Exercise on Secure Programming

Write a secure and reliable program that sums integers.

The program is fed a stream of characters through standard input. The characters can be classified as

• digits '0', '1', …, '9';
• operators '+', '-';
• whitespace '\0', …, ' ' or
• something else.

It is also customary to

• define sequences of one or more digits as numbers and
• decide how expressions are represented.

In this case an expression consists of zero or more numbers that are separated by operators. The first number of an expression may also be prefixed with an operator denoting its sign. Whitespace between digits and numbers should be ignored for convenient use.

The program must either

• evaluate the expression correctly,
• print the result into standard output and
• exit with zero status

or

• reject the input,
• print an error message into the standard error stream and
• exit with nonzero status,

both without

• having security vulnerabilities or
• consuming too many system resources.

If the requirements sound easy, that is a sure sign to be extra careful!

The following tests should pass.