Line data Source code
1 : /* pb_decode.c -- decode a protobuf using minimal resources
2 : *
3 : * 2011 Petteri Aimonen <jpa@kapsi.fi>
4 : */
5 :
6 : /* Use the GCC warn_unused_result attribute to check that all return values
7 : * are propagated correctly. On other compilers and gcc before 3.4.0 just
8 : * ignore the annotation.
9 : */
10 : #if !defined(__GNUC__) || ( __GNUC__ < 3) || (__GNUC__ == 3 && __GNUC_MINOR__ < 4)
11 : #define checkreturn
12 : #else
13 : #define checkreturn __attribute__((warn_unused_result))
14 : #endif
15 :
16 : #include "pb_firedancer.h"
17 : #include "pb_decode.h"
18 : #include "pb_common.h"
19 :
20 : /**************************************
21 : * Declarations internal to this file *
22 : **************************************/
23 :
24 : static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count);
25 : static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof);
26 : static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size);
27 : static bool checkreturn decode_basic_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
28 : static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
29 : static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
30 : static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
31 : static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
32 : static bool checkreturn default_extension_decoder(pb_istream_t *stream, pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type);
33 : static bool checkreturn decode_extension(pb_istream_t *stream, uint32_t tag, pb_wire_type_t wire_type, pb_extension_t *extension);
34 : static bool pb_field_set_to_default(pb_field_iter_t *field);
35 : static bool pb_message_set_to_defaults(pb_field_iter_t *iter);
36 : static bool checkreturn pb_dec_bool(pb_istream_t *stream, const pb_field_iter_t *field);
37 : static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_iter_t *field);
38 : static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_iter_t *field);
39 : static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_iter_t *field);
40 : static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_iter_t *field);
41 : static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_iter_t *field);
42 : static bool checkreturn pb_skip_varint(pb_istream_t *stream);
43 : static bool checkreturn pb_skip_string(pb_istream_t *stream);
44 :
45 : #ifdef PB_ENABLE_MALLOC
46 : static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size);
47 : static void initialize_pointer_field(void *pItem, pb_field_iter_t *field);
48 : static bool checkreturn pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *field);
49 : static void pb_release_single_field(pb_field_iter_t *field);
50 : #endif
51 :
52 : #ifdef PB_WITHOUT_64BIT
53 : #define pb_int64_t int32_t
54 : #define pb_uint64_t uint32_t
55 : #else
56 155682 : #define pb_int64_t int64_t
57 3211344 : #define pb_uint64_t uint64_t
58 : #endif
59 :
60 : typedef struct {
61 : uint32_t bitfield[(PB_MAX_REQUIRED_FIELDS + 31) / 32];
62 : } pb_fields_seen_t;
63 :
64 : /*******************************
65 : * pb_istream_t implementation *
66 : *******************************/
67 :
68 : static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count)
69 19285602 : {
70 19285602 : const pb_byte_t *source = (const pb_byte_t*)stream->state;
71 19285602 : stream->state = (pb_byte_t*)stream->state + count;
72 :
73 19285602 : if (buf != NULL)
74 18997935 : {
75 18997935 : memcpy(buf, source, count * sizeof(pb_byte_t));
76 18997935 : }
77 :
78 19285602 : return true;
79 19285602 : }
80 :
81 : bool checkreturn pb_read(pb_istream_t *stream, pb_byte_t *buf, size_t count)
82 19285602 : {
83 19285602 : if (count == 0)
84 0 : return true;
85 :
86 : #ifndef PB_BUFFER_ONLY
87 : if (buf == NULL && stream->callback != buf_read)
88 : {
89 : /* Skip input bytes */
90 : pb_byte_t tmp[16];
91 : while (count > 16)
92 : {
93 : if (!pb_read(stream, tmp, 16))
94 : return false;
95 :
96 : count -= 16;
97 : }
98 :
99 : return pb_read(stream, tmp, count);
100 : }
101 : #endif
102 :
103 19285602 : if (stream->bytes_left < count)
104 0 : PB_RETURN_ERROR(stream, "end-of-stream");
105 :
106 : #ifndef PB_BUFFER_ONLY
107 : if (!stream->callback(stream, buf, count))
108 : PB_RETURN_ERROR(stream, "io error");
109 : #else
110 19285602 : if (!buf_read(stream, buf, count))
111 0 : return false;
112 19285602 : #endif
113 :
114 19285602 : if (stream->bytes_left < count)
115 0 : stream->bytes_left = 0;
116 19285602 : else
117 19285602 : stream->bytes_left -= count;
118 :
119 19285602 : return true;
120 19285602 : }
121 :
122 : /* Read a single byte from input stream. buf may not be NULL.
123 : * This is an optimization for the varint decoding. */
124 : static bool checkreturn pb_readbyte(pb_istream_t *stream, pb_byte_t *buf)
125 38640171 : {
126 38640171 : if (stream->bytes_left == 0)
127 0 : PB_RETURN_ERROR(stream, "end-of-stream");
128 :
129 : #ifndef PB_BUFFER_ONLY
130 : if (!stream->callback(stream, buf, 1))
131 : PB_RETURN_ERROR(stream, "io error");
132 : #else
133 38640171 : *buf = *(const pb_byte_t*)stream->state;
134 38640171 : stream->state = (pb_byte_t*)stream->state + 1;
135 38640171 : #endif
136 :
137 38640171 : stream->bytes_left--;
138 :
139 38640171 : return true;
140 38640171 : }
141 :
142 : pb_istream_t pb_istream_from_buffer(const pb_byte_t *buf, size_t msglen)
143 110235 : {
144 110235 : pb_istream_t stream;
145 : /* Cast away the const from buf without a compiler error. We are
146 : * careful to use it only in a const manner in the callbacks.
147 : */
148 110235 : union {
149 110235 : void *state;
150 110235 : const void *c_state;
151 110235 : } state;
152 110235 : #ifdef PB_BUFFER_ONLY
153 110235 : stream.callback = NULL;
154 : #else
155 : stream.callback = &buf_read;
156 : #endif
157 110235 : state.c_state = buf;
158 110235 : stream.state = state.state;
159 110235 : stream.bytes_left = msglen;
160 110235 : #ifndef PB_NO_ERRMSG
161 110235 : stream.errmsg = NULL;
162 110235 : #endif
163 110235 : return stream;
164 110235 : }
165 :
166 : /********************
167 : * Helper functions *
168 : ********************/
169 :
170 : static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof)
171 20892288 : {
172 20892288 : pb_byte_t byte;
173 20892288 : uint32_t result;
174 :
175 20892288 : if (!pb_readbyte(stream, &byte))
176 0 : {
177 0 : if (stream->bytes_left == 0)
178 0 : {
179 0 : if (eof)
180 0 : {
181 0 : *eof = true;
182 0 : }
183 0 : }
184 :
185 0 : return false;
186 0 : }
187 :
188 20892288 : if ((byte & 0x80) == 0)
189 19912056 : {
190 : /* Quick case, 1 byte value */
191 19912056 : result = byte;
192 19912056 : }
193 980232 : else
194 980232 : {
195 : /* Multibyte case */
196 980232 : uint_fast8_t bitpos = 7;
197 980232 : result = byte & 0x7F;
198 :
199 980232 : do
200 1045530 : {
201 1045530 : if (!pb_readbyte(stream, &byte))
202 0 : return false;
203 :
204 1045530 : if (bitpos >= 32)
205 0 : {
206 : /* Note: The varint could have trailing 0x80 bytes, or 0xFF for negative. */
207 0 : pb_byte_t sign_extension = (bitpos < 63) ? 0xFF : 0x01;
208 0 : bool valid_extension = ((byte & 0x7F) == 0x00 ||
209 0 : ((result >> 31) != 0 && byte == sign_extension));
210 :
211 0 : if (bitpos >= 64 || !valid_extension)
212 0 : {
213 0 : PB_RETURN_ERROR(stream, "varint overflow");
214 0 : }
215 0 : }
216 1045530 : else if (bitpos == 28)
217 9 : {
218 9 : if ((byte & 0x70) != 0 && (byte & 0x78) != 0x78)
219 0 : {
220 0 : PB_RETURN_ERROR(stream, "varint overflow");
221 0 : }
222 9 : result |= (uint32_t)(byte & 0x0F) << bitpos;
223 9 : }
224 1045521 : else
225 1045521 : {
226 1045521 : result |= (uint32_t)(byte & 0x7F) << bitpos;
227 1045521 : }
228 1045530 : bitpos = (uint_fast8_t)(bitpos + 7);
229 1045530 : } while (byte & 0x80);
230 980232 : }
231 :
232 20892288 : *dest = result;
233 20892288 : return true;
234 20892288 : }
235 :
236 : bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest)
237 8934015 : {
238 8934015 : return pb_decode_varint32_eof(stream, dest, NULL);
239 8934015 : }
240 :
241 : #ifndef PB_WITHOUT_64BIT
242 : bool checkreturn pb_decode_varint(pb_istream_t *stream, uint64_t *dest)
243 3211344 : {
244 3211344 : pb_byte_t byte;
245 3211344 : uint_fast8_t bitpos = 0;
246 3211344 : uint64_t result = 0;
247 :
248 3211344 : do
249 16702353 : {
250 16702353 : if (!pb_readbyte(stream, &byte))
251 0 : return false;
252 :
253 16702353 : if (bitpos >= 63 && (byte & 0xFE) != 0)
254 0 : PB_RETURN_ERROR(stream, "varint overflow");
255 :
256 16702353 : result |= (uint64_t)(byte & 0x7F) << bitpos;
257 16702353 : bitpos = (uint_fast8_t)(bitpos + 7);
258 16702353 : } while (byte & 0x80);
259 :
260 3211344 : *dest = result;
261 3211344 : return true;
262 3211344 : }
263 : #endif
264 :
265 : bool checkreturn pb_skip_varint(pb_istream_t *stream)
266 14289 : {
267 14289 : pb_byte_t byte;
268 14289 : do
269 15276 : {
270 15276 : if (!pb_read(stream, &byte, 1))
271 0 : return false;
272 15276 : } while (byte & 0x80);
273 14289 : return true;
274 14289 : }
275 :
276 : bool checkreturn pb_skip_string(pb_istream_t *stream)
277 6441 : {
278 6441 : uint32_t length;
279 6441 : if (!pb_decode_varint32(stream, &length))
280 0 : return false;
281 :
282 6441 : if ((size_t)length != length)
283 0 : {
284 0 : PB_RETURN_ERROR(stream, "size too large");
285 0 : }
286 :
287 6441 : return pb_read(stream, NULL, (size_t)length);
288 6441 : }
289 :
290 : bool checkreturn pb_decode_tag(pb_istream_t *stream, pb_wire_type_t *wire_type, uint32_t *tag, bool *eof)
291 11958273 : {
292 11958273 : uint32_t temp;
293 11958273 : *eof = false;
294 11958273 : *wire_type = (pb_wire_type_t) 0;
295 11958273 : *tag = 0;
296 :
297 11958273 : if (!pb_decode_varint32_eof(stream, &temp, eof))
298 0 : {
299 0 : return false;
300 0 : }
301 :
302 11958273 : *tag = temp >> 3;
303 11958273 : *wire_type = (pb_wire_type_t)(temp & 7);
304 11958273 : return true;
305 11958273 : }
306 :
307 : bool checkreturn pb_skip_field(pb_istream_t *stream, pb_wire_type_t wire_type)
308 21027 : {
309 21027 : switch (wire_type)
310 21027 : {
311 14289 : case PB_WT_VARINT: return pb_skip_varint(stream);
312 129 : case PB_WT_64BIT: return pb_read(stream, NULL, 8);
313 6441 : case PB_WT_STRING: return pb_skip_string(stream);
314 168 : case PB_WT_32BIT: return pb_read(stream, NULL, 4);
315 0 : default: PB_RETURN_ERROR(stream, "invalid wire_type");
316 21027 : }
317 21027 : }
318 :
319 : /* Read a raw value to buffer, for the purpose of passing it to callback as
320 : * a substream. Size is maximum size on call, and actual size on return.
321 : */
322 : static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size)
323 0 : {
324 0 : size_t max_size = *size;
325 0 : switch (wire_type)
326 0 : {
327 0 : case PB_WT_VARINT:
328 0 : *size = 0;
329 0 : do
330 0 : {
331 0 : (*size)++;
332 0 : if (*size > max_size)
333 0 : PB_RETURN_ERROR(stream, "varint overflow");
334 :
335 0 : if (!pb_read(stream, buf, 1))
336 0 : return false;
337 0 : } while (*buf++ & 0x80);
338 0 : return true;
339 :
340 0 : case PB_WT_64BIT:
341 0 : *size = 8;
342 0 : return pb_read(stream, buf, 8);
343 :
344 0 : case PB_WT_32BIT:
345 0 : *size = 4;
346 0 : return pb_read(stream, buf, 4);
347 :
348 0 : case PB_WT_STRING:
349 : /* Calling read_raw_value with a PB_WT_STRING is an error.
350 : * Explicitly handle this case and fallthrough to default to avoid
351 : * compiler warnings.
352 : */
353 :
354 0 : default: PB_RETURN_ERROR(stream, "invalid wire_type");
355 0 : }
356 0 : }
357 :
358 : /* Decode string length from stream and return a substream with limited length.
359 : * Remember to close the substream using pb_close_string_substream().
360 : */
361 : bool checkreturn pb_make_string_substream(pb_istream_t *stream, pb_istream_t *substream)
362 3219576 : {
363 3219576 : uint32_t size;
364 3219576 : if (!pb_decode_varint32(stream, &size))
365 0 : return false;
366 :
367 3219576 : *substream = *stream;
368 3219576 : if (substream->bytes_left < size)
369 0 : PB_RETURN_ERROR(stream, "parent stream too short");
370 :
371 3219576 : substream->bytes_left = (size_t)size;
372 3219576 : stream->bytes_left -= (size_t)size;
373 3219576 : return true;
374 3219576 : }
375 :
376 : bool checkreturn pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream)
377 3219576 : {
378 3219576 : if (substream->bytes_left) {
379 280929 : if (!pb_read(substream, NULL, substream->bytes_left))
380 0 : return false;
381 280929 : }
382 :
383 3219576 : stream->state = substream->state;
384 :
385 3219576 : #ifndef PB_NO_ERRMSG
386 3219576 : stream->errmsg = substream->errmsg;
387 3219576 : #endif
388 3219576 : return true;
389 3219576 : }
390 :
391 : /*************************
392 : * Decode a single field *
393 : *************************/
394 :
395 : static bool checkreturn decode_basic_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field)
396 26552139 : {
397 26552139 : switch (PB_LTYPE(field->type))
398 26552139 : {
399 1552113 : case PB_LTYPE_BOOL:
400 1552113 : if (wire_type != PB_WT_VARINT && wire_type != PB_WT_PACKED)
401 0 : PB_RETURN_ERROR(stream, "wrong wire type");
402 :
403 1552113 : return pb_dec_bool(stream, field);
404 :
405 77841 : case PB_LTYPE_VARINT:
406 3211344 : case PB_LTYPE_UVARINT:
407 3211344 : case PB_LTYPE_SVARINT:
408 3211344 : if (wire_type != PB_WT_VARINT && wire_type != PB_WT_PACKED)
409 0 : PB_RETURN_ERROR(stream, "wrong wire type");
410 :
411 3211344 : return pb_dec_varint(stream, field);
412 :
413 0 : case PB_LTYPE_FIXED32:
414 0 : if (wire_type != PB_WT_32BIT && wire_type != PB_WT_PACKED)
415 0 : PB_RETURN_ERROR(stream, "wrong wire type");
416 :
417 0 : return pb_decode_fixed32(stream, field->pData);
418 :
419 14826774 : case PB_LTYPE_FIXED64:
420 14826774 : if (wire_type != PB_WT_64BIT && wire_type != PB_WT_PACKED)
421 0 : PB_RETURN_ERROR(stream, "wrong wire type");
422 :
423 : #ifdef PB_CONVERT_DOUBLE_FLOAT
424 : if (field->data_size == sizeof(float))
425 : {
426 : return pb_decode_double_as_float(stream, (float*)field->pData);
427 : }
428 : #endif
429 :
430 : #ifdef PB_WITHOUT_64BIT
431 : PB_RETURN_ERROR(stream, "invalid data_size");
432 : #else
433 14826774 : return pb_decode_fixed64(stream, field->pData);
434 0 : #endif
435 :
436 1681425 : case PB_LTYPE_BYTES:
437 1681425 : if (wire_type != PB_WT_STRING)
438 0 : PB_RETURN_ERROR(stream, "wrong wire type");
439 :
440 1681425 : return pb_dec_bytes(stream, field);
441 :
442 110235 : case PB_LTYPE_STRING:
443 110235 : if (wire_type != PB_WT_STRING)
444 0 : PB_RETURN_ERROR(stream, "wrong wire type");
445 :
446 110235 : return pb_dec_string(stream, field);
447 :
448 2806023 : case PB_LTYPE_SUBMESSAGE:
449 2806023 : case PB_LTYPE_SUBMSG_W_CB:
450 2806023 : if (wire_type != PB_WT_STRING)
451 0 : PB_RETURN_ERROR(stream, "wrong wire type");
452 :
453 2806023 : return pb_dec_submessage(stream, field);
454 :
455 2364225 : case PB_LTYPE_FIXED_LENGTH_BYTES:
456 2364225 : if (wire_type != PB_WT_STRING)
457 0 : PB_RETURN_ERROR(stream, "wrong wire type");
458 :
459 2364225 : return pb_dec_fixed_length_bytes(stream, field);
460 :
461 0 : default:
462 0 : PB_RETURN_ERROR(stream, "invalid field type");
463 26552139 : }
464 26552139 : }
465 :
466 : static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field)
467 7843119 : {
468 7843119 : switch (PB_HTYPE(field->type))
469 7843119 : {
470 0 : case PB_HTYPE_REQUIRED:
471 0 : return decode_basic_field(stream, wire_type, field);
472 :
473 7843119 : case PB_HTYPE_OPTIONAL:
474 7843119 : if (field->pSize != NULL)
475 795660 : *(bool*)field->pSize = true;
476 7843119 : return decode_basic_field(stream, wire_type, field);
477 :
478 0 : case PB_HTYPE_REPEATED:
479 0 : if (wire_type == PB_WT_STRING
480 0 : && PB_LTYPE(field->type) <= PB_LTYPE_LAST_PACKABLE)
481 0 : {
482 : /* Packed array */
483 0 : bool status = true;
484 0 : pb_istream_t substream;
485 0 : pb_size_t *size = (pb_size_t*)field->pSize;
486 0 : field->pData = (char*)field->pField + field->data_size * (*size);
487 :
488 0 : if (!pb_make_string_substream(stream, &substream))
489 0 : return false;
490 :
491 0 : while (substream.bytes_left > 0 && *size < field->array_size)
492 0 : {
493 0 : if (!decode_basic_field(&substream, PB_WT_PACKED, field))
494 0 : {
495 0 : status = false;
496 0 : break;
497 0 : }
498 0 : (*size)++;
499 0 : field->pData = (char*)field->pData + field->data_size;
500 0 : }
501 :
502 0 : if (substream.bytes_left != 0)
503 0 : PB_RETURN_ERROR(stream, "array overflow");
504 0 : if (!pb_close_string_substream(stream, &substream))
505 0 : return false;
506 :
507 0 : return status;
508 0 : }
509 0 : else
510 0 : {
511 : /* Repeated field */
512 0 : pb_size_t *size = (pb_size_t*)field->pSize;
513 0 : field->pData = (char*)field->pField + field->data_size * (*size);
514 :
515 0 : if ((*size)++ >= field->array_size)
516 0 : PB_RETURN_ERROR(stream, "array overflow");
517 :
518 0 : return decode_basic_field(stream, wire_type, field);
519 0 : }
520 :
521 0 : case PB_HTYPE_ONEOF:
522 0 : if (PB_LTYPE_IS_SUBMSG(field->type) &&
523 0 : *(pb_size_t*)field->pSize != field->tag)
524 0 : {
525 : /* We memset to zero so that any callbacks are set to NULL.
526 : * This is because the callbacks might otherwise have values
527 : * from some other union field.
528 : * If callbacks are needed inside oneof field, use .proto
529 : * option submsg_callback to have a separate callback function
530 : * that can set the fields before submessage is decoded.
531 : * pb_dec_submessage() will set any default values. */
532 0 : memset(field->pData, 0, (size_t)field->data_size);
533 :
534 : /* Set default values for the submessage fields. */
535 0 : if (field->submsg_desc->default_value != NULL ||
536 0 : field->submsg_desc->field_callback != NULL ||
537 0 : field->submsg_desc->submsg_info[0] != NULL)
538 0 : {
539 0 : pb_field_iter_t submsg_iter;
540 0 : if (pb_field_iter_begin(&submsg_iter, field->submsg_desc, field->pData))
541 0 : {
542 0 : if (!pb_message_set_to_defaults(&submsg_iter))
543 0 : PB_RETURN_ERROR(stream, "failed to set defaults");
544 0 : }
545 0 : }
546 0 : }
547 0 : *(pb_size_t*)field->pSize = field->tag;
548 :
549 0 : return decode_basic_field(stream, wire_type, field);
550 :
551 0 : default:
552 0 : PB_RETURN_ERROR(stream, "invalid field type");
553 7843119 : }
554 7843119 : }
555 :
556 : #ifdef PB_ENABLE_MALLOC
557 : /* Allocate storage for the field and store the pointer at iter->pData.
558 : * array_size is the number of entries to reserve in an array.
559 : * Zero size is not allowed, use pb_free() for releasing.
560 : */
561 : static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size)
562 4751889 : {
563 4751889 : void *ptr = *(void**)pData;
564 :
565 4751889 : if (data_size == 0 || array_size == 0)
566 0 : PB_RETURN_ERROR(stream, "invalid size");
567 :
568 : #ifdef __AVR__
569 : /* Workaround for AVR libc bug 53284: http://savannah.nongnu.org/bugs/?53284
570 : * Realloc to size of 1 byte can cause corruption of the malloc structures.
571 : */
572 : if (data_size == 1 && array_size == 1)
573 : {
574 : data_size = 2;
575 : }
576 : #endif
577 :
578 : /* Check for multiplication overflows.
579 : * This code avoids the costly division if the sizes are small enough.
580 : * Multiplication is safe as long as only half of bits are set
581 : * in either multiplicand.
582 : */
583 4751889 : {
584 4751889 : const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4);
585 4751889 : if (data_size >= check_limit || array_size >= check_limit)
586 0 : {
587 0 : const size_t size_max = (size_t)-1;
588 0 : if (size_max / array_size < data_size)
589 0 : {
590 0 : PB_RETURN_ERROR(stream, "size too large");
591 0 : }
592 0 : }
593 4751889 : }
594 :
595 : /* Allocate new or expand previous allocation */
596 : /* Note: on failure the old pointer will remain in the structure,
597 : * the message must be freed by caller also on error return. */
598 4751889 : ptr = pb_realloc(ptr, array_size * data_size);
599 4751889 : if (ptr == NULL)
600 0 : PB_RETURN_ERROR(stream, "realloc failed");
601 :
602 4751889 : *(void**)pData = ptr;
603 4751889 : return true;
604 4751889 : }
605 :
606 : /* Clear a newly allocated item in case it contains a pointer, or is a submessage. */
607 : static void initialize_pointer_field(void *pItem, pb_field_iter_t *field)
608 17935491 : {
609 17935491 : if (PB_LTYPE(field->type) == PB_LTYPE_STRING ||
610 17935491 : PB_LTYPE(field->type) == PB_LTYPE_BYTES)
611 896682 : {
612 896682 : *(void**)pItem = NULL;
613 896682 : }
614 17038809 : else if (PB_LTYPE_IS_SUBMSG(field->type))
615 2010363 : {
616 : /* We memset to zero so that any callbacks are set to NULL.
617 : * Default values will be set by pb_dec_submessage(). */
618 2010363 : memset(pItem, 0, field->data_size);
619 2010363 : }
620 17935491 : }
621 : #endif
622 :
623 : static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field)
624 3813198 : {
625 : #ifndef PB_ENABLE_MALLOC
626 : PB_UNUSED(wire_type);
627 : PB_UNUSED(field);
628 : PB_RETURN_ERROR(stream, "no malloc support");
629 : #else
630 3813198 : switch (PB_HTYPE(field->type))
631 3813198 : {
632 0 : case PB_HTYPE_REQUIRED:
633 773529 : case PB_HTYPE_OPTIONAL:
634 773529 : case PB_HTYPE_ONEOF:
635 773529 : if (PB_LTYPE_IS_SUBMSG(field->type) && *(void**)field->pField != NULL)
636 0 : {
637 : /* Duplicate field, have to release the old allocation first. */
638 : /* FIXME: Does this work correctly for oneofs? */
639 0 : pb_release_single_field(field);
640 0 : }
641 :
642 773529 : if (PB_HTYPE(field->type) == PB_HTYPE_ONEOF)
643 0 : {
644 0 : *(pb_size_t*)field->pSize = field->tag;
645 0 : }
646 :
647 773529 : if (PB_LTYPE(field->type) == PB_LTYPE_STRING ||
648 773529 : PB_LTYPE(field->type) == PB_LTYPE_BYTES)
649 773529 : {
650 : /* pb_dec_string and pb_dec_bytes handle allocation themselves */
651 773529 : field->pData = field->pField;
652 773529 : return decode_basic_field(stream, wire_type, field);
653 773529 : }
654 0 : else
655 0 : {
656 0 : if (!allocate_field(stream, field->pField, field->data_size, 1))
657 0 : return false;
658 :
659 0 : field->pData = *(void**)field->pField;
660 0 : initialize_pointer_field(field->pData, field);
661 0 : return decode_basic_field(stream, wire_type, field);
662 0 : }
663 :
664 3039669 : case PB_HTYPE_REPEATED:
665 3039669 : if (wire_type == PB_WT_STRING
666 3039669 : && PB_LTYPE(field->type) <= PB_LTYPE_LAST_PACKABLE)
667 132624 : {
668 : /* Packed array, multiple items come in at once. */
669 132624 : bool status = true;
670 132624 : pb_size_t *size = (pb_size_t*)field->pSize;
671 132624 : size_t allocated_size = *size;
672 132624 : pb_istream_t substream;
673 :
674 132624 : if (!pb_make_string_substream(stream, &substream))
675 0 : return false;
676 :
677 15161070 : while (substream.bytes_left)
678 15028446 : {
679 15028446 : if (*size == PB_SIZE_MAX)
680 0 : {
681 0 : #ifndef PB_NO_ERRMSG
682 0 : stream->errmsg = "too many array entries";
683 0 : #endif
684 0 : status = false;
685 0 : break;
686 0 : }
687 :
688 15028446 : if ((size_t)*size + 1 > allocated_size)
689 174633 : {
690 : /* Allocate more storage. This tries to guess the
691 : * number of remaining entries. Round the division
692 : * upwards. */
693 174633 : size_t remain = (substream.bytes_left - 1) / field->data_size + 1;
694 174633 : if (remain < PB_SIZE_MAX - allocated_size)
695 174633 : allocated_size += remain;
696 0 : else
697 0 : allocated_size += 1;
698 :
699 174633 : if (!allocate_field(&substream, field->pField, field->data_size, allocated_size))
700 0 : {
701 0 : status = false;
702 0 : break;
703 0 : }
704 174633 : }
705 :
706 : /* Decode the array entry */
707 15028446 : field->pData = *(char**)field->pField + field->data_size * (*size);
708 15028446 : if (field->pData == NULL)
709 0 : {
710 : /* Shouldn't happen, but satisfies static analyzers */
711 0 : status = false;
712 0 : break;
713 0 : }
714 15028446 : initialize_pointer_field(field->pData, field);
715 15028446 : if (!decode_basic_field(&substream, PB_WT_PACKED, field))
716 0 : {
717 0 : status = false;
718 0 : break;
719 0 : }
720 :
721 15028446 : (*size)++;
722 15028446 : }
723 132624 : if (!pb_close_string_substream(stream, &substream))
724 0 : return false;
725 :
726 132624 : return status;
727 132624 : }
728 2907045 : else
729 2907045 : {
730 : /* Normal repeated field, i.e. only one item at a time. */
731 2907045 : pb_size_t *size = (pb_size_t*)field->pSize;
732 :
733 2907045 : if (*size == PB_SIZE_MAX)
734 0 : PB_RETURN_ERROR(stream, "too many array entries");
735 :
736 2907045 : if (!allocate_field(stream, field->pField, field->data_size, (size_t)(*size + 1)))
737 0 : return false;
738 :
739 2907045 : field->pData = *(char**)field->pField + field->data_size * (*size);
740 2907045 : (*size)++;
741 2907045 : initialize_pointer_field(field->pData, field);
742 2907045 : return decode_basic_field(stream, wire_type, field);
743 2907045 : }
744 :
745 0 : default:
746 0 : PB_RETURN_ERROR(stream, "invalid field type");
747 3813198 : }
748 3813198 : #endif
749 3813198 : }
750 :
751 : static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field)
752 280929 : {
753 280929 : if (!field->descriptor->field_callback)
754 0 : return pb_skip_field(stream, wire_type);
755 :
756 280929 : if (wire_type == PB_WT_STRING)
757 280929 : {
758 280929 : pb_istream_t substream;
759 280929 : size_t prev_bytes_left;
760 :
761 280929 : if (!pb_make_string_substream(stream, &substream))
762 0 : return false;
763 :
764 280929 : do
765 280929 : {
766 280929 : prev_bytes_left = substream.bytes_left;
767 280929 : if (!field->descriptor->field_callback(&substream, NULL, field))
768 0 : {
769 0 : PB_SET_ERROR(stream, substream.errmsg ? substream.errmsg : "callback failed");
770 0 : return false;
771 0 : }
772 280929 : } while (substream.bytes_left > 0 && substream.bytes_left < prev_bytes_left);
773 :
774 280929 : if (!pb_close_string_substream(stream, &substream))
775 0 : return false;
776 :
777 280929 : return true;
778 280929 : }
779 0 : else
780 0 : {
781 : /* Copy the single scalar value to stack.
782 : * This is required so that we can limit the stream length,
783 : * which in turn allows to use same callback for packed and
784 : * not-packed fields. */
785 0 : pb_istream_t substream;
786 0 : pb_byte_t buffer[10];
787 0 : size_t size = sizeof(buffer);
788 :
789 0 : if (!read_raw_value(stream, wire_type, buffer, &size))
790 0 : return false;
791 0 : substream = pb_istream_from_buffer(buffer, size);
792 :
793 0 : return field->descriptor->field_callback(&substream, NULL, field);
794 0 : }
795 280929 : }
796 :
797 : static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field)
798 11937246 : {
799 11937246 : #ifdef PB_ENABLE_MALLOC
800 : /* When decoding an oneof field, check if there is old data that must be
801 : * released first. */
802 11937246 : if (PB_HTYPE(field->type) == PB_HTYPE_ONEOF)
803 0 : {
804 0 : if (!pb_release_union_field(stream, field))
805 0 : return false;
806 0 : }
807 11937246 : #endif
808 :
809 11937246 : switch (PB_ATYPE(field->type))
810 11937246 : {
811 7843119 : case PB_ATYPE_STATIC:
812 7843119 : return decode_static_field(stream, wire_type, field);
813 :
814 3813198 : case PB_ATYPE_POINTER:
815 3813198 : return decode_pointer_field(stream, wire_type, field);
816 :
817 280929 : case PB_ATYPE_CALLBACK:
818 280929 : return decode_callback_field(stream, wire_type, field);
819 :
820 0 : default:
821 0 : PB_RETURN_ERROR(stream, "invalid field type");
822 11937246 : }
823 11937246 : }
824 :
825 : /* Default handler for extension fields. Expects to have a pb_msgdesc_t
826 : * pointer in the extension->type->arg field, pointing to a message with
827 : * only one field in it. */
828 : static bool checkreturn default_extension_decoder(pb_istream_t *stream,
829 : pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type)
830 0 : {
831 0 : pb_field_iter_t iter;
832 :
833 0 : if (!pb_field_iter_begin_extension(&iter, extension))
834 0 : PB_RETURN_ERROR(stream, "invalid extension");
835 :
836 0 : if (iter.tag != tag || !iter.message)
837 0 : return true;
838 :
839 0 : extension->found = true;
840 0 : return decode_field(stream, wire_type, &iter);
841 0 : }
842 :
843 : /* Try to decode an unknown field as an extension field. Tries each extension
844 : * decoder in turn, until one of them handles the field or loop ends. */
845 : static bool checkreturn decode_extension(pb_istream_t *stream,
846 : uint32_t tag, pb_wire_type_t wire_type, pb_extension_t *extension)
847 0 : {
848 0 : size_t pos = stream->bytes_left;
849 :
850 0 : while (extension != NULL && pos == stream->bytes_left)
851 0 : {
852 0 : bool status;
853 0 : if (extension->type->decode)
854 0 : status = extension->type->decode(stream, extension, tag, wire_type);
855 0 : else
856 0 : status = default_extension_decoder(stream, extension, tag, wire_type);
857 :
858 0 : if (!status)
859 0 : return false;
860 :
861 0 : extension = extension->next;
862 0 : }
863 :
864 0 : return true;
865 0 : }
866 :
867 : /* Initialize message fields to default values, recursively */
868 : static bool pb_field_set_to_default(pb_field_iter_t *field)
869 13909134 : {
870 13909134 : pb_type_t type;
871 13909134 : type = field->type;
872 :
873 13909134 : if (PB_LTYPE(type) == PB_LTYPE_EXTENSION)
874 0 : {
875 0 : pb_extension_t *ext = *(pb_extension_t* const *)field->pData;
876 0 : while (ext != NULL)
877 0 : {
878 0 : pb_field_iter_t ext_iter;
879 0 : if (pb_field_iter_begin_extension(&ext_iter, ext))
880 0 : {
881 0 : ext->found = false;
882 0 : if (!pb_message_set_to_defaults(&ext_iter))
883 0 : return false;
884 0 : }
885 0 : ext = ext->next;
886 0 : }
887 0 : }
888 13909134 : else if (PB_ATYPE(type) == PB_ATYPE_STATIC)
889 9351150 : {
890 9351150 : bool init_data = true;
891 9351150 : if (PB_HTYPE(type) == PB_HTYPE_OPTIONAL && field->pSize != NULL)
892 1125435 : {
893 : /* Set has_field to false. Still initialize the optional field
894 : * itself also. */
895 1125435 : *(bool*)field->pSize = false;
896 1125435 : }
897 8225715 : else if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
898 8225715 : PB_HTYPE(type) == PB_HTYPE_ONEOF)
899 0 : {
900 : /* REPEATED: Set array count to 0, no need to initialize contents.
901 : ONEOF: Set which_field to 0. */
902 0 : *(pb_size_t*)field->pSize = 0;
903 0 : init_data = false;
904 0 : }
905 :
906 9351150 : if (init_data)
907 9351150 : {
908 9351150 : if (PB_LTYPE_IS_SUBMSG(field->type) &&
909 9351150 : (field->submsg_desc->default_value != NULL ||
910 1125435 : field->submsg_desc->field_callback != NULL ||
911 1125435 : field->submsg_desc->submsg_info[0] != NULL))
912 1125435 : {
913 : /* Initialize submessage to defaults.
914 : * Only needed if it has default values
915 : * or callback/submessage fields. */
916 1125435 : pb_field_iter_t submsg_iter;
917 1125435 : if (pb_field_iter_begin(&submsg_iter, field->submsg_desc, field->pData))
918 1125435 : {
919 1125435 : if (!pb_message_set_to_defaults(&submsg_iter))
920 0 : return false;
921 1125435 : }
922 1125435 : }
923 8225715 : else
924 8225715 : {
925 : /* Initialize to zeros */
926 8225715 : memset(field->pData, 0, (size_t)field->data_size);
927 8225715 : }
928 9351150 : }
929 9351150 : }
930 4557984 : else if (PB_ATYPE(type) == PB_ATYPE_POINTER)
931 1181679 : {
932 : /* Initialize the pointer to NULL. */
933 1181679 : *(void**)field->pField = NULL;
934 :
935 : /* Initialize array count to 0. */
936 1181679 : if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
937 1181679 : PB_HTYPE(type) == PB_HTYPE_ONEOF)
938 32514 : {
939 32514 : *(pb_size_t*)field->pSize = 0;
940 32514 : }
941 1181679 : }
942 3376305 : else if (PB_ATYPE(type) == PB_ATYPE_CALLBACK)
943 3376305 : {
944 : /* Don't overwrite callback */
945 3376305 : }
946 :
947 13909134 : return true;
948 13909134 : }
949 :
950 : static bool pb_message_set_to_defaults(pb_field_iter_t *iter)
951 3135798 : {
952 3135798 : pb_istream_t defstream = PB_ISTREAM_EMPTY;
953 3135798 : uint32_t tag = 0;
954 3135798 : pb_wire_type_t wire_type = PB_WT_VARINT;
955 3135798 : bool eof;
956 :
957 3135798 : if (iter->descriptor->default_value)
958 0 : {
959 0 : defstream = pb_istream_from_buffer(iter->descriptor->default_value, (size_t)-1);
960 0 : if (!pb_decode_tag(&defstream, &wire_type, &tag, &eof))
961 0 : return false;
962 0 : }
963 :
964 3135798 : do
965 13909134 : {
966 13909134 : if (!pb_field_set_to_default(iter))
967 0 : return false;
968 :
969 13909134 : if (tag != 0 && iter->tag == tag)
970 0 : {
971 : /* We have a default value for this field in the defstream */
972 0 : if (!decode_field(&defstream, wire_type, iter))
973 0 : return false;
974 0 : if (!pb_decode_tag(&defstream, &wire_type, &tag, &eof))
975 0 : return false;
976 :
977 0 : if (iter->pSize)
978 0 : *(bool*)iter->pSize = false;
979 0 : }
980 13909134 : } while (pb_field_iter_next(iter));
981 :
982 3135798 : return true;
983 3135798 : }
984 :
985 : /*********************
986 : * Decode all fields *
987 : *********************/
988 :
989 : static bool checkreturn pb_decode_inner(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct, unsigned int flags)
990 2916258 : {
991 2916258 : uint32_t extension_range_start = 0;
992 2916258 : pb_extension_t *extensions = NULL;
993 :
994 : /* 'fixed_count_field' and 'fixed_count_size' track position of a repeated fixed
995 : * count field. This can only handle _one_ repeated fixed count field that
996 : * is unpacked and unordered among other (non repeated fixed count) fields.
997 : */
998 2916258 : pb_size_t fixed_count_field = PB_SIZE_MAX;
999 2916258 : pb_size_t fixed_count_size = 0;
1000 2916258 : pb_size_t fixed_count_total_size = 0;
1001 :
1002 2916258 : pb_fields_seen_t fields_seen = {{0, 0}};
1003 2916258 : const uint32_t allbits = ~(uint32_t)0;
1004 2916258 : pb_field_iter_t iter;
1005 :
1006 2916258 : if (pb_field_iter_begin(&iter, fields, dest_struct))
1007 2916258 : {
1008 2916258 : if ((flags & PB_DECODE_NOINIT) == 0)
1009 2010363 : {
1010 2010363 : if (!pb_message_set_to_defaults(&iter))
1011 0 : PB_RETURN_ERROR(stream, "failed to set defaults");
1012 2010363 : }
1013 2916258 : }
1014 :
1015 14874531 : while (stream->bytes_left)
1016 11958273 : {
1017 11958273 : uint32_t tag;
1018 11958273 : pb_wire_type_t wire_type;
1019 11958273 : bool eof;
1020 :
1021 11958273 : if (!pb_decode_tag(stream, &wire_type, &tag, &eof))
1022 0 : {
1023 0 : if (eof)
1024 0 : break;
1025 0 : else
1026 0 : return false;
1027 0 : }
1028 :
1029 11958273 : if (tag == 0)
1030 0 : {
1031 0 : if (flags & PB_DECODE_NULLTERMINATED)
1032 0 : {
1033 0 : break;
1034 0 : }
1035 0 : else
1036 0 : {
1037 0 : PB_RETURN_ERROR(stream, "zero tag");
1038 0 : }
1039 0 : }
1040 :
1041 11958273 : if (!pb_field_iter_find(&iter, tag) || PB_LTYPE(iter.type) == PB_LTYPE_EXTENSION)
1042 21027 : {
1043 : /* No match found, check if it matches an extension. */
1044 21027 : if (extension_range_start == 0)
1045 33 : {
1046 33 : if (pb_field_iter_find_extension(&iter))
1047 0 : {
1048 0 : extensions = *(pb_extension_t* const *)iter.pData;
1049 0 : extension_range_start = iter.tag;
1050 0 : }
1051 :
1052 33 : if (!extensions)
1053 33 : {
1054 33 : extension_range_start = (uint32_t)-1;
1055 33 : }
1056 33 : }
1057 :
1058 21027 : if (tag >= extension_range_start)
1059 0 : {
1060 0 : size_t pos = stream->bytes_left;
1061 :
1062 0 : if (!decode_extension(stream, tag, wire_type, extensions))
1063 0 : return false;
1064 :
1065 0 : if (pos != stream->bytes_left)
1066 0 : {
1067 : /* The field was handled */
1068 0 : continue;
1069 0 : }
1070 0 : }
1071 :
1072 : /* No match found, skip data */
1073 21027 : if (!pb_skip_field(stream, wire_type))
1074 0 : return false;
1075 21027 : continue;
1076 21027 : }
1077 :
1078 : /* If a repeated fixed count field was found, get size from
1079 : * 'fixed_count_field' as there is no counter contained in the struct.
1080 : */
1081 11937246 : if (PB_HTYPE(iter.type) == PB_HTYPE_REPEATED && iter.pSize == &iter.array_size)
1082 0 : {
1083 0 : if (fixed_count_field != iter.index) {
1084 : /* If the new fixed count field does not match the previous one,
1085 : * check that the previous one is NULL or that it finished
1086 : * receiving all the expected data.
1087 : */
1088 0 : if (fixed_count_field != PB_SIZE_MAX &&
1089 0 : fixed_count_size != fixed_count_total_size)
1090 0 : {
1091 0 : PB_RETURN_ERROR(stream, "wrong size for fixed count field");
1092 0 : }
1093 :
1094 0 : fixed_count_field = iter.index;
1095 0 : fixed_count_size = 0;
1096 0 : fixed_count_total_size = iter.array_size;
1097 0 : }
1098 :
1099 0 : iter.pSize = &fixed_count_size;
1100 0 : }
1101 :
1102 11937246 : if (PB_HTYPE(iter.type) == PB_HTYPE_REQUIRED
1103 11937246 : && iter.required_field_index < PB_MAX_REQUIRED_FIELDS)
1104 0 : {
1105 0 : uint32_t tmp = ((uint32_t)1 << (iter.required_field_index & 31));
1106 0 : fields_seen.bitfield[iter.required_field_index >> 5] |= tmp;
1107 0 : }
1108 :
1109 11937246 : if (!decode_field(stream, wire_type, &iter))
1110 0 : return false;
1111 11937246 : }
1112 :
1113 : /* Check that all elements of the last decoded fixed count field were present. */
1114 2916258 : if (fixed_count_field != PB_SIZE_MAX &&
1115 2916258 : fixed_count_size != fixed_count_total_size)
1116 0 : {
1117 0 : PB_RETURN_ERROR(stream, "wrong size for fixed count field");
1118 0 : }
1119 :
1120 : /* Check that all required fields were present. */
1121 2916258 : {
1122 2916258 : pb_size_t req_field_count = iter.descriptor->required_field_count;
1123 :
1124 2916258 : if (req_field_count > 0)
1125 0 : {
1126 0 : pb_size_t i;
1127 :
1128 0 : if (req_field_count > PB_MAX_REQUIRED_FIELDS)
1129 0 : req_field_count = PB_MAX_REQUIRED_FIELDS;
1130 :
1131 : /* Check the whole words */
1132 0 : for (i = 0; i < (req_field_count >> 5); i++)
1133 0 : {
1134 0 : if (fields_seen.bitfield[i] != allbits)
1135 0 : PB_RETURN_ERROR(stream, "missing required field");
1136 0 : }
1137 :
1138 : /* Check the remaining bits (if any) */
1139 0 : if ((req_field_count & 31) != 0)
1140 0 : {
1141 0 : if (fields_seen.bitfield[req_field_count >> 5] !=
1142 0 : (allbits >> (uint_least8_t)(32 - (req_field_count & 31))))
1143 0 : {
1144 0 : PB_RETURN_ERROR(stream, "missing required field");
1145 0 : }
1146 0 : }
1147 0 : }
1148 2916258 : }
1149 :
1150 2916258 : return true;
1151 2916258 : }
1152 :
1153 : bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct, unsigned int flags)
1154 110235 : {
1155 110235 : bool status;
1156 :
1157 110235 : if ((flags & PB_DECODE_DELIMITED) == 0)
1158 110235 : {
1159 110235 : status = pb_decode_inner(stream, fields, dest_struct, flags);
1160 110235 : }
1161 0 : else
1162 0 : {
1163 0 : pb_istream_t substream;
1164 0 : if (!pb_make_string_substream(stream, &substream))
1165 0 : return false;
1166 :
1167 0 : status = pb_decode_inner(&substream, fields, dest_struct, flags);
1168 :
1169 0 : if (!pb_close_string_substream(stream, &substream))
1170 0 : return false;
1171 0 : }
1172 :
1173 110235 : #ifdef PB_ENABLE_MALLOC
1174 110235 : if (!status)
1175 0 : pb_release(fields, dest_struct);
1176 110235 : #endif
1177 :
1178 110235 : return status;
1179 110235 : }
1180 :
1181 : bool checkreturn pb_decode(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct)
1182 0 : {
1183 0 : bool status;
1184 :
1185 0 : status = pb_decode_inner(stream, fields, dest_struct, 0);
1186 :
1187 0 : #ifdef PB_ENABLE_MALLOC
1188 0 : if (!status)
1189 0 : pb_release(fields, dest_struct);
1190 0 : #endif
1191 :
1192 0 : return status;
1193 0 : }
1194 :
1195 : #ifdef PB_ENABLE_MALLOC
1196 : /* Given an oneof field, if there has already been a field inside this oneof,
1197 : * release it before overwriting with a different one. */
1198 : static bool pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *field)
1199 0 : {
1200 0 : pb_field_iter_t old_field = *field;
1201 0 : pb_size_t old_tag = *(pb_size_t*)field->pSize; /* Previous which_ value */
1202 0 : pb_size_t new_tag = field->tag; /* New which_ value */
1203 :
1204 0 : if (old_tag == 0)
1205 0 : return true; /* Ok, no old data in union */
1206 :
1207 0 : if (old_tag == new_tag)
1208 0 : return true; /* Ok, old data is of same type => merge */
1209 :
1210 : /* Release old data. The find can fail if the message struct contains
1211 : * invalid data. */
1212 0 : if (!pb_field_iter_find(&old_field, old_tag))
1213 0 : PB_RETURN_ERROR(stream, "invalid union tag");
1214 :
1215 0 : pb_release_single_field(&old_field);
1216 :
1217 0 : if (PB_ATYPE(field->type) == PB_ATYPE_POINTER)
1218 0 : {
1219 : /* Initialize the pointer to NULL to make sure it is valid
1220 : * even in case of error return. */
1221 0 : *(void**)field->pField = NULL;
1222 0 : field->pData = NULL;
1223 0 : }
1224 :
1225 0 : return true;
1226 0 : }
1227 :
1228 : static void pb_release_single_field(pb_field_iter_t *field)
1229 16769754 : {
1230 16769754 : pb_type_t type;
1231 16769754 : type = field->type;
1232 :
1233 16769754 : if (PB_HTYPE(type) == PB_HTYPE_ONEOF)
1234 0 : {
1235 0 : if (*(pb_size_t*)field->pSize != field->tag)
1236 0 : return; /* This is not the current field in the union */
1237 0 : }
1238 :
1239 : /* Release anything contained inside an extension or submsg.
1240 : * This has to be done even if the submsg itself is statically
1241 : * allocated. */
1242 16769754 : if (PB_LTYPE(type) == PB_LTYPE_EXTENSION)
1243 0 : {
1244 : /* Release fields from all extensions in the linked list */
1245 0 : pb_extension_t *ext = *(pb_extension_t**)field->pData;
1246 0 : while (ext != NULL)
1247 0 : {
1248 0 : pb_field_iter_t ext_iter;
1249 0 : if (pb_field_iter_begin_extension(&ext_iter, ext))
1250 0 : {
1251 0 : pb_release_single_field(&ext_iter);
1252 0 : }
1253 0 : ext = ext->next;
1254 0 : }
1255 0 : }
1256 16769754 : else if (PB_LTYPE_IS_SUBMSG(type) && PB_ATYPE(type) != PB_ATYPE_CALLBACK)
1257 2271579 : {
1258 : /* Release fields in submessage or submsg array */
1259 2271579 : pb_size_t count = 1;
1260 :
1261 2271579 : if (PB_ATYPE(type) == PB_ATYPE_POINTER)
1262 372390 : {
1263 372390 : field->pData = *(void**)field->pField;
1264 372390 : }
1265 1899189 : else
1266 1899189 : {
1267 1899189 : field->pData = field->pField;
1268 1899189 : }
1269 :
1270 2271579 : if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
1271 372390 : {
1272 372390 : count = *(pb_size_t*)field->pSize;
1273 :
1274 372390 : if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > field->array_size)
1275 0 : {
1276 : /* Protect against corrupted _count fields */
1277 0 : count = field->array_size;
1278 0 : }
1279 372390 : }
1280 :
1281 2271579 : if (field->pData)
1282 2110839 : {
1283 6020391 : for (; count > 0; count--)
1284 3909552 : {
1285 3909552 : pb_release(field->submsg_desc, field->pData);
1286 3909552 : field->pData = (char*)field->pData + field->data_size;
1287 3909552 : }
1288 2110839 : }
1289 2271579 : }
1290 :
1291 16769754 : if (PB_ATYPE(type) == PB_ATYPE_POINTER)
1292 2044578 : {
1293 2044578 : if (PB_HTYPE(type) == PB_HTYPE_REPEATED &&
1294 2044578 : (PB_LTYPE(type) == PB_LTYPE_STRING ||
1295 549840 : PB_LTYPE(type) == PB_LTYPE_BYTES))
1296 34110 : {
1297 : /* Release entries in repeated string or bytes array */
1298 34110 : void **pItem = *(void***)field->pField;
1299 34110 : pb_size_t count = *(pb_size_t*)field->pSize;
1300 930792 : for (; count > 0; count--)
1301 896682 : {
1302 896682 : pb_free(*pItem);
1303 896682 : *pItem++ = NULL;
1304 896682 : }
1305 34110 : }
1306 :
1307 2044578 : if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
1308 549840 : {
1309 : /* We are going to release the array, so set the size to 0 */
1310 549840 : *(pb_size_t*)field->pSize = 0;
1311 549840 : }
1312 :
1313 : /* Release main pointer */
1314 2044578 : pb_free(*(void**)field->pField);
1315 2044578 : *(void**)field->pField = NULL;
1316 2044578 : }
1317 16769754 : }
1318 :
1319 : void pb_release(const pb_msgdesc_t *fields, void *dest_struct)
1320 4019787 : {
1321 4019787 : pb_field_iter_t iter;
1322 :
1323 4019787 : if (!dest_struct)
1324 0 : return; /* Ignore NULL pointers, similar to free() */
1325 :
1326 4019787 : if (!pb_field_iter_begin(&iter, fields, dest_struct))
1327 0 : return; /* Empty message type */
1328 :
1329 4019787 : do
1330 16769754 : {
1331 16769754 : pb_release_single_field(&iter);
1332 16769754 : } while (pb_field_iter_next(&iter));
1333 4019787 : }
1334 : #else
1335 : void pb_release(const pb_msgdesc_t *fields, void *dest_struct)
1336 : {
1337 : /* Nothing to release without PB_ENABLE_MALLOC. */
1338 : PB_UNUSED(fields);
1339 : PB_UNUSED(dest_struct);
1340 : }
1341 : #endif
1342 :
1343 : /* Field decoders */
1344 :
1345 : bool pb_decode_bool(pb_istream_t *stream, bool *dest)
1346 1552113 : {
1347 1552113 : uint32_t value;
1348 1552113 : if (!pb_decode_varint32(stream, &value))
1349 0 : return false;
1350 :
1351 1552113 : *(bool*)dest = (value != 0);
1352 1552113 : return true;
1353 1552113 : }
1354 :
1355 : bool pb_decode_svarint(pb_istream_t *stream, pb_int64_t *dest)
1356 0 : {
1357 0 : pb_uint64_t value;
1358 0 : if (!pb_decode_varint(stream, &value))
1359 0 : return false;
1360 :
1361 0 : if (value & 1)
1362 0 : *dest = (pb_int64_t)(~(value >> 1));
1363 0 : else
1364 0 : *dest = (pb_int64_t)(value >> 1);
1365 :
1366 0 : return true;
1367 0 : }
1368 :
1369 : bool pb_decode_fixed32(pb_istream_t *stream, void *dest)
1370 0 : {
1371 0 : union {
1372 0 : uint32_t fixed32;
1373 0 : pb_byte_t bytes[4];
1374 0 : } u;
1375 :
1376 0 : if (!pb_read(stream, u.bytes, 4))
1377 0 : return false;
1378 :
1379 0 : #if defined(PB_LITTLE_ENDIAN_8BIT) && PB_LITTLE_ENDIAN_8BIT == 1
1380 : /* fast path - if we know that we're on little endian, assign directly */
1381 0 : *(uint32_t*)dest = u.fixed32;
1382 : #else
1383 : *(uint32_t*)dest = ((uint32_t)u.bytes[0] << 0) |
1384 : ((uint32_t)u.bytes[1] << 8) |
1385 : ((uint32_t)u.bytes[2] << 16) |
1386 : ((uint32_t)u.bytes[3] << 24);
1387 : #endif
1388 0 : return true;
1389 0 : }
1390 :
1391 : #ifndef PB_WITHOUT_64BIT
1392 : bool pb_decode_fixed64(pb_istream_t *stream, void *dest)
1393 14826774 : {
1394 14826774 : union {
1395 14826774 : uint64_t fixed64;
1396 14826774 : pb_byte_t bytes[8];
1397 14826774 : } u;
1398 :
1399 14826774 : if (!pb_read(stream, u.bytes, 8))
1400 0 : return false;
1401 :
1402 14826774 : #if defined(PB_LITTLE_ENDIAN_8BIT) && PB_LITTLE_ENDIAN_8BIT == 1
1403 : /* fast path - if we know that we're on little endian, assign directly */
1404 14826774 : *(uint64_t*)dest = u.fixed64;
1405 : #else
1406 : *(uint64_t*)dest = ((uint64_t)u.bytes[0] << 0) |
1407 : ((uint64_t)u.bytes[1] << 8) |
1408 : ((uint64_t)u.bytes[2] << 16) |
1409 : ((uint64_t)u.bytes[3] << 24) |
1410 : ((uint64_t)u.bytes[4] << 32) |
1411 : ((uint64_t)u.bytes[5] << 40) |
1412 : ((uint64_t)u.bytes[6] << 48) |
1413 : ((uint64_t)u.bytes[7] << 56);
1414 : #endif
1415 14826774 : return true;
1416 14826774 : }
1417 : #endif
1418 :
1419 : static bool checkreturn pb_dec_bool(pb_istream_t *stream, const pb_field_iter_t *field)
1420 1552113 : {
1421 1552113 : return pb_decode_bool(stream, (bool*)field->pData);
1422 1552113 : }
1423 :
1424 : static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_iter_t *field)
1425 3211344 : {
1426 3211344 : if (PB_LTYPE(field->type) == PB_LTYPE_UVARINT)
1427 3133503 : {
1428 3133503 : pb_uint64_t value, clamped;
1429 3133503 : if (!pb_decode_varint(stream, &value))
1430 0 : return false;
1431 :
1432 : /* Cast to the proper field size, while checking for overflows */
1433 3133503 : if (field->data_size == sizeof(pb_uint64_t))
1434 2244813 : clamped = *(pb_uint64_t*)field->pData = value;
1435 888690 : else if (field->data_size == sizeof(uint32_t))
1436 888690 : clamped = *(uint32_t*)field->pData = (uint32_t)value;
1437 0 : else if (field->data_size == sizeof(uint_least16_t))
1438 0 : clamped = *(uint_least16_t*)field->pData = (uint_least16_t)value;
1439 0 : else if (field->data_size == sizeof(uint_least8_t))
1440 0 : clamped = *(uint_least8_t*)field->pData = (uint_least8_t)value;
1441 0 : else
1442 0 : PB_RETURN_ERROR(stream, "invalid data_size");
1443 :
1444 3133503 : if (clamped != value)
1445 0 : PB_RETURN_ERROR(stream, "integer too large");
1446 :
1447 3133503 : return true;
1448 3133503 : }
1449 77841 : else
1450 77841 : {
1451 77841 : pb_uint64_t value;
1452 77841 : pb_int64_t svalue;
1453 77841 : pb_int64_t clamped;
1454 :
1455 77841 : if (PB_LTYPE(field->type) == PB_LTYPE_SVARINT)
1456 0 : {
1457 0 : if (!pb_decode_svarint(stream, &svalue))
1458 0 : return false;
1459 0 : }
1460 77841 : else
1461 77841 : {
1462 77841 : if (!pb_decode_varint(stream, &value))
1463 0 : return false;
1464 :
1465 : /* See issue 97: Google's C++ protobuf allows negative varint values to
1466 : * be cast as int32_t, instead of the int64_t that should be used when
1467 : * encoding. Nanopb versions before 0.2.5 had a bug in encoding. In order to
1468 : * not break decoding of such messages, we cast <=32 bit fields to
1469 : * int32_t first to get the sign correct.
1470 : */
1471 77841 : if (field->data_size == sizeof(pb_int64_t))
1472 1143 : svalue = (pb_int64_t)value;
1473 76698 : else
1474 76698 : svalue = (int32_t)value;
1475 77841 : }
1476 :
1477 : /* Cast to the proper field size, while checking for overflows */
1478 77841 : if (field->data_size == sizeof(pb_int64_t))
1479 1143 : clamped = *(pb_int64_t*)field->pData = svalue;
1480 76698 : else if (field->data_size == sizeof(int32_t))
1481 76698 : clamped = *(int32_t*)field->pData = (int32_t)svalue;
1482 0 : else if (field->data_size == sizeof(int_least16_t))
1483 0 : clamped = *(int_least16_t*)field->pData = (int_least16_t)svalue;
1484 0 : else if (field->data_size == sizeof(int_least8_t))
1485 0 : clamped = *(int_least8_t*)field->pData = (int_least8_t)svalue;
1486 0 : else
1487 0 : PB_RETURN_ERROR(stream, "invalid data_size");
1488 :
1489 77841 : if (clamped != svalue)
1490 0 : PB_RETURN_ERROR(stream, "integer too large");
1491 :
1492 77841 : return true;
1493 77841 : }
1494 3211344 : }
1495 :
1496 : static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_iter_t *field)
1497 1681425 : {
1498 1681425 : uint32_t size;
1499 1681425 : size_t alloc_size;
1500 1681425 : pb_bytes_array_t *dest;
1501 :
1502 1681425 : if (!pb_decode_varint32(stream, &size))
1503 0 : return false;
1504 :
1505 1681425 : if (size > PB_SIZE_MAX)
1506 0 : PB_RETURN_ERROR(stream, "bytes overflow");
1507 :
1508 1681425 : alloc_size = PB_BYTES_ARRAY_T_ALLOCSIZE(size);
1509 1681425 : if (size > alloc_size)
1510 0 : PB_RETURN_ERROR(stream, "size too large");
1511 :
1512 1681425 : if (PB_ATYPE(field->type) == PB_ATYPE_POINTER)
1513 1670211 : {
1514 : #ifndef PB_ENABLE_MALLOC
1515 : PB_RETURN_ERROR(stream, "no malloc support");
1516 : #else
1517 1670211 : if (stream->bytes_left < size)
1518 0 : PB_RETURN_ERROR(stream, "end-of-stream");
1519 :
1520 1670211 : if (!allocate_field(stream, field->pData, alloc_size, 1))
1521 0 : return false;
1522 1670211 : dest = *(pb_bytes_array_t**)field->pData;
1523 1670211 : #endif
1524 1670211 : }
1525 11214 : else
1526 11214 : {
1527 11214 : if (alloc_size > field->data_size)
1528 0 : PB_RETURN_ERROR(stream, "bytes overflow");
1529 11214 : dest = (pb_bytes_array_t*)field->pData;
1530 11214 : }
1531 :
1532 1681425 : dest->size = (pb_size_t)size;
1533 1681425 : return pb_read(stream, dest->bytes, (size_t)size);
1534 1681425 : }
1535 :
1536 : static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_iter_t *field)
1537 110235 : {
1538 110235 : uint32_t size;
1539 110235 : size_t alloc_size;
1540 110235 : pb_byte_t *dest = (pb_byte_t*)field->pData;
1541 :
1542 110235 : if (!pb_decode_varint32(stream, &size))
1543 0 : return false;
1544 :
1545 110235 : if (size == (uint32_t)-1)
1546 0 : PB_RETURN_ERROR(stream, "size too large");
1547 :
1548 : /* Space for null terminator */
1549 110235 : alloc_size = (size_t)(size + 1);
1550 :
1551 110235 : if (alloc_size < size)
1552 0 : PB_RETURN_ERROR(stream, "size too large");
1553 :
1554 110235 : if (PB_ATYPE(field->type) == PB_ATYPE_POINTER)
1555 0 : {
1556 : #ifndef PB_ENABLE_MALLOC
1557 : PB_RETURN_ERROR(stream, "no malloc support");
1558 : #else
1559 0 : if (stream->bytes_left < size)
1560 0 : PB_RETURN_ERROR(stream, "end-of-stream");
1561 :
1562 0 : if (!allocate_field(stream, field->pData, alloc_size, 1))
1563 0 : return false;
1564 0 : dest = *(pb_byte_t**)field->pData;
1565 0 : #endif
1566 0 : }
1567 110235 : else
1568 110235 : {
1569 110235 : if (alloc_size > field->data_size)
1570 0 : PB_RETURN_ERROR(stream, "string overflow");
1571 110235 : }
1572 :
1573 110235 : dest[size] = 0;
1574 :
1575 110235 : if (!pb_read(stream, dest, (size_t)size))
1576 0 : return false;
1577 :
1578 : #ifdef PB_VALIDATE_UTF8
1579 : if (!pb_validate_utf8((const char*)dest))
1580 : PB_RETURN_ERROR(stream, "invalid utf8");
1581 : #endif
1582 :
1583 110235 : return true;
1584 110235 : }
1585 :
1586 : static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_iter_t *field)
1587 2806023 : {
1588 2806023 : bool status = true;
1589 2806023 : bool submsg_consumed = false;
1590 2806023 : pb_istream_t substream;
1591 :
1592 2806023 : if (!pb_make_string_substream(stream, &substream))
1593 0 : return false;
1594 :
1595 2806023 : if (field->submsg_desc == NULL)
1596 0 : PB_RETURN_ERROR(stream, "invalid field descriptor");
1597 :
1598 : /* Submessages can have a separate message-level callback that is called
1599 : * before decoding the message. Typically it is used to set callback fields
1600 : * inside oneofs. */
1601 2806023 : if (PB_LTYPE(field->type) == PB_LTYPE_SUBMSG_W_CB && field->pSize != NULL)
1602 0 : {
1603 : /* Message callback is stored right before pSize. */
1604 0 : pb_callback_t *callback = (pb_callback_t*)field->pSize - 1;
1605 0 : if (callback->funcs.decode)
1606 0 : {
1607 0 : status = callback->funcs.decode(&substream, field, &callback->arg);
1608 :
1609 0 : if (substream.bytes_left == 0)
1610 0 : {
1611 0 : submsg_consumed = true;
1612 0 : }
1613 0 : }
1614 0 : }
1615 :
1616 : /* Now decode the submessage contents */
1617 2806023 : if (status && !submsg_consumed)
1618 2806023 : {
1619 2806023 : unsigned int flags = 0;
1620 :
1621 : /* Static required/optional fields are already initialized by top-level
1622 : * pb_decode(), no need to initialize them again. */
1623 2806023 : if (PB_ATYPE(field->type) == PB_ATYPE_STATIC &&
1624 2806023 : PB_HTYPE(field->type) != PB_HTYPE_REPEATED)
1625 795660 : {
1626 795660 : flags = PB_DECODE_NOINIT;
1627 795660 : }
1628 :
1629 2806023 : status = pb_decode_inner(&substream, field->submsg_desc, field->pData, flags);
1630 2806023 : }
1631 :
1632 2806023 : if (!pb_close_string_substream(stream, &substream))
1633 0 : return false;
1634 :
1635 2806023 : return status;
1636 2806023 : }
1637 :
1638 : static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_iter_t *field)
1639 2364225 : {
1640 2364225 : uint32_t size;
1641 :
1642 2364225 : if (!pb_decode_varint32(stream, &size))
1643 0 : return false;
1644 :
1645 2364225 : if (size > PB_SIZE_MAX)
1646 0 : PB_RETURN_ERROR(stream, "bytes overflow");
1647 :
1648 2364225 : if (size == 0)
1649 0 : {
1650 : /* As a special case, treat empty bytes string as all zeros for fixed_length_bytes. */
1651 0 : memset(field->pData, 0, (size_t)field->data_size);
1652 0 : return true;
1653 0 : }
1654 :
1655 2364225 : if (size != field->data_size)
1656 0 : PB_RETURN_ERROR(stream, "incorrect fixed length bytes size");
1657 :
1658 2364225 : return pb_read(stream, (pb_byte_t*)field->pData, (size_t)field->data_size);
1659 2364225 : }
1660 :
1661 : #ifdef PB_CONVERT_DOUBLE_FLOAT
1662 : bool pb_decode_double_as_float(pb_istream_t *stream, float *dest)
1663 : {
1664 : uint_least8_t sign;
1665 : int exponent;
1666 : uint32_t mantissa;
1667 : uint64_t value;
1668 : union { float f; uint32_t i; } out;
1669 :
1670 : if (!pb_decode_fixed64(stream, &value))
1671 : return false;
1672 :
1673 : /* Decompose input value */
1674 : sign = (uint_least8_t)((value >> 63) & 1);
1675 : exponent = (int)((value >> 52) & 0x7FF) - 1023;
1676 : mantissa = (value >> 28) & 0xFFFFFF; /* Highest 24 bits */
1677 :
1678 : /* Figure if value is in range representable by floats. */
1679 : if (exponent == 1024)
1680 : {
1681 : /* Special value */
1682 : exponent = 128;
1683 : mantissa >>= 1;
1684 : }
1685 : else
1686 : {
1687 : if (exponent > 127)
1688 : {
1689 : /* Too large, convert to infinity */
1690 : exponent = 128;
1691 : mantissa = 0;
1692 : }
1693 : else if (exponent < -150)
1694 : {
1695 : /* Too small, convert to zero */
1696 : exponent = -127;
1697 : mantissa = 0;
1698 : }
1699 : else if (exponent < -126)
1700 : {
1701 : /* Denormalized */
1702 : mantissa |= 0x1000000;
1703 : mantissa >>= (-126 - exponent);
1704 : exponent = -127;
1705 : }
1706 :
1707 : /* Round off mantissa */
1708 : mantissa = (mantissa + 1) >> 1;
1709 :
1710 : /* Check if mantissa went over 2.0 */
1711 : if (mantissa & 0x800000)
1712 : {
1713 : exponent += 1;
1714 : mantissa &= 0x7FFFFF;
1715 : mantissa >>= 1;
1716 : }
1717 : }
1718 :
1719 : /* Combine fields */
1720 : out.i = mantissa;
1721 : out.i |= (uint32_t)(exponent + 127) << 23;
1722 : out.i |= (uint32_t)sign << 31;
1723 :
1724 : *dest = out.f;
1725 : return true;
1726 : }
1727 : #endif
|
