From 8d66d9307d856d8397542897600cb566f77fa0a4 Mon Sep 17 00:00:00 2001
From: Marko Lindqvist <cazfi74@gmail.com>
Date: Tue, 12 Apr 2022 21:34:42 +0300
Subject: [PATCH 42/42] savegame: Turn unquote_block() asserts to sanity checks

They should be done even when asserts are disabled, as they
are checking external data (savegame)

See osdn #44211

Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
---
 server/savegame/savegame2.c | 26 +++++++++++++++++++++-----
 server/savegame/savegame3.c | 26 +++++++++++++++++++++-----
 2 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/server/savegame/savegame2.c b/server/savegame/savegame2.c
index 9c6d31d012..7505342b8d 100644
--- a/server/savegame/savegame2.c
+++ b/server/savegame/savegame2.c
@@ -705,23 +705,39 @@ static int unquote_block(const char *const quoted_, void *dest,
   const char *quoted = quoted_;
 
   parsed = sscanf(quoted, "%d", &length);
-  fc_assert_ret_val(1 == parsed, 0);
+
+  if (parsed != 1) {
+    log_error(_("Syntax error in attribute block."));
+    return 0;
+  }
 
   if (length > dest_length) {
     return 0;
   }
+
   quoted = strchr(quoted, ':');
-  fc_assert_ret_val(quoted != NULL, 0);
+
+  if (quoted == NULL) {
+    log_error(_("Syntax error in attribute block."));
+    return 0;
+  }
+
   quoted++;
 
   for (i = 0; i < length; i++) {
     tmp = strtol(quoted, &endptr, 16);
-    fc_assert_ret_val((endptr - quoted) == 2, 0);
-    fc_assert_ret_val(*endptr == ' ', 0);
-    fc_assert_ret_val((tmp & 0xff) == tmp, 0);
+
+    if ((endptr - quoted) != 2
+        || *endptr != ' '
+        || (tmp & 0xff) != tmp) {
+      log_error(_("Syntax error in attribute block."));
+      return 0;
+    }
+
     ((unsigned char *) dest)[i] = tmp;
     quoted += 3;
   }
+
   return length;
 }
 
diff --git a/server/savegame/savegame3.c b/server/savegame/savegame3.c
index ae92f682f1..fe07debb37 100644
--- a/server/savegame/savegame3.c
+++ b/server/savegame/savegame3.c
@@ -903,23 +903,39 @@ static int unquote_block(const char *const quoted_, void *dest,
   const char *quoted = quoted_;
 
   parsed = sscanf(quoted, "%d", &length);
-  fc_assert_ret_val(1 == parsed, 0);
+
+  if (parsed != 1) {
+    log_error(_("Syntax error in attribute block."));
+    return 0;
+  }
 
   if (length > dest_length) {
     return 0;
   }
+
   quoted = strchr(quoted, ':');
-  fc_assert_ret_val(quoted != NULL, 0);
+
+  if (quoted == NULL) {
+    log_error(_("Syntax error in attribute block."));
+    return 0;
+  }
+
   quoted++;
 
   for (i = 0; i < length; i++) {
     tmp = strtol(quoted, &endptr, 16);
-    fc_assert_ret_val((endptr - quoted) == 2, 0);
-    fc_assert_ret_val(*endptr == ' ', 0);
-    fc_assert_ret_val((tmp & 0xff) == tmp, 0);
+
+    if ((endptr - quoted) != 2
+        || *endptr != ' '
+        || (tmp & 0xff) != tmp) {
+      log_error(_("Syntax error in attribute block."));
+      return 0;
+    }
+
     ((unsigned char *) dest)[i] = tmp;
     quoted += 3;
   }
+
   return length;
 }
 
-- 
2.35.1