matrixfurry.com / monado
The open source OpenXR runtime
fork atom
monado / src / external / nanopb / pb_decode.c
at prediction-2 1727 lines 54 kB view raw
Ryan Pavlik external/nanopb: Update nanopb from upstream nanopb-0.4.7
a7b9c7b6
1/* pb_decode.c -- decode a protobuf using minimal resources 2 * 3 * 2011 Petteri Aimonen <jpa@kapsi.fi> 4 */ 5 6/* Use the GCC warn_unused_result attribute to check that all return values 7 * are propagated correctly. On other compilers and gcc before 3.4.0 just 8 * ignore the annotation. 9 */ 10#if !defined(__GNUC__) || ( __GNUC__ < 3) || (__GNUC__ == 3 && __GNUC_MINOR__ < 4) 11 #define checkreturn 12#else 13 #define checkreturn __attribute__((warn_unused_result)) 14#endif 15 16#include "pb.h" 17#include "pb_decode.h" 18#include "pb_common.h" 19 20/************************************** 21 * Declarations internal to this file * 22 **************************************/ 23 24static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count); 25static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof); 26static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size); 27static bool checkreturn decode_basic_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field); 28static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field); 29static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field); 30static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field); 31static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field); 32static bool checkreturn default_extension_decoder(pb_istream_t *stream, pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type); 33static bool checkreturn decode_extension(pb_istream_t *stream, uint32_t tag, pb_wire_type_t wire_type, pb_extension_t *extension); 34static bool pb_field_set_to_default(pb_field_iter_t *field); 35static bool pb_message_set_to_defaults(pb_field_iter_t *iter); 36static bool checkreturn pb_dec_bool(pb_istream_t *stream, const pb_field_iter_t *field); 37static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_iter_t *field); 38static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_iter_t *field); 39static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_iter_t *field); 40static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_iter_t *field); 41static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_iter_t *field); 42static bool checkreturn pb_skip_varint(pb_istream_t *stream); 43static bool checkreturn pb_skip_string(pb_istream_t *stream); 44 45#ifdef PB_ENABLE_MALLOC 46static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size); 47static void initialize_pointer_field(void *pItem, pb_field_iter_t *field); 48static bool checkreturn pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *field); 49static void pb_release_single_field(pb_field_iter_t *field); 50#endif 51 52#ifdef PB_WITHOUT_64BIT 53#define pb_int64_t int32_t 54#define pb_uint64_t uint32_t 55#else 56#define pb_int64_t int64_t 57#define pb_uint64_t uint64_t 58#endif 59 60typedef struct { 61 uint32_t bitfield[(PB_MAX_REQUIRED_FIELDS + 31) / 32]; 62} pb_fields_seen_t; 63 64/******************************* 65 * pb_istream_t implementation * 66 *******************************/ 67 68static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count) 69{ 70 const pb_byte_t *source = (const pb_byte_t*)stream->state; 71 stream->state = (pb_byte_t*)stream->state + count; 72 73 if (buf != NULL) 74 { 75 memcpy(buf, source, count * sizeof(pb_byte_t)); 76 } 77 78 return true; 79} 80 81bool checkreturn pb_read(pb_istream_t *stream, pb_byte_t *buf, size_t count) 82{ 83 if (count == 0) 84 return true; 85 86#ifndef PB_BUFFER_ONLY 87 if (buf == NULL && stream->callback != buf_read) 88 { 89 /* Skip input bytes */ 90 pb_byte_t tmp[16]; 91 while (count > 16) 92 { 93 if (!pb_read(stream, tmp, 16)) 94 return false; 95 96 count -= 16; 97 } 98 99 return pb_read(stream, tmp, count); 100 } 101#endif 102 103 if (stream->bytes_left < count) 104 PB_RETURN_ERROR(stream, "end-of-stream"); 105 106#ifndef PB_BUFFER_ONLY 107 if (!stream->callback(stream, buf, count)) 108 PB_RETURN_ERROR(stream, "io error"); 109#else 110 if (!buf_read(stream, buf, count)) 111 return false; 112#endif 113 114 if (stream->bytes_left < count) 115 stream->bytes_left = 0; 116 else 117 stream->bytes_left -= count; 118 119 return true; 120} 121 122/* Read a single byte from input stream. buf may not be NULL. 123 * This is an optimization for the varint decoding. */ 124static bool checkreturn pb_readbyte(pb_istream_t *stream, pb_byte_t *buf) 125{ 126 if (stream->bytes_left == 0) 127 PB_RETURN_ERROR(stream, "end-of-stream"); 128 129#ifndef PB_BUFFER_ONLY 130 if (!stream->callback(stream, buf, 1)) 131 PB_RETURN_ERROR(stream, "io error"); 132#else 133 *buf = *(const pb_byte_t*)stream->state; 134 stream->state = (pb_byte_t*)stream->state + 1; 135#endif 136 137 stream->bytes_left--; 138 139 return true; 140} 141 142pb_istream_t pb_istream_from_buffer(const pb_byte_t *buf, size_t msglen) 143{ 144 pb_istream_t stream; 145 /* Cast away the const from buf without a compiler error. We are 146 * careful to use it only in a const manner in the callbacks. 147 */ 148 union { 149 void *state; 150 const void *c_state; 151 } state; 152#ifdef PB_BUFFER_ONLY 153 stream.callback = NULL; 154#else 155 stream.callback = &buf_read; 156#endif 157 state.c_state = buf; 158 stream.state = state.state; 159 stream.bytes_left = msglen; 160#ifndef PB_NO_ERRMSG 161 stream.errmsg = NULL; 162#endif 163 return stream; 164} 165 166/******************** 167 * Helper functions * 168 ********************/ 169 170static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof) 171{ 172 pb_byte_t byte; 173 uint32_t result; 174 175 if (!pb_readbyte(stream, &byte)) 176 { 177 if (stream->bytes_left == 0) 178 { 179 if (eof) 180 { 181 *eof = true; 182 } 183 } 184 185 return false; 186 } 187 188 if ((byte & 0x80) == 0) 189 { 190 /* Quick case, 1 byte value */ 191 result = byte; 192 } 193 else 194 { 195 /* Multibyte case */ 196 uint_fast8_t bitpos = 7; 197 result = byte & 0x7F; 198 199 do 200 { 201 if (!pb_readbyte(stream, &byte)) 202 return false; 203 204 if (bitpos >= 32) 205 { 206 /* Note: The varint could have trailing 0x80 bytes, or 0xFF for negative. */ 207 pb_byte_t sign_extension = (bitpos < 63) ? 0xFF : 0x01; 208 bool valid_extension = ((byte & 0x7F) == 0x00 || 209 ((result >> 31) != 0 && byte == sign_extension)); 210 211 if (bitpos >= 64 || !valid_extension) 212 { 213 PB_RETURN_ERROR(stream, "varint overflow"); 214 } 215 } 216 else if (bitpos == 28) 217 { 218 if ((byte & 0x70) != 0 && (byte & 0x78) != 0x78) 219 { 220 PB_RETURN_ERROR(stream, "varint overflow"); 221 } 222 result |= (uint32_t)(byte & 0x0F) << bitpos; 223 } 224 else 225 { 226 result |= (uint32_t)(byte & 0x7F) << bitpos; 227 } 228 bitpos = (uint_fast8_t)(bitpos + 7); 229 } while (byte & 0x80); 230 } 231 232 *dest = result; 233 return true; 234} 235 236bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest) 237{ 238 return pb_decode_varint32_eof(stream, dest, NULL); 239} 240 241#ifndef PB_WITHOUT_64BIT 242bool checkreturn pb_decode_varint(pb_istream_t *stream, uint64_t *dest) 243{ 244 pb_byte_t byte; 245 uint_fast8_t bitpos = 0; 246 uint64_t result = 0; 247 248 do 249 { 250 if (!pb_readbyte(stream, &byte)) 251 return false; 252 253 if (bitpos >= 63 && (byte & 0xFE) != 0) 254 PB_RETURN_ERROR(stream, "varint overflow"); 255 256 result |= (uint64_t)(byte & 0x7F) << bitpos; 257 bitpos = (uint_fast8_t)(bitpos + 7); 258 } while (byte & 0x80); 259 260 *dest = result; 261 return true; 262} 263#endif 264 265bool checkreturn pb_skip_varint(pb_istream_t *stream) 266{ 267 pb_byte_t byte; 268 do 269 { 270 if (!pb_read(stream, &byte, 1)) 271 return false; 272 } while (byte & 0x80); 273 return true; 274} 275 276bool checkreturn pb_skip_string(pb_istream_t *stream) 277{ 278 uint32_t length; 279 if (!pb_decode_varint32(stream, &length)) 280 return false; 281 282 if ((size_t)length != length) 283 { 284 PB_RETURN_ERROR(stream, "size too large"); 285 } 286 287 return pb_read(stream, NULL, (size_t)length); 288} 289 290bool checkreturn pb_decode_tag(pb_istream_t *stream, pb_wire_type_t *wire_type, uint32_t *tag, bool *eof) 291{ 292 uint32_t temp; 293 *eof = false; 294 *wire_type = (pb_wire_type_t) 0; 295 *tag = 0; 296 297 if (!pb_decode_varint32_eof(stream, &temp, eof)) 298 { 299 return false; 300 } 301 302 *tag = temp >> 3; 303 *wire_type = (pb_wire_type_t)(temp & 7); 304 return true; 305} 306 307bool checkreturn pb_skip_field(pb_istream_t *stream, pb_wire_type_t wire_type) 308{ 309 switch (wire_type) 310 { 311 case PB_WT_VARINT: return pb_skip_varint(stream); 312 case PB_WT_64BIT: return pb_read(stream, NULL, 8); 313 case PB_WT_STRING: return pb_skip_string(stream); 314 case PB_WT_32BIT: return pb_read(stream, NULL, 4); 315 default: PB_RETURN_ERROR(stream, "invalid wire_type"); 316 } 317} 318 319/* Read a raw value to buffer, for the purpose of passing it to callback as 320 * a substream. Size is maximum size on call, and actual size on return. 321 */ 322static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size) 323{ 324 size_t max_size = *size; 325 switch (wire_type) 326 { 327 case PB_WT_VARINT: 328 *size = 0; 329 do 330 { 331 (*size)++; 332 if (*size > max_size) 333 PB_RETURN_ERROR(stream, "varint overflow"); 334 335 if (!pb_read(stream, buf, 1)) 336 return false; 337 } while (*buf++ & 0x80); 338 return true; 339 340 case PB_WT_64BIT: 341 *size = 8; 342 return pb_read(stream, buf, 8); 343 344 case PB_WT_32BIT: 345 *size = 4; 346 return pb_read(stream, buf, 4); 347 348 case PB_WT_STRING: 349 /* Calling read_raw_value with a PB_WT_STRING is an error. 350 * Explicitly handle this case and fallthrough to default to avoid 351 * compiler warnings. 352 */ 353 354 default: PB_RETURN_ERROR(stream, "invalid wire_type"); 355 } 356} 357 358/* Decode string length from stream and return a substream with limited length. 359 * Remember to close the substream using pb_close_string_substream(). 360 */ 361bool checkreturn pb_make_string_substream(pb_istream_t *stream, pb_istream_t *substream) 362{ 363 uint32_t size; 364 if (!pb_decode_varint32(stream, &size)) 365 return false; 366 367 *substream = *stream; 368 if (substream->bytes_left < size) 369 PB_RETURN_ERROR(stream, "parent stream too short"); 370 371 substream->bytes_left = (size_t)size; 372 stream->bytes_left -= (size_t)size; 373 return true; 374} 375 376bool checkreturn pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream) 377{ 378 if (substream->bytes_left) { 379 if (!pb_read(substream, NULL, substream->bytes_left)) 380 return false; 381 } 382 383 stream->state = substream->state; 384 385#ifndef PB_NO_ERRMSG 386 stream->errmsg = substream->errmsg; 387#endif 388 return true; 389} 390 391/************************* 392 * Decode a single field * 393 *************************/ 394 395static bool checkreturn decode_basic_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) 396{ 397 switch (PB_LTYPE(field->type)) 398 { 399 case PB_LTYPE_BOOL: 400 if (wire_type != PB_WT_VARINT && wire_type != PB_WT_PACKED) 401 PB_RETURN_ERROR(stream, "wrong wire type"); 402 403 return pb_dec_bool(stream, field); 404 405 case PB_LTYPE_VARINT: 406 case PB_LTYPE_UVARINT: 407 case PB_LTYPE_SVARINT: 408 if (wire_type != PB_WT_VARINT && wire_type != PB_WT_PACKED) 409 PB_RETURN_ERROR(stream, "wrong wire type"); 410 411 return pb_dec_varint(stream, field); 412 413 case PB_LTYPE_FIXED32: 414 if (wire_type != PB_WT_32BIT && wire_type != PB_WT_PACKED) 415 PB_RETURN_ERROR(stream, "wrong wire type"); 416 417 return pb_decode_fixed32(stream, field->pData); 418 419 case PB_LTYPE_FIXED64: 420 if (wire_type != PB_WT_64BIT && wire_type != PB_WT_PACKED) 421 PB_RETURN_ERROR(stream, "wrong wire type"); 422 423#ifdef PB_CONVERT_DOUBLE_FLOAT 424 if (field->data_size == sizeof(float)) 425 { 426 return pb_decode_double_as_float(stream, (float*)field->pData); 427 } 428#endif 429 430#ifdef PB_WITHOUT_64BIT 431 PB_RETURN_ERROR(stream, "invalid data_size"); 432#else 433 return pb_decode_fixed64(stream, field->pData); 434#endif 435 436 case PB_LTYPE_BYTES: 437 if (wire_type != PB_WT_STRING) 438 PB_RETURN_ERROR(stream, "wrong wire type"); 439 440 return pb_dec_bytes(stream, field); 441 442 case PB_LTYPE_STRING: 443 if (wire_type != PB_WT_STRING) 444 PB_RETURN_ERROR(stream, "wrong wire type"); 445 446 return pb_dec_string(stream, field); 447 448 case PB_LTYPE_SUBMESSAGE: 449 case PB_LTYPE_SUBMSG_W_CB: 450 if (wire_type != PB_WT_STRING) 451 PB_RETURN_ERROR(stream, "wrong wire type"); 452 453 return pb_dec_submessage(stream, field); 454 455 case PB_LTYPE_FIXED_LENGTH_BYTES: 456 if (wire_type != PB_WT_STRING) 457 PB_RETURN_ERROR(stream, "wrong wire type"); 458 459 return pb_dec_fixed_length_bytes(stream, field); 460 461 default: 462 PB_RETURN_ERROR(stream, "invalid field type"); 463 } 464} 465 466static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) 467{ 468 switch (PB_HTYPE(field->type)) 469 { 470 case PB_HTYPE_REQUIRED: 471 return decode_basic_field(stream, wire_type, field); 472 473 case PB_HTYPE_OPTIONAL: 474 if (field->pSize != NULL) 475 *(bool*)field->pSize = true; 476 return decode_basic_field(stream, wire_type, field); 477 478 case PB_HTYPE_REPEATED: 479 if (wire_type == PB_WT_STRING 480 && PB_LTYPE(field->type) <= PB_LTYPE_LAST_PACKABLE) 481 { 482 /* Packed array */ 483 bool status = true; 484 pb_istream_t substream; 485 pb_size_t *size = (pb_size_t*)field->pSize; 486 field->pData = (char*)field->pField + field->data_size * (*size); 487 488 if (!pb_make_string_substream(stream, &substream)) 489 return false; 490 491 while (substream.bytes_left > 0 && *size < field->array_size) 492 { 493 if (!decode_basic_field(&substream, PB_WT_PACKED, field)) 494 { 495 status = false; 496 break; 497 } 498 (*size)++; 499 field->pData = (char*)field->pData + field->data_size; 500 } 501 502 if (substream.bytes_left != 0) 503 PB_RETURN_ERROR(stream, "array overflow"); 504 if (!pb_close_string_substream(stream, &substream)) 505 return false; 506 507 return status; 508 } 509 else 510 { 511 /* Repeated field */ 512 pb_size_t *size = (pb_size_t*)field->pSize; 513 field->pData = (char*)field->pField + field->data_size * (*size); 514 515 if ((*size)++ >= field->array_size) 516 PB_RETURN_ERROR(stream, "array overflow"); 517 518 return decode_basic_field(stream, wire_type, field); 519 } 520 521 case PB_HTYPE_ONEOF: 522 if (PB_LTYPE_IS_SUBMSG(field->type) && 523 *(pb_size_t*)field->pSize != field->tag) 524 { 525 /* We memset to zero so that any callbacks are set to NULL. 526 * This is because the callbacks might otherwise have values 527 * from some other union field. 528 * If callbacks are needed inside oneof field, use .proto 529 * option submsg_callback to have a separate callback function 530 * that can set the fields before submessage is decoded. 531 * pb_dec_submessage() will set any default values. */ 532 memset(field->pData, 0, (size_t)field->data_size); 533 534 /* Set default values for the submessage fields. */ 535 if (field->submsg_desc->default_value != NULL || 536 field->submsg_desc->field_callback != NULL || 537 field->submsg_desc->submsg_info[0] != NULL) 538 { 539 pb_field_iter_t submsg_iter; 540 if (pb_field_iter_begin(&submsg_iter, field->submsg_desc, field->pData)) 541 { 542 if (!pb_message_set_to_defaults(&submsg_iter)) 543 PB_RETURN_ERROR(stream, "failed to set defaults"); 544 } 545 } 546 } 547 *(pb_size_t*)field->pSize = field->tag; 548 549 return decode_basic_field(stream, wire_type, field); 550 551 default: 552 PB_RETURN_ERROR(stream, "invalid field type"); 553 } 554} 555 556#ifdef PB_ENABLE_MALLOC 557/* Allocate storage for the field and store the pointer at iter->pData. 558 * array_size is the number of entries to reserve in an array. 559 * Zero size is not allowed, use pb_free() for releasing. 560 */ 561static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size) 562{ 563 void *ptr = *(void**)pData; 564 565 if (data_size == 0 || array_size == 0) 566 PB_RETURN_ERROR(stream, "invalid size"); 567 568#ifdef __AVR__ 569 /* Workaround for AVR libc bug 53284: http://savannah.nongnu.org/bugs/?53284 570 * Realloc to size of 1 byte can cause corruption of the malloc structures. 571 */ 572 if (data_size == 1 && array_size == 1) 573 { 574 data_size = 2; 575 } 576#endif 577 578 /* Check for multiplication overflows. 579 * This code avoids the costly division if the sizes are small enough. 580 * Multiplication is safe as long as only half of bits are set 581 * in either multiplicand. 582 */ 583 { 584 const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4); 585 if (data_size >= check_limit || array_size >= check_limit) 586 { 587 const size_t size_max = (size_t)-1; 588 if (size_max / array_size < data_size) 589 { 590 PB_RETURN_ERROR(stream, "size too large"); 591 } 592 } 593 } 594 595 /* Allocate new or expand previous allocation */ 596 /* Note: on failure the old pointer will remain in the structure, 597 * the message must be freed by caller also on error return. */ 598 ptr = pb_realloc(ptr, array_size * data_size); 599 if (ptr == NULL) 600 PB_RETURN_ERROR(stream, "realloc failed"); 601 602 *(void**)pData = ptr; 603 return true; 604} 605 606/* Clear a newly allocated item in case it contains a pointer, or is a submessage. */ 607static void initialize_pointer_field(void *pItem, pb_field_iter_t *field) 608{ 609 if (PB_LTYPE(field->type) == PB_LTYPE_STRING || 610 PB_LTYPE(field->type) == PB_LTYPE_BYTES) 611 { 612 *(void**)pItem = NULL; 613 } 614 else if (PB_LTYPE_IS_SUBMSG(field->type)) 615 { 616 /* We memset to zero so that any callbacks are set to NULL. 617 * Default values will be set by pb_dec_submessage(). */ 618 memset(pItem, 0, field->data_size); 619 } 620} 621#endif 622 623static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) 624{ 625#ifndef PB_ENABLE_MALLOC 626 PB_UNUSED(wire_type); 627 PB_UNUSED(field); 628 PB_RETURN_ERROR(stream, "no malloc support"); 629#else 630 switch (PB_HTYPE(field->type)) 631 { 632 case PB_HTYPE_REQUIRED: 633 case PB_HTYPE_OPTIONAL: 634 case PB_HTYPE_ONEOF: 635 if (PB_LTYPE_IS_SUBMSG(field->type) && *(void**)field->pField != NULL) 636 { 637 /* Duplicate field, have to release the old allocation first. */ 638 /* FIXME: Does this work correctly for oneofs? */ 639 pb_release_single_field(field); 640 } 641 642 if (PB_HTYPE(field->type) == PB_HTYPE_ONEOF) 643 { 644 *(pb_size_t*)field->pSize = field->tag; 645 } 646 647 if (PB_LTYPE(field->type) == PB_LTYPE_STRING || 648 PB_LTYPE(field->type) == PB_LTYPE_BYTES) 649 { 650 /* pb_dec_string and pb_dec_bytes handle allocation themselves */ 651 field->pData = field->pField; 652 return decode_basic_field(stream, wire_type, field); 653 } 654 else 655 { 656 if (!allocate_field(stream, field->pField, field->data_size, 1)) 657 return false; 658 659 field->pData = *(void**)field->pField; 660 initialize_pointer_field(field->pData, field); 661 return decode_basic_field(stream, wire_type, field); 662 } 663 664 case PB_HTYPE_REPEATED: 665 if (wire_type == PB_WT_STRING 666 && PB_LTYPE(field->type) <= PB_LTYPE_LAST_PACKABLE) 667 { 668 /* Packed array, multiple items come in at once. */ 669 bool status = true; 670 pb_size_t *size = (pb_size_t*)field->pSize; 671 size_t allocated_size = *size; 672 pb_istream_t substream; 673 674 if (!pb_make_string_substream(stream, &substream)) 675 return false; 676 677 while (substream.bytes_left) 678 { 679 if (*size == PB_SIZE_MAX) 680 { 681#ifndef PB_NO_ERRMSG 682 stream->errmsg = "too many array entries"; 683#endif 684 status = false; 685 break; 686 } 687 688 if ((size_t)*size + 1 > allocated_size) 689 { 690 /* Allocate more storage. This tries to guess the 691 * number of remaining entries. Round the division 692 * upwards. */ 693 size_t remain = (substream.bytes_left - 1) / field->data_size + 1; 694 if (remain < PB_SIZE_MAX - allocated_size) 695 allocated_size += remain; 696 else 697 allocated_size += 1; 698 699 if (!allocate_field(&substream, field->pField, field->data_size, allocated_size)) 700 { 701 status = false; 702 break; 703 } 704 } 705 706 /* Decode the array entry */ 707 field->pData = *(char**)field->pField + field->data_size * (*size); 708 if (field->pData == NULL) 709 { 710 /* Shouldn't happen, but satisfies static analyzers */ 711 status = false; 712 break; 713 } 714 initialize_pointer_field(field->pData, field); 715 if (!decode_basic_field(&substream, PB_WT_PACKED, field)) 716 { 717 status = false; 718 break; 719 } 720 721 (*size)++; 722 } 723 if (!pb_close_string_substream(stream, &substream)) 724 return false; 725 726 return status; 727 } 728 else 729 { 730 /* Normal repeated field, i.e. only one item at a time. */ 731 pb_size_t *size = (pb_size_t*)field->pSize; 732 733 if (*size == PB_SIZE_MAX) 734 PB_RETURN_ERROR(stream, "too many array entries"); 735 736 if (!allocate_field(stream, field->pField, field->data_size, (size_t)(*size + 1))) 737 return false; 738 739 field->pData = *(char**)field->pField + field->data_size * (*size); 740 (*size)++; 741 initialize_pointer_field(field->pData, field); 742 return decode_basic_field(stream, wire_type, field); 743 } 744 745 default: 746 PB_RETURN_ERROR(stream, "invalid field type"); 747 } 748#endif 749} 750 751static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) 752{ 753 if (!field->descriptor->field_callback) 754 return pb_skip_field(stream, wire_type); 755 756 if (wire_type == PB_WT_STRING) 757 { 758 pb_istream_t substream; 759 size_t prev_bytes_left; 760 761 if (!pb_make_string_substream(stream, &substream)) 762 return false; 763 764 do 765 { 766 prev_bytes_left = substream.bytes_left; 767 if (!field->descriptor->field_callback(&substream, NULL, field)) 768 { 769 PB_SET_ERROR(stream, substream.errmsg ? substream.errmsg : "callback failed"); 770 return false; 771 } 772 } while (substream.bytes_left > 0 && substream.bytes_left < prev_bytes_left); 773 774 if (!pb_close_string_substream(stream, &substream)) 775 return false; 776 777 return true; 778 } 779 else 780 { 781 /* Copy the single scalar value to stack. 782 * This is required so that we can limit the stream length, 783 * which in turn allows to use same callback for packed and 784 * not-packed fields. */ 785 pb_istream_t substream; 786 pb_byte_t buffer[10]; 787 size_t size = sizeof(buffer); 788 789 if (!read_raw_value(stream, wire_type, buffer, &size)) 790 return false; 791 substream = pb_istream_from_buffer(buffer, size); 792 793 return field->descriptor->field_callback(&substream, NULL, field); 794 } 795} 796 797static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) 798{ 799#ifdef PB_ENABLE_MALLOC 800 /* When decoding an oneof field, check if there is old data that must be 801 * released first. */ 802 if (PB_HTYPE(field->type) == PB_HTYPE_ONEOF) 803 { 804 if (!pb_release_union_field(stream, field)) 805 return false; 806 } 807#endif 808 809 switch (PB_ATYPE(field->type)) 810 { 811 case PB_ATYPE_STATIC: 812 return decode_static_field(stream, wire_type, field); 813 814 case PB_ATYPE_POINTER: 815 return decode_pointer_field(stream, wire_type, field); 816 817 case PB_ATYPE_CALLBACK: 818 return decode_callback_field(stream, wire_type, field); 819 820 default: 821 PB_RETURN_ERROR(stream, "invalid field type"); 822 } 823} 824 825/* Default handler for extension fields. Expects to have a pb_msgdesc_t 826 * pointer in the extension->type->arg field, pointing to a message with 827 * only one field in it. */ 828static bool checkreturn default_extension_decoder(pb_istream_t *stream, 829 pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type) 830{ 831 pb_field_iter_t iter; 832 833 if (!pb_field_iter_begin_extension(&iter, extension)) 834 PB_RETURN_ERROR(stream, "invalid extension"); 835 836 if (iter.tag != tag || !iter.message) 837 return true; 838 839 extension->found = true; 840 return decode_field(stream, wire_type, &iter); 841} 842 843/* Try to decode an unknown field as an extension field. Tries each extension 844 * decoder in turn, until one of them handles the field or loop ends. */ 845static bool checkreturn decode_extension(pb_istream_t *stream, 846 uint32_t tag, pb_wire_type_t wire_type, pb_extension_t *extension) 847{ 848 size_t pos = stream->bytes_left; 849 850 while (extension != NULL && pos == stream->bytes_left) 851 { 852 bool status; 853 if (extension->type->decode) 854 status = extension->type->decode(stream, extension, tag, wire_type); 855 else 856 status = default_extension_decoder(stream, extension, tag, wire_type); 857 858 if (!status) 859 return false; 860 861 extension = extension->next; 862 } 863 864 return true; 865} 866 867/* Initialize message fields to default values, recursively */ 868static bool pb_field_set_to_default(pb_field_iter_t *field) 869{ 870 pb_type_t type; 871 type = field->type; 872 873 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION) 874 { 875 pb_extension_t *ext = *(pb_extension_t* const *)field->pData; 876 while (ext != NULL) 877 { 878 pb_field_iter_t ext_iter; 879 if (pb_field_iter_begin_extension(&ext_iter, ext)) 880 { 881 ext->found = false; 882 if (!pb_message_set_to_defaults(&ext_iter)) 883 return false; 884 } 885 ext = ext->next; 886 } 887 } 888 else if (PB_ATYPE(type) == PB_ATYPE_STATIC) 889 { 890 bool init_data = true; 891 if (PB_HTYPE(type) == PB_HTYPE_OPTIONAL && field->pSize != NULL) 892 { 893 /* Set has_field to false. Still initialize the optional field 894 * itself also. */ 895 *(bool*)field->pSize = false; 896 } 897 else if (PB_HTYPE(type) == PB_HTYPE_REPEATED || 898 PB_HTYPE(type) == PB_HTYPE_ONEOF) 899 { 900 /* REPEATED: Set array count to 0, no need to initialize contents. 901 ONEOF: Set which_field to 0. */ 902 *(pb_size_t*)field->pSize = 0; 903 init_data = false; 904 } 905 906 if (init_data) 907 { 908 if (PB_LTYPE_IS_SUBMSG(field->type) && 909 (field->submsg_desc->default_value != NULL || 910 field->submsg_desc->field_callback != NULL || 911 field->submsg_desc->submsg_info[0] != NULL)) 912 { 913 /* Initialize submessage to defaults. 914 * Only needed if it has default values 915 * or callback/submessage fields. */ 916 pb_field_iter_t submsg_iter; 917 if (pb_field_iter_begin(&submsg_iter, field->submsg_desc, field->pData)) 918 { 919 if (!pb_message_set_to_defaults(&submsg_iter)) 920 return false; 921 } 922 } 923 else 924 { 925 /* Initialize to zeros */ 926 memset(field->pData, 0, (size_t)field->data_size); 927 } 928 } 929 } 930 else if (PB_ATYPE(type) == PB_ATYPE_POINTER) 931 { 932 /* Initialize the pointer to NULL. */ 933 *(void**)field->pField = NULL; 934 935 /* Initialize array count to 0. */ 936 if (PB_HTYPE(type) == PB_HTYPE_REPEATED || 937 PB_HTYPE(type) == PB_HTYPE_ONEOF) 938 { 939 *(pb_size_t*)field->pSize = 0; 940 } 941 } 942 else if (PB_ATYPE(type) == PB_ATYPE_CALLBACK) 943 { 944 /* Don't overwrite callback */ 945 } 946 947 return true; 948} 949 950static bool pb_message_set_to_defaults(pb_field_iter_t *iter) 951{ 952 pb_istream_t defstream = PB_ISTREAM_EMPTY; 953 uint32_t tag = 0; 954 pb_wire_type_t wire_type = PB_WT_VARINT; 955 bool eof; 956 957 if (iter->descriptor->default_value) 958 { 959 defstream = pb_istream_from_buffer(iter->descriptor->default_value, (size_t)-1); 960 if (!pb_decode_tag(&defstream, &wire_type, &tag, &eof)) 961 return false; 962 } 963 964 do 965 { 966 if (!pb_field_set_to_default(iter)) 967 return false; 968 969 if (tag != 0 && iter->tag == tag) 970 { 971 /* We have a default value for this field in the defstream */ 972 if (!decode_field(&defstream, wire_type, iter)) 973 return false; 974 if (!pb_decode_tag(&defstream, &wire_type, &tag, &eof)) 975 return false; 976 977 if (iter->pSize) 978 *(bool*)iter->pSize = false; 979 } 980 } while (pb_field_iter_next(iter)); 981 982 return true; 983} 984 985/********************* 986 * Decode all fields * 987 *********************/ 988 989static bool checkreturn pb_decode_inner(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct, unsigned int flags) 990{ 991 uint32_t extension_range_start = 0; 992 pb_extension_t *extensions = NULL; 993 994 /* 'fixed_count_field' and 'fixed_count_size' track position of a repeated fixed 995 * count field. This can only handle _one_ repeated fixed count field that 996 * is unpacked and unordered among other (non repeated fixed count) fields. 997 */ 998 pb_size_t fixed_count_field = PB_SIZE_MAX; 999 pb_size_t fixed_count_size = 0; 1000 pb_size_t fixed_count_total_size = 0; 1001 1002 pb_fields_seen_t fields_seen = {{0, 0}}; 1003 const uint32_t allbits = ~(uint32_t)0; 1004 pb_field_iter_t iter; 1005 1006 if (pb_field_iter_begin(&iter, fields, dest_struct)) 1007 { 1008 if ((flags & PB_DECODE_NOINIT) == 0) 1009 { 1010 if (!pb_message_set_to_defaults(&iter)) 1011 PB_RETURN_ERROR(stream, "failed to set defaults"); 1012 } 1013 } 1014 1015 while (stream->bytes_left) 1016 { 1017 uint32_t tag; 1018 pb_wire_type_t wire_type; 1019 bool eof; 1020 1021 if (!pb_decode_tag(stream, &wire_type, &tag, &eof)) 1022 { 1023 if (eof) 1024 break; 1025 else 1026 return false; 1027 } 1028 1029 if (tag == 0) 1030 { 1031 if (flags & PB_DECODE_NULLTERMINATED) 1032 { 1033 break; 1034 } 1035 else 1036 { 1037 PB_RETURN_ERROR(stream, "zero tag"); 1038 } 1039 } 1040 1041 if (!pb_field_iter_find(&iter, tag) || PB_LTYPE(iter.type) == PB_LTYPE_EXTENSION) 1042 { 1043 /* No match found, check if it matches an extension. */ 1044 if (extension_range_start == 0) 1045 { 1046 if (pb_field_iter_find_extension(&iter)) 1047 { 1048 extensions = *(pb_extension_t* const *)iter.pData; 1049 extension_range_start = iter.tag; 1050 } 1051 1052 if (!extensions) 1053 { 1054 extension_range_start = (uint32_t)-1; 1055 } 1056 } 1057 1058 if (tag >= extension_range_start) 1059 { 1060 size_t pos = stream->bytes_left; 1061 1062 if (!decode_extension(stream, tag, wire_type, extensions)) 1063 return false; 1064 1065 if (pos != stream->bytes_left) 1066 { 1067 /* The field was handled */ 1068 continue; 1069 } 1070 } 1071 1072 /* No match found, skip data */ 1073 if (!pb_skip_field(stream, wire_type)) 1074 return false; 1075 continue; 1076 } 1077 1078 /* If a repeated fixed count field was found, get size from 1079 * 'fixed_count_field' as there is no counter contained in the struct. 1080 */ 1081 if (PB_HTYPE(iter.type) == PB_HTYPE_REPEATED && iter.pSize == &iter.array_size) 1082 { 1083 if (fixed_count_field != iter.index) { 1084 /* If the new fixed count field does not match the previous one, 1085 * check that the previous one is NULL or that it finished 1086 * receiving all the expected data. 1087 */ 1088 if (fixed_count_field != PB_SIZE_MAX && 1089 fixed_count_size != fixed_count_total_size) 1090 { 1091 PB_RETURN_ERROR(stream, "wrong size for fixed count field"); 1092 } 1093 1094 fixed_count_field = iter.index; 1095 fixed_count_size = 0; 1096 fixed_count_total_size = iter.array_size; 1097 } 1098 1099 iter.pSize = &fixed_count_size; 1100 } 1101 1102 if (PB_HTYPE(iter.type) == PB_HTYPE_REQUIRED 1103 && iter.required_field_index < PB_MAX_REQUIRED_FIELDS) 1104 { 1105 uint32_t tmp = ((uint32_t)1 << (iter.required_field_index & 31)); 1106 fields_seen.bitfield[iter.required_field_index >> 5] |= tmp; 1107 } 1108 1109 if (!decode_field(stream, wire_type, &iter)) 1110 return false; 1111 } 1112 1113 /* Check that all elements of the last decoded fixed count field were present. */ 1114 if (fixed_count_field != PB_SIZE_MAX && 1115 fixed_count_size != fixed_count_total_size) 1116 { 1117 PB_RETURN_ERROR(stream, "wrong size for fixed count field"); 1118 } 1119 1120 /* Check that all required fields were present. */ 1121 { 1122 pb_size_t req_field_count = iter.descriptor->required_field_count; 1123 1124 if (req_field_count > 0) 1125 { 1126 pb_size_t i; 1127 1128 if (req_field_count > PB_MAX_REQUIRED_FIELDS) 1129 req_field_count = PB_MAX_REQUIRED_FIELDS; 1130 1131 /* Check the whole words */ 1132 for (i = 0; i < (req_field_count >> 5); i++) 1133 { 1134 if (fields_seen.bitfield[i] != allbits) 1135 PB_RETURN_ERROR(stream, "missing required field"); 1136 } 1137 1138 /* Check the remaining bits (if any) */ 1139 if ((req_field_count & 31) != 0) 1140 { 1141 if (fields_seen.bitfield[req_field_count >> 5] != 1142 (allbits >> (uint_least8_t)(32 - (req_field_count & 31)))) 1143 { 1144 PB_RETURN_ERROR(stream, "missing required field"); 1145 } 1146 } 1147 } 1148 } 1149 1150 return true; 1151} 1152 1153bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct, unsigned int flags) 1154{ 1155 bool status; 1156 1157 if ((flags & PB_DECODE_DELIMITED) == 0) 1158 { 1159 status = pb_decode_inner(stream, fields, dest_struct, flags); 1160 } 1161 else 1162 { 1163 pb_istream_t substream; 1164 if (!pb_make_string_substream(stream, &substream)) 1165 return false; 1166 1167 status = pb_decode_inner(&substream, fields, dest_struct, flags); 1168 1169 if (!pb_close_string_substream(stream, &substream)) 1170 return false; 1171 } 1172 1173#ifdef PB_ENABLE_MALLOC 1174 if (!status) 1175 pb_release(fields, dest_struct); 1176#endif 1177 1178 return status; 1179} 1180 1181bool checkreturn pb_decode(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct) 1182{ 1183 bool status; 1184 1185 status = pb_decode_inner(stream, fields, dest_struct, 0); 1186 1187#ifdef PB_ENABLE_MALLOC 1188 if (!status) 1189 pb_release(fields, dest_struct); 1190#endif 1191 1192 return status; 1193} 1194 1195#ifdef PB_ENABLE_MALLOC 1196/* Given an oneof field, if there has already been a field inside this oneof, 1197 * release it before overwriting with a different one. */ 1198static bool pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *field) 1199{ 1200 pb_field_iter_t old_field = *field; 1201 pb_size_t old_tag = *(pb_size_t*)field->pSize; /* Previous which_ value */ 1202 pb_size_t new_tag = field->tag; /* New which_ value */ 1203 1204 if (old_tag == 0) 1205 return true; /* Ok, no old data in union */ 1206 1207 if (old_tag == new_tag) 1208 return true; /* Ok, old data is of same type => merge */ 1209 1210 /* Release old data. The find can fail if the message struct contains 1211 * invalid data. */ 1212 if (!pb_field_iter_find(&old_field, old_tag)) 1213 PB_RETURN_ERROR(stream, "invalid union tag"); 1214 1215 pb_release_single_field(&old_field); 1216 1217 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) 1218 { 1219 /* Initialize the pointer to NULL to make sure it is valid 1220 * even in case of error return. */ 1221 *(void**)field->pField = NULL; 1222 field->pData = NULL; 1223 } 1224 1225 return true; 1226} 1227 1228static void pb_release_single_field(pb_field_iter_t *field) 1229{ 1230 pb_type_t type; 1231 type = field->type; 1232 1233 if (PB_HTYPE(type) == PB_HTYPE_ONEOF) 1234 { 1235 if (*(pb_size_t*)field->pSize != field->tag) 1236 return; /* This is not the current field in the union */ 1237 } 1238 1239 /* Release anything contained inside an extension or submsg. 1240 * This has to be done even if the submsg itself is statically 1241 * allocated. */ 1242 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION) 1243 { 1244 /* Release fields from all extensions in the linked list */ 1245 pb_extension_t *ext = *(pb_extension_t**)field->pData; 1246 while (ext != NULL) 1247 { 1248 pb_field_iter_t ext_iter; 1249 if (pb_field_iter_begin_extension(&ext_iter, ext)) 1250 { 1251 pb_release_single_field(&ext_iter); 1252 } 1253 ext = ext->next; 1254 } 1255 } 1256 else if (PB_LTYPE_IS_SUBMSG(type) && PB_ATYPE(type) != PB_ATYPE_CALLBACK) 1257 { 1258 /* Release fields in submessage or submsg array */ 1259 pb_size_t count = 1; 1260 1261 if (PB_ATYPE(type) == PB_ATYPE_POINTER) 1262 { 1263 field->pData = *(void**)field->pField; 1264 } 1265 else 1266 { 1267 field->pData = field->pField; 1268 } 1269 1270 if (PB_HTYPE(type) == PB_HTYPE_REPEATED) 1271 { 1272 count = *(pb_size_t*)field->pSize; 1273 1274 if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > field->array_size) 1275 { 1276 /* Protect against corrupted _count fields */ 1277 count = field->array_size; 1278 } 1279 } 1280 1281 if (field->pData) 1282 { 1283 for (; count > 0; count--) 1284 { 1285 pb_release(field->submsg_desc, field->pData); 1286 field->pData = (char*)field->pData + field->data_size; 1287 } 1288 } 1289 } 1290 1291 if (PB_ATYPE(type) == PB_ATYPE_POINTER) 1292 { 1293 if (PB_HTYPE(type) == PB_HTYPE_REPEATED && 1294 (PB_LTYPE(type) == PB_LTYPE_STRING || 1295 PB_LTYPE(type) == PB_LTYPE_BYTES)) 1296 { 1297 /* Release entries in repeated string or bytes array */ 1298 void **pItem = *(void***)field->pField; 1299 pb_size_t count = *(pb_size_t*)field->pSize; 1300 for (; count > 0; count--) 1301 { 1302 pb_free(*pItem); 1303 *pItem++ = NULL; 1304 } 1305 } 1306 1307 if (PB_HTYPE(type) == PB_HTYPE_REPEATED) 1308 { 1309 /* We are going to release the array, so set the size to 0 */ 1310 *(pb_size_t*)field->pSize = 0; 1311 } 1312 1313 /* Release main pointer */ 1314 pb_free(*(void**)field->pField); 1315 *(void**)field->pField = NULL; 1316 } 1317} 1318 1319void pb_release(const pb_msgdesc_t *fields, void *dest_struct) 1320{ 1321 pb_field_iter_t iter; 1322 1323 if (!dest_struct) 1324 return; /* Ignore NULL pointers, similar to free() */ 1325 1326 if (!pb_field_iter_begin(&iter, fields, dest_struct)) 1327 return; /* Empty message type */ 1328 1329 do 1330 { 1331 pb_release_single_field(&iter); 1332 } while (pb_field_iter_next(&iter)); 1333} 1334#else 1335void pb_release(const pb_msgdesc_t *fields, void *dest_struct) 1336{ 1337 /* Nothing to release without PB_ENABLE_MALLOC. */ 1338 PB_UNUSED(fields); 1339 PB_UNUSED(dest_struct); 1340} 1341#endif 1342 1343/* Field decoders */ 1344 1345bool pb_decode_bool(pb_istream_t *stream, bool *dest) 1346{ 1347 uint32_t value; 1348 if (!pb_decode_varint32(stream, &value)) 1349 return false; 1350 1351 *(bool*)dest = (value != 0); 1352 return true; 1353} 1354 1355bool pb_decode_svarint(pb_istream_t *stream, pb_int64_t *dest) 1356{ 1357 pb_uint64_t value; 1358 if (!pb_decode_varint(stream, &value)) 1359 return false; 1360 1361 if (value & 1) 1362 *dest = (pb_int64_t)(~(value >> 1)); 1363 else 1364 *dest = (pb_int64_t)(value >> 1); 1365 1366 return true; 1367} 1368 1369bool pb_decode_fixed32(pb_istream_t *stream, void *dest) 1370{ 1371 union { 1372 uint32_t fixed32; 1373 pb_byte_t bytes[4]; 1374 } u; 1375 1376 if (!pb_read(stream, u.bytes, 4)) 1377 return false; 1378 1379#if defined(PB_LITTLE_ENDIAN_8BIT) && PB_LITTLE_ENDIAN_8BIT == 1 1380 /* fast path - if we know that we're on little endian, assign directly */ 1381 *(uint32_t*)dest = u.fixed32; 1382#else 1383 *(uint32_t*)dest = ((uint32_t)u.bytes[0] << 0) | 1384 ((uint32_t)u.bytes[1] << 8) | 1385 ((uint32_t)u.bytes[2] << 16) | 1386 ((uint32_t)u.bytes[3] << 24); 1387#endif 1388 return true; 1389} 1390 1391#ifndef PB_WITHOUT_64BIT 1392bool pb_decode_fixed64(pb_istream_t *stream, void *dest) 1393{ 1394 union { 1395 uint64_t fixed64; 1396 pb_byte_t bytes[8]; 1397 } u; 1398 1399 if (!pb_read(stream, u.bytes, 8)) 1400 return false; 1401 1402#if defined(PB_LITTLE_ENDIAN_8BIT) && PB_LITTLE_ENDIAN_8BIT == 1 1403 /* fast path - if we know that we're on little endian, assign directly */ 1404 *(uint64_t*)dest = u.fixed64; 1405#else 1406 *(uint64_t*)dest = ((uint64_t)u.bytes[0] << 0) | 1407 ((uint64_t)u.bytes[1] << 8) | 1408 ((uint64_t)u.bytes[2] << 16) | 1409 ((uint64_t)u.bytes[3] << 24) | 1410 ((uint64_t)u.bytes[4] << 32) | 1411 ((uint64_t)u.bytes[5] << 40) | 1412 ((uint64_t)u.bytes[6] << 48) | 1413 ((uint64_t)u.bytes[7] << 56); 1414#endif 1415 return true; 1416} 1417#endif 1418 1419static bool checkreturn pb_dec_bool(pb_istream_t *stream, const pb_field_iter_t *field) 1420{ 1421 return pb_decode_bool(stream, (bool*)field->pData); 1422} 1423 1424static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_iter_t *field) 1425{ 1426 if (PB_LTYPE(field->type) == PB_LTYPE_UVARINT) 1427 { 1428 pb_uint64_t value, clamped; 1429 if (!pb_decode_varint(stream, &value)) 1430 return false; 1431 1432 /* Cast to the proper field size, while checking for overflows */ 1433 if (field->data_size == sizeof(pb_uint64_t)) 1434 clamped = *(pb_uint64_t*)field->pData = value; 1435 else if (field->data_size == sizeof(uint32_t)) 1436 clamped = *(uint32_t*)field->pData = (uint32_t)value; 1437 else if (field->data_size == sizeof(uint_least16_t)) 1438 clamped = *(uint_least16_t*)field->pData = (uint_least16_t)value; 1439 else if (field->data_size == sizeof(uint_least8_t)) 1440 clamped = *(uint_least8_t*)field->pData = (uint_least8_t)value; 1441 else 1442 PB_RETURN_ERROR(stream, "invalid data_size"); 1443 1444 if (clamped != value) 1445 PB_RETURN_ERROR(stream, "integer too large"); 1446 1447 return true; 1448 } 1449 else 1450 { 1451 pb_uint64_t value; 1452 pb_int64_t svalue; 1453 pb_int64_t clamped; 1454 1455 if (PB_LTYPE(field->type) == PB_LTYPE_SVARINT) 1456 { 1457 if (!pb_decode_svarint(stream, &svalue)) 1458 return false; 1459 } 1460 else 1461 { 1462 if (!pb_decode_varint(stream, &value)) 1463 return false; 1464 1465 /* See issue 97: Google's C++ protobuf allows negative varint values to 1466 * be cast as int32_t, instead of the int64_t that should be used when 1467 * encoding. Nanopb versions before 0.2.5 had a bug in encoding. In order to 1468 * not break decoding of such messages, we cast <=32 bit fields to 1469 * int32_t first to get the sign correct. 1470 */ 1471 if (field->data_size == sizeof(pb_int64_t)) 1472 svalue = (pb_int64_t)value; 1473 else 1474 svalue = (int32_t)value; 1475 } 1476 1477 /* Cast to the proper field size, while checking for overflows */ 1478 if (field->data_size == sizeof(pb_int64_t)) 1479 clamped = *(pb_int64_t*)field->pData = svalue; 1480 else if (field->data_size == sizeof(int32_t)) 1481 clamped = *(int32_t*)field->pData = (int32_t)svalue; 1482 else if (field->data_size == sizeof(int_least16_t)) 1483 clamped = *(int_least16_t*)field->pData = (int_least16_t)svalue; 1484 else if (field->data_size == sizeof(int_least8_t)) 1485 clamped = *(int_least8_t*)field->pData = (int_least8_t)svalue; 1486 else 1487 PB_RETURN_ERROR(stream, "invalid data_size"); 1488 1489 if (clamped != svalue) 1490 PB_RETURN_ERROR(stream, "integer too large"); 1491 1492 return true; 1493 } 1494} 1495 1496static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_iter_t *field) 1497{ 1498 uint32_t size; 1499 size_t alloc_size; 1500 pb_bytes_array_t *dest; 1501 1502 if (!pb_decode_varint32(stream, &size)) 1503 return false; 1504 1505 if (size > PB_SIZE_MAX) 1506 PB_RETURN_ERROR(stream, "bytes overflow"); 1507 1508 alloc_size = PB_BYTES_ARRAY_T_ALLOCSIZE(size); 1509 if (size > alloc_size) 1510 PB_RETURN_ERROR(stream, "size too large"); 1511 1512 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) 1513 { 1514#ifndef PB_ENABLE_MALLOC 1515 PB_RETURN_ERROR(stream, "no malloc support"); 1516#else 1517 if (stream->bytes_left < size) 1518 PB_RETURN_ERROR(stream, "end-of-stream"); 1519 1520 if (!allocate_field(stream, field->pData, alloc_size, 1)) 1521 return false; 1522 dest = *(pb_bytes_array_t**)field->pData; 1523#endif 1524 } 1525 else 1526 { 1527 if (alloc_size > field->data_size) 1528 PB_RETURN_ERROR(stream, "bytes overflow"); 1529 dest = (pb_bytes_array_t*)field->pData; 1530 } 1531 1532 dest->size = (pb_size_t)size; 1533 return pb_read(stream, dest->bytes, (size_t)size); 1534} 1535 1536static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_iter_t *field) 1537{ 1538 uint32_t size; 1539 size_t alloc_size; 1540 pb_byte_t *dest = (pb_byte_t*)field->pData; 1541 1542 if (!pb_decode_varint32(stream, &size)) 1543 return false; 1544 1545 if (size == (uint32_t)-1) 1546 PB_RETURN_ERROR(stream, "size too large"); 1547 1548 /* Space for null terminator */ 1549 alloc_size = (size_t)(size + 1); 1550 1551 if (alloc_size < size) 1552 PB_RETURN_ERROR(stream, "size too large"); 1553 1554 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) 1555 { 1556#ifndef PB_ENABLE_MALLOC 1557 PB_RETURN_ERROR(stream, "no malloc support"); 1558#else 1559 if (stream->bytes_left < size) 1560 PB_RETURN_ERROR(stream, "end-of-stream"); 1561 1562 if (!allocate_field(stream, field->pData, alloc_size, 1)) 1563 return false; 1564 dest = *(pb_byte_t**)field->pData; 1565#endif 1566 } 1567 else 1568 { 1569 if (alloc_size > field->data_size) 1570 PB_RETURN_ERROR(stream, "string overflow"); 1571 } 1572 1573 dest[size] = 0; 1574 1575 if (!pb_read(stream, dest, (size_t)size)) 1576 return false; 1577 1578#ifdef PB_VALIDATE_UTF8 1579 if (!pb_validate_utf8((const char*)dest)) 1580 PB_RETURN_ERROR(stream, "invalid utf8"); 1581#endif 1582 1583 return true; 1584} 1585 1586static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_iter_t *field) 1587{ 1588 bool status = true; 1589 bool submsg_consumed = false; 1590 pb_istream_t substream; 1591 1592 if (!pb_make_string_substream(stream, &substream)) 1593 return false; 1594 1595 if (field->submsg_desc == NULL) 1596 PB_RETURN_ERROR(stream, "invalid field descriptor"); 1597 1598 /* Submessages can have a separate message-level callback that is called 1599 * before decoding the message. Typically it is used to set callback fields 1600 * inside oneofs. */ 1601 if (PB_LTYPE(field->type) == PB_LTYPE_SUBMSG_W_CB && field->pSize != NULL) 1602 { 1603 /* Message callback is stored right before pSize. */ 1604 pb_callback_t *callback = (pb_callback_t*)field->pSize - 1; 1605 if (callback->funcs.decode) 1606 { 1607 status = callback->funcs.decode(&substream, field, &callback->arg); 1608 1609 if (substream.bytes_left == 0) 1610 { 1611 submsg_consumed = true; 1612 } 1613 } 1614 } 1615 1616 /* Now decode the submessage contents */ 1617 if (status && !submsg_consumed) 1618 { 1619 unsigned int flags = 0; 1620 1621 /* Static required/optional fields are already initialized by top-level 1622 * pb_decode(), no need to initialize them again. */ 1623 if (PB_ATYPE(field->type) == PB_ATYPE_STATIC && 1624 PB_HTYPE(field->type) != PB_HTYPE_REPEATED) 1625 { 1626 flags = PB_DECODE_NOINIT; 1627 } 1628 1629 status = pb_decode_inner(&substream, field->submsg_desc, field->pData, flags); 1630 } 1631 1632 if (!pb_close_string_substream(stream, &substream)) 1633 return false; 1634 1635 return status; 1636} 1637 1638static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_iter_t *field) 1639{ 1640 uint32_t size; 1641 1642 if (!pb_decode_varint32(stream, &size)) 1643 return false; 1644 1645 if (size > PB_SIZE_MAX) 1646 PB_RETURN_ERROR(stream, "bytes overflow"); 1647 1648 if (size == 0) 1649 { 1650 /* As a special case, treat empty bytes string as all zeros for fixed_length_bytes. */ 1651 memset(field->pData, 0, (size_t)field->data_size); 1652 return true; 1653 } 1654 1655 if (size != field->data_size) 1656 PB_RETURN_ERROR(stream, "incorrect fixed length bytes size"); 1657 1658 return pb_read(stream, (pb_byte_t*)field->pData, (size_t)field->data_size); 1659} 1660 1661#ifdef PB_CONVERT_DOUBLE_FLOAT 1662bool pb_decode_double_as_float(pb_istream_t *stream, float *dest) 1663{ 1664 uint_least8_t sign; 1665 int exponent; 1666 uint32_t mantissa; 1667 uint64_t value; 1668 union { float f; uint32_t i; } out; 1669 1670 if (!pb_decode_fixed64(stream, &value)) 1671 return false; 1672 1673 /* Decompose input value */ 1674 sign = (uint_least8_t)((value >> 63) & 1); 1675 exponent = (int)((value >> 52) & 0x7FF) - 1023; 1676 mantissa = (value >> 28) & 0xFFFFFF; /* Highest 24 bits */ 1677 1678 /* Figure if value is in range representable by floats. */ 1679 if (exponent == 1024) 1680 { 1681 /* Special value */ 1682 exponent = 128; 1683 mantissa >>= 1; 1684 } 1685 else 1686 { 1687 if (exponent > 127) 1688 { 1689 /* Too large, convert to infinity */ 1690 exponent = 128; 1691 mantissa = 0; 1692 } 1693 else if (exponent < -150) 1694 { 1695 /* Too small, convert to zero */ 1696 exponent = -127; 1697 mantissa = 0; 1698 } 1699 else if (exponent < -126) 1700 { 1701 /* Denormalized */ 1702 mantissa |= 0x1000000; 1703 mantissa >>= (-126 - exponent); 1704 exponent = -127; 1705 } 1706 1707 /* Round off mantissa */ 1708 mantissa = (mantissa + 1) >> 1; 1709 1710 /* Check if mantissa went over 2.0 */ 1711 if (mantissa & 0x800000) 1712 { 1713 exponent += 1; 1714 mantissa &= 0x7FFFFF; 1715 mantissa >>= 1; 1716 } 1717 } 1718 1719 /* Combine fields */ 1720 out.i = mantissa; 1721 out.i |= (uint32_t)(exponent + 127) << 23; 1722 out.i |= (uint32_t)sign << 31; 1723 1724 *dest = out.f; 1725 return true; 1726} 1727#endif