In DecodeString, convert char to unsigned char before printing it as

integer.  This ensures that there are no negative numbers.

Check for errors, and clean up and emit a warning and return NULL in
such a case.


git-svn-id: http://svn.cactuscode.org/arrangements/CactusBase/IOUtil/trunk@246 b32723a9-ab3a-4a60-88e2-2e5d99d7c17a

1 files changed, 15 insertions, 8 deletions

diff --git a/src/CheckpointRecovery.c b/src/CheckpointRecovery.c
index 3c60afc..9d6ab65 100644
--- a/src/CheckpointRecovery.c
+++ b/src/CheckpointRecovery.c
@@ -18,7 +18,6 @@
 #include "ioutil_CheckpointRecovery.h"
 
 
-#include <assert.h>
 #include <ctype.h>
 #include <stdio.h>
 #include <string.h>
@@ -966,13 +965,16 @@ static char *EncodeString (const char *string)
 
 
   p = retval = malloc (4*len + 1);
-  assert (retval);
+  if (! retval)
+  {
+    CCTK_WARN (0, "Out of memory !");
+  }
 
   for (i = 0; i < len; i++)
   {
     if (! isprint (string[i]))
     {
-      sprintf (p, "\\%.03d", string[i]);
+      sprintf (p, "\\%.03d", (unsigned char)string[i]);
       p += 4;
     }
     else
@@ -1011,17 +1013,17 @@ static char *DecodeString (const char *string)
     }
     else
     {
-      assert (i+1 < len);
+      if (i+1 >= len) goto bail_out;
       if (string[i+1] == '\\')
       {
         *p++ = '\\'; i++;
       }
       else
       {
-        assert (i+3 < len);
-        assert (isdigit (string[i+1]) &&
-                isdigit (string[i+2]) &&
-                isdigit (string[i+3]));
+        if (i+3 >= len) goto bail_out;
+        if (! isdigit (string[i+1]) ||
+            ! isdigit (string[i+2]) ||
+            ! isdigit (string[i+3])) goto bail_out;
         *p++ = (char) (100*(string[i+1] - '0') +
                         10*(string[i+2] - '0') +
                          1*(string[i+3] - '0'));
@@ -1032,6 +1034,11 @@ static char *DecodeString (const char *string)
   *p = 0;
 
   return (retval);
+
+ bail_out:
+  free (retval);
+  CCTK_WARN (1, "Malformed string");
+  return NULL;
 }