911,9 +911,14 @@ private class Puzzle : Object
         for (uint8 x = 0; x < board_size; x++)
             for (uint8 y = 0; y < board_size - 1; y++)
             {
-                if (((!) initial_board [x, y]).color_south != ((!) initial_board [x, y + 1]).color_north)
+                SavedTile? x_y = initial_board [x, y];
+                SavedTile? x_yplus1 = initial_board [x, y + 1];
+                SavedTile? y_x = initial_board [y, x];
+                SavedTile? yplus1_x = initial_board [y + 1, x];
+
+                if (((!) x_y).color_south != ((!) x_yplus1).color_north)
                     return false;
-                if (((!) initial_board [y, x]).color_east != ((!) initial_board [y + 1, x]).color_west)
+                if (((!) y_x).color_east != ((!) yplus1_x).color_west)
                     return false;
             }