SingingCat 0
application
pb_decode.c
1/* pb_decode.c -- decode a protobuf using minimal resources
2 *
3 * 2011 Petteri Aimonen <jpa@kapsi.fi>
4 */
5
6/* Use the GCC warn_unused_result attribute to check that all return values
7 * are propagated correctly. On other compilers and gcc before 3.4.0 just
8 * ignore the annotation.
9 */
10#if !defined(__GNUC__) || (__GNUC__ < 3) || (__GNUC__ == 3 && __GNUC_MINOR__ < 4)
11#define checkreturn
12#else
13#define checkreturn __attribute__((warn_unused_result))
14#endif
15
16#include "pb.h"
17#include "pb_decode.h"
18#include "pb_common.h"
19
20/**************************************
21* Declarations internal to this file *
22**************************************/
23
24static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count);
25static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof);
26static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size);
27static bool checkreturn decode_basic_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
28static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
29static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
30static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
31static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field);
32static bool checkreturn default_extension_decoder(pb_istream_t *stream, pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type);
33static bool checkreturn decode_extension(pb_istream_t *stream, uint32_t tag, pb_wire_type_t wire_type, pb_extension_t *extension);
34static bool pb_field_set_to_default(pb_field_iter_t *field);
35static bool pb_message_set_to_defaults(pb_field_iter_t *iter);
36static bool checkreturn pb_dec_bool(pb_istream_t *stream, const pb_field_iter_t *field);
37static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_iter_t *field);
38static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_iter_t *field);
39static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_iter_t *field);
40static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_iter_t *field);
41static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_iter_t *field);
42static bool checkreturn pb_skip_varint(pb_istream_t *stream);
43static bool checkreturn pb_skip_string(pb_istream_t *stream);
44
45#ifdef PB_ENABLE_MALLOC
46static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size);
47static void initialize_pointer_field(void *pItem, pb_field_iter_t *field);
48static bool checkreturn pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *field);
49static void pb_release_single_field(pb_field_iter_t *field);
50#endif
51
52#ifdef PB_WITHOUT_64BIT
53#define pb_int64_t int32_t
54#define pb_uint64_t uint32_t
55#else
56#define pb_int64_t int64_t
57#define pb_uint64_t uint64_t
58#endif
59
60typedef struct {
61 uint32_t bitfield[(PB_MAX_REQUIRED_FIELDS + 31) / 32];
63
64/*******************************
65* pb_istream_t implementation *
66*******************************/
67static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count) {
68 const pb_byte_t *source = (const pb_byte_t *)stream->state;
69
70 stream->state = (pb_byte_t *)stream->state + count;
71
72 if (buf != NULL) {
73 memcpy(buf, source, count * sizeof(pb_byte_t));
74 }
75
76 return true;
77}
78
79bool checkreturn pb_read(pb_istream_t *stream, pb_byte_t *buf, size_t count) {
80 if (count == 0) {
81 return true;
82 }
83
84#ifndef PB_BUFFER_ONLY
85 if (buf == NULL && stream->callback != buf_read) {
86 /* Skip input bytes */
87 pb_byte_t tmp[16];
88 while (count > 16) {
89 if (!pb_read(stream, tmp, 16)) {
90 return false;
91 }
92
93 count -= 16;
94 }
95
96 return pb_read(stream, tmp, count);
97 }
98#endif
99
100 if (stream->bytes_left < count) {
101 PB_RETURN_ERROR(stream, "end-of-stream");
102 }
103
104#ifndef PB_BUFFER_ONLY
105 if (!stream->callback(stream, buf, count)) {
106 PB_RETURN_ERROR(stream, "io error");
107 }
108#else
109 if (!buf_read(stream, buf, count)) {
110 return false;
111 }
112#endif
113
114 stream->bytes_left -= count;
115 return true;
116}
117
118/* Read a single byte from input stream. buf may not be NULL.
119 * This is an optimization for the varint decoding. */
120static bool checkreturn pb_readbyte(pb_istream_t *stream, pb_byte_t *buf) {
121 if (stream->bytes_left == 0) {
122 PB_RETURN_ERROR(stream, "end-of-stream");
123 }
124
125#ifndef PB_BUFFER_ONLY
126 if (!stream->callback(stream, buf, 1)) {
127 PB_RETURN_ERROR(stream, "io error");
128 }
129#else
130 *buf = *(const pb_byte_t *)stream->state;
131 stream->state = (pb_byte_t *)stream->state + 1;
132#endif
133
134 stream->bytes_left--;
135
136 return true;
137}
138
139pb_istream_t pb_istream_from_buffer(const pb_byte_t *buf, size_t msglen) {
141
142 /* Cast away the const from buf without a compiler error. We are
143 * careful to use it only in a const manner in the callbacks.
144 */
145 union {
146 void * state;
147 const void *c_state;
148 } state;
149#ifdef PB_BUFFER_ONLY
150 stream.callback = NULL;
151#else
152 stream.callback = &buf_read;
153#endif
154 state.c_state = buf;
155 stream.state = state.state;
156 stream.bytes_left = msglen;
157#ifndef PB_NO_ERRMSG
158 stream.errmsg = NULL;
159#endif
160 return stream;
161}
162
163/********************
164* Helper functions *
165********************/
166static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof) {
167 pb_byte_t byte;
168 uint32_t result;
169
170 if (!pb_readbyte(stream, &byte)) {
171 if (stream->bytes_left == 0) {
172 if (eof) {
173 *eof = true;
174 }
175 }
176
177 return false;
178 }
179
180 if ((byte & 0x80) == 0) {
181 /* Quick case, 1 byte value */
182 result = byte;
183 } else {
184 /* Multibyte case */
185 uint_fast8_t bitpos = 7;
186 result = byte & 0x7F;
187
188 do{
189 if (!pb_readbyte(stream, &byte)) {
190 return false;
191 }
192
193 if (bitpos >= 32) {
194 /* Note: The varint could have trailing 0x80 bytes, or 0xFF for negative. */
195 pb_byte_t sign_extension = (bitpos < 63) ? 0xFF : 0x01;
196 bool valid_extension = ((byte & 0x7F) == 0x00 ||
197 ((result >> 31) != 0 && byte == sign_extension));
198
199 if (bitpos >= 64 || !valid_extension) {
200 PB_RETURN_ERROR(stream, "varint overflow");
201 }
202 } else if (bitpos == 28) {
203 if ((byte & 0x70) != 0 && (byte & 0x78) != 0x78) {
204 PB_RETURN_ERROR(stream, "varint overflow");
205 }
206 result |= (uint32_t)(byte & 0x0F) << bitpos;
207 } else {
208 result |= (uint32_t)(byte & 0x7F) << bitpos;
209 }
210 bitpos = (uint_fast8_t)(bitpos + 7);
211 } while (byte & 0x80);
212 }
213
214 *dest = result;
215 return true;
216}
217
218bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest) {
219 return pb_decode_varint32_eof(stream, dest, NULL);
220}
221
222#ifndef PB_WITHOUT_64BIT
223bool checkreturn pb_decode_varint(pb_istream_t *stream, uint64_t *dest) {
224 pb_byte_t byte;
225 uint_fast8_t bitpos = 0;
226 uint64_t result = 0;
227
228 do{
229 if (!pb_readbyte(stream, &byte)) {
230 return false;
231 }
232
233 if (bitpos >= 63 && (byte & 0xFE) != 0) {
234 PB_RETURN_ERROR(stream, "varint overflow");
235 }
236
237 result |= (uint64_t)(byte & 0x7F) << bitpos;
238 bitpos = (uint_fast8_t)(bitpos + 7);
239 } while (byte & 0x80);
240
241 *dest = result;
242 return true;
243}
244#endif
245
246bool checkreturn pb_skip_varint(pb_istream_t *stream) {
247 pb_byte_t byte;
248
249 do{
250 if (!pb_read(stream, &byte, 1)) {
251 return false;
252 }
253 } while (byte & 0x80);
254 return true;
255}
256
257bool checkreturn pb_skip_string(pb_istream_t *stream) {
258 uint32_t length;
259
260 if (!pb_decode_varint32(stream, &length)) {
261 return false;
262 }
263
264 if ((size_t)length != length) {
265 PB_RETURN_ERROR(stream, "size too large");
266 }
267
268 return pb_read(stream, NULL, (size_t)length);
269}
270
271bool checkreturn pb_decode_tag(pb_istream_t *stream, pb_wire_type_t *wire_type, uint32_t *tag, bool *eof) {
272 uint32_t temp;
273
274 *eof = false;
275 *wire_type = (pb_wire_type_t)0;
276 *tag = 0;
277
278 if (!pb_decode_varint32_eof(stream, &temp, eof)) {
279 return false;
280 }
281
282 *tag = temp >> 3;
283 *wire_type = (pb_wire_type_t)(temp & 7);
284 return true;
285}
286
287bool checkreturn pb_skip_field(pb_istream_t *stream, pb_wire_type_t wire_type) {
288 switch (wire_type) {
289 case PB_WT_VARINT: return pb_skip_varint(stream);
290 case PB_WT_64BIT: return pb_read(stream, NULL, 8);
291 case PB_WT_STRING: return pb_skip_string(stream);
292 case PB_WT_32BIT: return pb_read(stream, NULL, 4);
293 default: PB_RETURN_ERROR(stream, "invalid wire_type");
294 }
295}
296
297/* Read a raw value to buffer, for the purpose of passing it to callback as
298 * a substream. Size is maximum size on call, and actual size on return.
299 */
300static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size) {
301 size_t max_size = *size;
302
303 switch (wire_type) {
304 case PB_WT_VARINT:
305 *size = 0;
306 do{
307 (*size)++;
308 if (*size > max_size) {
309 PB_RETURN_ERROR(stream, "varint overflow");
310 }
311
312 if (!pb_read(stream, buf, 1)) {
313 return false;
314 }
315 } while (*buf++ & 0x80);
316 return true;
317
318 case PB_WT_64BIT:
319 *size = 8;
320 return pb_read(stream, buf, 8);
321
322 case PB_WT_32BIT:
323 *size = 4;
324 return pb_read(stream, buf, 4);
325
326 case PB_WT_STRING:
327 /* Calling read_raw_value with a PB_WT_STRING is an error.
328 * Explicitly handle this case and fallthrough to default to avoid
329 * compiler warnings.
330 */
331
332 default: PB_RETURN_ERROR(stream, "invalid wire_type");
333 }
334}
335
336/* Decode string length from stream and return a substream with limited length.
337 * Remember to close the substream using pb_close_string_substream().
338 */
339bool checkreturn pb_make_string_substream(pb_istream_t *stream, pb_istream_t *substream) {
340 uint32_t size;
341
342 if (!pb_decode_varint32(stream, &size)) {
343 return false;
344 }
345
346 *substream = *stream;
347 if (substream->bytes_left < size) {
348 PB_RETURN_ERROR(stream, "parent stream too short");
349 }
350
351 substream->bytes_left = (size_t)size;
352 stream->bytes_left -= (size_t)size;
353 return true;
354}
355
356bool checkreturn pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream) {
357 if (substream->bytes_left) {
358 if (!pb_read(substream, NULL, substream->bytes_left)) {
359 return false;
360 }
361 }
362
363 stream->state = substream->state;
364
365#ifndef PB_NO_ERRMSG
366 stream->errmsg = substream->errmsg;
367#endif
368 return true;
369}
370
371/*************************
372* Decode a single field *
373*************************/
374static bool checkreturn decode_basic_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) {
375 switch (PB_LTYPE(field->type)) {
376 case PB_LTYPE_BOOL:
377 if (wire_type != PB_WT_VARINT && wire_type != PB_WT_PACKED) {
378 PB_RETURN_ERROR(stream, "wrong wire type");
379 }
380
381 return pb_dec_bool(stream, field);
382
383 case PB_LTYPE_VARINT:
384 case PB_LTYPE_UVARINT:
385 case PB_LTYPE_SVARINT:
386 if (wire_type != PB_WT_VARINT && wire_type != PB_WT_PACKED) {
387 PB_RETURN_ERROR(stream, "wrong wire type");
388 }
389
390 return pb_dec_varint(stream, field);
391
392 case PB_LTYPE_FIXED32:
393 if (wire_type != PB_WT_32BIT && wire_type != PB_WT_PACKED) {
394 PB_RETURN_ERROR(stream, "wrong wire type");
395 }
396
397 return pb_decode_fixed32(stream, field->pData);
398
399 case PB_LTYPE_FIXED64:
400 if (wire_type != PB_WT_64BIT && wire_type != PB_WT_PACKED) {
401 PB_RETURN_ERROR(stream, "wrong wire type");
402 }
403
404#ifdef PB_CONVERT_DOUBLE_FLOAT
405 if (field->data_size == sizeof(float)) {
406 return pb_decode_double_as_float(stream, (float *)field->pData);
407 }
408#endif
409
410#ifdef PB_WITHOUT_64BIT
411 PB_RETURN_ERROR(stream, "invalid data_size");
412#else
413 return pb_decode_fixed64(stream, field->pData);
414#endif
415
416 case PB_LTYPE_BYTES:
417 if (wire_type != PB_WT_STRING) {
418 PB_RETURN_ERROR(stream, "wrong wire type");
419 }
420
421 return pb_dec_bytes(stream, field);
422
423 case PB_LTYPE_STRING:
424 if (wire_type != PB_WT_STRING) {
425 PB_RETURN_ERROR(stream, "wrong wire type");
426 }
427
428 return pb_dec_string(stream, field);
429
430 case PB_LTYPE_SUBMESSAGE:
431 case PB_LTYPE_SUBMSG_W_CB:
432 if (wire_type != PB_WT_STRING) {
433 PB_RETURN_ERROR(stream, "wrong wire type");
434 }
435
436 return pb_dec_submessage(stream, field);
437
438 case PB_LTYPE_FIXED_LENGTH_BYTES:
439 if (wire_type != PB_WT_STRING) {
440 PB_RETURN_ERROR(stream, "wrong wire type");
441 }
442
443 return pb_dec_fixed_length_bytes(stream, field);
444
445 default:
446 PB_RETURN_ERROR(stream, "invalid field type");
447 }
448}
449
450static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) {
451 switch (PB_HTYPE(field->type)) {
452 case PB_HTYPE_REQUIRED:
453 return decode_basic_field(stream, wire_type, field);
454
455 case PB_HTYPE_OPTIONAL:
456 if (field->pSize != NULL) {
457 *(bool *)field->pSize = true;
458 }
459 return decode_basic_field(stream, wire_type, field);
460
461 case PB_HTYPE_REPEATED:
462 if (wire_type == PB_WT_STRING
463 && PB_LTYPE(field->type) <= PB_LTYPE_LAST_PACKABLE) {
464 /* Packed array */
465 bool status = true;
466 pb_istream_t substream;
467 pb_size_t *size = (pb_size_t *)field->pSize;
468 field->pData = (char *)field->pField + field->data_size * (*size);
469
470 if (!pb_make_string_substream(stream, &substream)) {
471 return false;
472 }
473
474 while (substream.bytes_left > 0 && *size < field->array_size) {
475 if (!decode_basic_field(&substream, PB_WT_PACKED, field)) {
476 status = false;
477 break;
478 }
479 (*size)++;
480 field->pData = (char *)field->pData + field->data_size;
481 }
482
483 if (substream.bytes_left != 0) {
484 PB_RETURN_ERROR(stream, "array overflow");
485 }
486 if (!pb_close_string_substream(stream, &substream)) {
487 return false;
488 }
489
490 return status;
491 } else {
492 /* Repeated field */
493 pb_size_t *size = (pb_size_t *)field->pSize;
494 field->pData = (char *)field->pField + field->data_size * (*size);
495
496 if ((*size)++ >= field->array_size) {
497 PB_RETURN_ERROR(stream, "array overflow");
498 }
499
500 return decode_basic_field(stream, wire_type, field);
501 }
502
503 case PB_HTYPE_ONEOF:
504 if (PB_LTYPE_IS_SUBMSG(field->type) &&
505 *(pb_size_t *)field->pSize != field->tag) {
506 /* We memset to zero so that any callbacks are set to NULL.
507 * This is because the callbacks might otherwise have values
508 * from some other union field.
509 * If callbacks are needed inside oneof field, use .proto
510 * option submsg_callback to have a separate callback function
511 * that can set the fields before submessage is decoded.
512 * pb_dec_submessage() will set any default values. */
513 memset(field->pData, 0, (size_t)field->data_size);
514
515 /* Set default values for the submessage fields. */
516 if (field->submsg_desc->default_value != NULL ||
517 field->submsg_desc->field_callback != NULL ||
518 field->submsg_desc->submsg_info[0] != NULL) {
519 pb_field_iter_t submsg_iter;
520 if (pb_field_iter_begin(&submsg_iter, field->submsg_desc, field->pData)) {
521 if (!pb_message_set_to_defaults(&submsg_iter)) {
522 PB_RETURN_ERROR(stream, "failed to set defaults");
523 }
524 }
525 }
526 }
527 *(pb_size_t *)field->pSize = field->tag;
528
529 return decode_basic_field(stream, wire_type, field);
530
531 default:
532 PB_RETURN_ERROR(stream, "invalid field type");
533 }
534}
535
536#ifdef PB_ENABLE_MALLOC
537/* Allocate storage for the field and store the pointer at iter->pData.
538 * array_size is the number of entries to reserve in an array.
539 * Zero size is not allowed, use pb_free() for releasing.
540 */
541static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size) {
542 void *ptr = *(void **)pData;
543
544 if (data_size == 0 || array_size == 0) {
545 PB_RETURN_ERROR(stream, "invalid size");
546 }
547
548#ifdef __AVR__
549 /* Workaround for AVR libc bug 53284: http://savannah.nongnu.org/bugs/?53284
550 * Realloc to size of 1 byte can cause corruption of the malloc structures.
551 */
552 if (data_size == 1 && array_size == 1) {
553 data_size = 2;
554 }
555#endif
556
557 /* Check for multiplication overflows.
558 * This code avoids the costly division if the sizes are small enough.
559 * Multiplication is safe as long as only half of bits are set
560 * in either multiplicand.
561 */
562 {
563 const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4);
564 if (data_size >= check_limit || array_size >= check_limit) {
565 const size_t size_max = (size_t)-1;
566 if (size_max / array_size < data_size) {
567 PB_RETURN_ERROR(stream, "size too large");
568 }
569 }
570 }
571
572 /* Allocate new or expand previous allocation */
573 /* Note: on failure the old pointer will remain in the structure,
574 * the message must be freed by caller also on error return. */
575 ptr = pb_realloc(ptr, array_size * data_size);
576 if (ptr == NULL) {
577 PB_RETURN_ERROR(stream, "realloc failed");
578 }
579
580 *(void **)pData = ptr;
581 return true;
582}
583
584/* Clear a newly allocated item in case it contains a pointer, or is a submessage. */
585static void initialize_pointer_field(void *pItem, pb_field_iter_t *field) {
586 if (PB_LTYPE(field->type) == PB_LTYPE_STRING ||
587 PB_LTYPE(field->type) == PB_LTYPE_BYTES) {
588 *(void **)pItem = NULL;
589 } else if (PB_LTYPE_IS_SUBMSG(field->type)) {
590 /* We memset to zero so that any callbacks are set to NULL.
591 * Default values will be set by pb_dec_submessage(). */
592 memset(pItem, 0, field->data_size);
593 }
594}
595#endif
596
597static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) {
598#ifndef PB_ENABLE_MALLOC
599 PB_UNUSED(wire_type);
600 PB_UNUSED(field);
601 PB_RETURN_ERROR(stream, "no malloc support");
602#else
603 switch (PB_HTYPE(field->type)) {
604 case PB_HTYPE_REQUIRED:
605 case PB_HTYPE_OPTIONAL:
606 case PB_HTYPE_ONEOF:
607 if (PB_LTYPE_IS_SUBMSG(field->type) && *(void **)field->pField != NULL) {
608 /* Duplicate field, have to release the old allocation first. */
609 /* FIXME: Does this work correctly for oneofs? */
610 pb_release_single_field(field);
611 }
612
613 if (PB_HTYPE(field->type) == PB_HTYPE_ONEOF) {
614 *(pb_size_t *)field->pSize = field->tag;
615 }
616
617 if (PB_LTYPE(field->type) == PB_LTYPE_STRING ||
618 PB_LTYPE(field->type) == PB_LTYPE_BYTES) {
619 /* pb_dec_string and pb_dec_bytes handle allocation themselves */
620 field->pData = field->pField;
621 return decode_basic_field(stream, wire_type, field);
622 } else {
623 if (!allocate_field(stream, field->pField, field->data_size, 1)) {
624 return false;
625 }
626
627 field->pData = *(void **)field->pField;
628 initialize_pointer_field(field->pData, field);
629 return decode_basic_field(stream, wire_type, field);
630 }
631
632 case PB_HTYPE_REPEATED:
633 if (wire_type == PB_WT_STRING
634 && PB_LTYPE(field->type) <= PB_LTYPE_LAST_PACKABLE) {
635 /* Packed array, multiple items come in at once. */
636 bool status = true;
637 pb_size_t *size = (pb_size_t *)field->pSize;
638 size_t allocated_size = *size;
639 pb_istream_t substream;
640
641 if (!pb_make_string_substream(stream, &substream)) {
642 return false;
643 }
644
645 while (substream.bytes_left) {
646 if (*size == PB_SIZE_MAX) {
647#ifndef PB_NO_ERRMSG
648 stream->errmsg = "too many array entries";
649#endif
650 status = false;
651 break;
652 }
653
654 if ((size_t)*size + 1 > allocated_size) {
655 /* Allocate more storage. This tries to guess the
656 * number of remaining entries. Round the division
657 * upwards. */
658 size_t remain = (substream.bytes_left - 1) / field->data_size + 1;
659 if (remain < PB_SIZE_MAX - allocated_size) {
660 allocated_size += remain;
661 } else {
662 allocated_size += 1;
663 }
664
665 if (!allocate_field(&substream, field->pField, field->data_size, allocated_size)) {
666 status = false;
667 break;
668 }
669 }
670
671 /* Decode the array entry */
672 field->pData = *(char **)field->pField + field->data_size * (*size);
673 if (field->pData == NULL) {
674 /* Shouldn't happen, but satisfies static analyzers */
675 status = false;
676 break;
677 }
678 initialize_pointer_field(field->pData, field);
679 if (!decode_basic_field(&substream, PB_WT_PACKED, field)) {
680 status = false;
681 break;
682 }
683
684 (*size)++;
685 }
686 if (!pb_close_string_substream(stream, &substream)) {
687 return false;
688 }
689
690 return status;
691 } else {
692 /* Normal repeated field, i.e. only one item at a time. */
693 pb_size_t *size = (pb_size_t *)field->pSize;
694
695 if (*size == PB_SIZE_MAX) {
696 PB_RETURN_ERROR(stream, "too many array entries");
697 }
698
699 if (!allocate_field(stream, field->pField, field->data_size, (size_t)(*size + 1))) {
700 return false;
701 }
702
703 field->pData = *(char **)field->pField + field->data_size * (*size);
704 (*size)++;
705 initialize_pointer_field(field->pData, field);
706 return decode_basic_field(stream, wire_type, field);
707 }
708
709 default:
710 PB_RETURN_ERROR(stream, "invalid field type");
711 }
712#endif
713}
714
715static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) {
716 if (!field->descriptor->field_callback) {
717 return pb_skip_field(stream, wire_type);
718 }
719
720 if (wire_type == PB_WT_STRING) {
721 pb_istream_t substream;
722 size_t prev_bytes_left;
723
724 if (!pb_make_string_substream(stream, &substream)) {
725 return false;
726 }
727
728 do{
729 prev_bytes_left = substream.bytes_left;
730 if (!field->descriptor->field_callback(&substream, NULL, field)) {
731 PB_RETURN_ERROR(stream, "callback failed");
732 }
733 } while (substream.bytes_left > 0 && substream.bytes_left < prev_bytes_left);
734
735 if (!pb_close_string_substream(stream, &substream)) {
736 return false;
737 }
738
739 return true;
740 } else {
741 /* Copy the single scalar value to stack.
742 * This is required so that we can limit the stream length,
743 * which in turn allows to use same callback for packed and
744 * not-packed fields. */
745 pb_istream_t substream;
746 pb_byte_t buffer[10];
747 size_t size = sizeof(buffer);
748
749 if (!read_raw_value(stream, wire_type, buffer, &size)) {
750 return false;
751 }
752 substream = pb_istream_from_buffer(buffer, size);
753
754 return field->descriptor->field_callback(&substream, NULL, field);
755 }
756}
757
758static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *field) {
759#ifdef PB_ENABLE_MALLOC
760 /* When decoding an oneof field, check if there is old data that must be
761 * released first. */
762 if (PB_HTYPE(field->type) == PB_HTYPE_ONEOF) {
763 if (!pb_release_union_field(stream, field)) {
764 return false;
765 }
766 }
767#endif
768
769 switch (PB_ATYPE(field->type)) {
770 case PB_ATYPE_STATIC:
771 return decode_static_field(stream, wire_type, field);
772
773 case PB_ATYPE_POINTER:
774 return decode_pointer_field(stream, wire_type, field);
775
776 case PB_ATYPE_CALLBACK:
777 return decode_callback_field(stream, wire_type, field);
778
779 default:
780 PB_RETURN_ERROR(stream, "invalid field type");
781 }
782}
783
784/* Default handler for extension fields. Expects to have a pb_msgdesc_t
785 * pointer in the extension->type->arg field, pointing to a message with
786 * only one field in it. */
787static bool checkreturn default_extension_decoder(pb_istream_t *stream,
788 pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type) {
789 pb_field_iter_t iter;
790
791 if (!pb_field_iter_begin_extension(&iter, extension)) {
792 PB_RETURN_ERROR(stream, "invalid extension");
793 }
794
795 if (iter.tag != tag || !iter.message) {
796 return true;
797 }
798
799 extension->found = true;
800 return decode_field(stream, wire_type, &iter);
801}
802
803/* Try to decode an unknown field as an extension field. Tries each extension
804 * decoder in turn, until one of them handles the field or loop ends. */
805static bool checkreturn decode_extension(pb_istream_t *stream,
806 uint32_t tag, pb_wire_type_t wire_type, pb_extension_t *extension) {
807 size_t pos = stream->bytes_left;
808
809 while (extension != NULL && pos == stream->bytes_left) {
810 bool status;
811 if (extension->type->decode) {
812 status = extension->type->decode(stream, extension, tag, wire_type);
813 } else {
814 status = default_extension_decoder(stream, extension, tag, wire_type);
815 }
816
817 if (!status) {
818 return false;
819 }
820
821 extension = extension->next;
822 }
823
824 return true;
825}
826
827/* Initialize message fields to default values, recursively */
828static bool pb_field_set_to_default(pb_field_iter_t *field) {
829 pb_type_t type;
830
831 type = field->type;
832
833 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION) {
834 pb_extension_t *ext = *(pb_extension_t *const *)field->pData;
835 while (ext != NULL) {
836 pb_field_iter_t ext_iter;
837 if (pb_field_iter_begin_extension(&ext_iter, ext)) {
838 ext->found = false;
839 if (!pb_message_set_to_defaults(&ext_iter)) {
840 return false;
841 }
842 }
843 ext = ext->next;
844 }
845 } else if (PB_ATYPE(type) == PB_ATYPE_STATIC) {
846 bool init_data = true;
847 if (PB_HTYPE(type) == PB_HTYPE_OPTIONAL && field->pSize != NULL) {
848 /* Set has_field to false. Still initialize the optional field
849 * itself also. */
850 *(bool *)field->pSize = false;
851 } else if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
852 PB_HTYPE(type) == PB_HTYPE_ONEOF) {
853 /* REPEATED: Set array count to 0, no need to initialize contents.
854 * ONEOF: Set which_field to 0. */
855 *(pb_size_t *)field->pSize = 0;
856 init_data = false;
857 }
858
859 if (init_data) {
860 if (PB_LTYPE_IS_SUBMSG(field->type) &&
861 (field->submsg_desc->default_value != NULL ||
862 field->submsg_desc->field_callback != NULL ||
863 field->submsg_desc->submsg_info[0] != NULL)) {
864 /* Initialize submessage to defaults.
865 * Only needed if it has default values
866 * or callback/submessage fields. */
867 pb_field_iter_t submsg_iter;
868 if (pb_field_iter_begin(&submsg_iter, field->submsg_desc, field->pData)) {
869 if (!pb_message_set_to_defaults(&submsg_iter)) {
870 return false;
871 }
872 }
873 } else {
874 /* Initialize to zeros */
875 memset(field->pData, 0, (size_t)field->data_size);
876 }
877 }
878 } else if (PB_ATYPE(type) == PB_ATYPE_POINTER) {
879 /* Initialize the pointer to NULL. */
880 *(void **)field->pField = NULL;
881
882 /* Initialize array count to 0. */
883 if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
884 PB_HTYPE(type) == PB_HTYPE_ONEOF) {
885 *(pb_size_t *)field->pSize = 0;
886 }
887 } else if (PB_ATYPE(type) == PB_ATYPE_CALLBACK) {
888 /* Don't overwrite callback */
889 }
890
891 return true;
892}
893
894static bool pb_message_set_to_defaults(pb_field_iter_t *iter) {
895 pb_istream_t defstream = PB_ISTREAM_EMPTY;
896 uint32_t tag = 0;
897 pb_wire_type_t wire_type = PB_WT_VARINT;
898 bool eof;
899
900 if (iter->descriptor->default_value) {
901 defstream = pb_istream_from_buffer(iter->descriptor->default_value, (size_t)-1);
902 if (!pb_decode_tag(&defstream, &wire_type, &tag, &eof)) {
903 return false;
904 }
905 }
906
907 do{
908 if (!pb_field_set_to_default(iter)) {
909 return false;
910 }
911
912 if (tag != 0 && iter->tag == tag) {
913 /* We have a default value for this field in the defstream */
914 if (!decode_field(&defstream, wire_type, iter)) {
915 return false;
916 }
917 if (!pb_decode_tag(&defstream, &wire_type, &tag, &eof)) {
918 return false;
919 }
920
921 if (iter->pSize) {
922 *(bool *)iter->pSize = false;
923 }
924 }
925 } while (pb_field_iter_next(iter));
926
927 return true;
928}
929
930/*********************
931* Decode all fields *
932*********************/
933static bool checkreturn pb_decode_inner(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct, unsigned int flags) {
934 uint32_t extension_range_start = 0;
935 pb_extension_t *extensions = NULL;
936
937 /* 'fixed_count_field' and 'fixed_count_size' track position of a repeated fixed
938 * count field. This can only handle _one_ repeated fixed count field that
939 * is unpacked and unordered among other (non repeated fixed count) fields.
940 */
941 pb_size_t fixed_count_field = PB_SIZE_MAX;
942 pb_size_t fixed_count_size = 0;
943 pb_size_t fixed_count_total_size = 0;
944
945 pb_fields_seen_t fields_seen = { { 0, 0 } };
946 const uint32_t allbits = ~(uint32_t)0;
947 pb_field_iter_t iter;
948
949 if (pb_field_iter_begin(&iter, fields, dest_struct)) {
950 if ((flags & PB_DECODE_NOINIT) == 0) {
951 if (!pb_message_set_to_defaults(&iter)) {
952 PB_RETURN_ERROR(stream, "failed to set defaults");
953 }
954 }
955 }
956
957 while (stream->bytes_left) {
958 uint32_t tag;
959 pb_wire_type_t wire_type;
960 bool eof;
961
962 if (!pb_decode_tag(stream, &wire_type, &tag, &eof)) {
963 if (eof) {
964 break;
965 } else {
966 return false;
967 }
968 }
969
970 if (tag == 0) {
971 if (flags & PB_DECODE_NULLTERMINATED) {
972 break;
973 } else {
974 PB_RETURN_ERROR(stream, "zero tag");
975 }
976 }
977
978 if (!pb_field_iter_find(&iter, tag) || PB_LTYPE(iter.type) == PB_LTYPE_EXTENSION) {
979 /* No match found, check if it matches an extension. */
980 if (extension_range_start == 0) {
981 if (pb_field_iter_find_extension(&iter)) {
982 extensions = *(pb_extension_t *const *)iter.pData;
983 extension_range_start = iter.tag;
984 }
985
986 if (!extensions) {
987 extension_range_start = (uint32_t)-1;
988 }
989 }
990
991 if (tag >= extension_range_start) {
992 size_t pos = stream->bytes_left;
993
994 if (!decode_extension(stream, tag, wire_type, extensions)) {
995 return false;
996 }
997
998 if (pos != stream->bytes_left) {
999 /* The field was handled */
1000 continue;
1001 }
1002 }
1003
1004 /* No match found, skip data */
1005 if (!pb_skip_field(stream, wire_type)) {
1006 return false;
1007 }
1008 continue;
1009 }
1010
1011 /* If a repeated fixed count field was found, get size from
1012 * 'fixed_count_field' as there is no counter contained in the struct.
1013 */
1014 if (PB_HTYPE(iter.type) == PB_HTYPE_REPEATED && iter.pSize == &iter.array_size) {
1015 if (fixed_count_field != iter.index) {
1016 /* If the new fixed count field does not match the previous one,
1017 * check that the previous one is NULL or that it finished
1018 * receiving all the expected data.
1019 */
1020 if (fixed_count_field != PB_SIZE_MAX &&
1021 fixed_count_size != fixed_count_total_size) {
1022 PB_RETURN_ERROR(stream, "wrong size for fixed count field");
1023 }
1024
1025 fixed_count_field = iter.index;
1026 fixed_count_size = 0;
1027 fixed_count_total_size = iter.array_size;
1028 }
1029
1030 iter.pSize = &fixed_count_size;
1031 }
1032
1033 if (PB_HTYPE(iter.type) == PB_HTYPE_REQUIRED
1034 && iter.required_field_index < PB_MAX_REQUIRED_FIELDS) {
1035 uint32_t tmp = ((uint32_t)1 << (iter.required_field_index & 31));
1036 fields_seen.bitfield[iter.required_field_index >> 5] |= tmp;
1037 }
1038
1039 if (!decode_field(stream, wire_type, &iter)) {
1040 return false;
1041 }
1042 }
1043
1044 /* Check that all elements of the last decoded fixed count field were present. */
1045 if (fixed_count_field != PB_SIZE_MAX &&
1046 fixed_count_size != fixed_count_total_size) {
1047 PB_RETURN_ERROR(stream, "wrong size for fixed count field");
1048 }
1049
1050 /* Check that all required fields were present. */
1051 {
1052 pb_size_t req_field_count = iter.descriptor->required_field_count;
1053
1054 if (req_field_count > 0) {
1055 pb_size_t i;
1056
1057 if (req_field_count > PB_MAX_REQUIRED_FIELDS) {
1058 req_field_count = PB_MAX_REQUIRED_FIELDS;
1059 }
1060
1061 /* Check the whole words */
1062 for (i = 0; i < (req_field_count >> 5); i++) {
1063 if (fields_seen.bitfield[i] != allbits) {
1064 PB_RETURN_ERROR(stream, "missing required field");
1065 }
1066 }
1067
1068 /* Check the remaining bits (if any) */
1069 if ((req_field_count & 31) != 0) {
1070 if (fields_seen.bitfield[req_field_count >> 5] !=
1071 (allbits >> (uint_least8_t)(32 - (req_field_count & 31)))) {
1072 PB_RETURN_ERROR(stream, "missing required field");
1073 }
1074 }
1075 }
1076 }
1077
1078 return true;
1079}
1080
1081bool checkreturn pb_decode_ex(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct, unsigned int flags) {
1082 bool status;
1083
1084 if ((flags & PB_DECODE_DELIMITED) == 0) {
1085 status = pb_decode_inner(stream, fields, dest_struct, flags);
1086 } else {
1087 pb_istream_t substream;
1088 if (!pb_make_string_substream(stream, &substream)) {
1089 return false;
1090 }
1091
1092 status = pb_decode_inner(&substream, fields, dest_struct, flags);
1093
1094 if (!pb_close_string_substream(stream, &substream)) {
1095 return false;
1096 }
1097 }
1098
1099#ifdef PB_ENABLE_MALLOC
1100 if (!status) {
1101 pb_release(fields, dest_struct);
1102 }
1103#endif
1104
1105 return status;
1106}
1107
1108bool checkreturn pb_decode(pb_istream_t *stream, const pb_msgdesc_t *fields, void *dest_struct) {
1109 bool status;
1110
1111 status = pb_decode_inner(stream, fields, dest_struct, 0);
1112
1113#ifdef PB_ENABLE_MALLOC
1114 if (!status) {
1115 pb_release(fields, dest_struct);
1116 }
1117#endif
1118
1119 return status;
1120}
1121
1122#ifdef PB_ENABLE_MALLOC
1123/* Given an oneof field, if there has already been a field inside this oneof,
1124 * release it before overwriting with a different one. */
1125static bool pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *field) {
1126 pb_field_iter_t old_field = *field;
1127 pb_size_t old_tag = *(pb_size_t *)field->pSize; /* Previous which_ value */
1128 pb_size_t new_tag = field->tag; /* New which_ value */
1129
1130 if (old_tag == 0) {
1131 return true; /* Ok, no old data in union */
1132 }
1133 if (old_tag == new_tag) {
1134 return true; /* Ok, old data is of same type => merge */
1135 }
1136 /* Release old data. The find can fail if the message struct contains
1137 * invalid data. */
1138 if (!pb_field_iter_find(&old_field, old_tag)) {
1139 PB_RETURN_ERROR(stream, "invalid union tag");
1140 }
1141
1142 pb_release_single_field(&old_field);
1143
1144 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) {
1145 /* Initialize the pointer to NULL to make sure it is valid
1146 * even in case of error return. */
1147 *(void **)field->pField = NULL;
1148 field->pData = NULL;
1149 }
1150
1151 return true;
1152}
1153
1154static void pb_release_single_field(pb_field_iter_t *field) {
1155 pb_type_t type;
1156
1157 type = field->type;
1158
1159 if (PB_HTYPE(type) == PB_HTYPE_ONEOF) {
1160 if (*(pb_size_t *)field->pSize != field->tag) {
1161 return; /* This is not the current field in the union */
1162 }
1163 }
1164
1165 /* Release anything contained inside an extension or submsg.
1166 * This has to be done even if the submsg itself is statically
1167 * allocated. */
1168 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION) {
1169 /* Release fields from all extensions in the linked list */
1170 pb_extension_t *ext = *(pb_extension_t **)field->pData;
1171 while (ext != NULL) {
1172 pb_field_iter_t ext_iter;
1173 if (pb_field_iter_begin_extension(&ext_iter, ext)) {
1174 pb_release_single_field(&ext_iter);
1175 }
1176 ext = ext->next;
1177 }
1178 } else if (PB_LTYPE_IS_SUBMSG(type) && PB_ATYPE(type) != PB_ATYPE_CALLBACK) {
1179 /* Release fields in submessage or submsg array */
1180 pb_size_t count = 1;
1181
1182 if (PB_ATYPE(type) == PB_ATYPE_POINTER) {
1183 field->pData = *(void **)field->pField;
1184 } else {
1185 field->pData = field->pField;
1186 }
1187
1188 if (PB_HTYPE(type) == PB_HTYPE_REPEATED) {
1189 count = *(pb_size_t *)field->pSize;
1190
1191 if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > field->array_size) {
1192 /* Protect against corrupted _count fields */
1193 count = field->array_size;
1194 }
1195 }
1196
1197 if (field->pData) {
1198 for (; count > 0; count--) {
1199 pb_release(field->submsg_desc, field->pData);
1200 field->pData = (char *)field->pData + field->data_size;
1201 }
1202 }
1203 }
1204
1205 if (PB_ATYPE(type) == PB_ATYPE_POINTER) {
1206 if (PB_HTYPE(type) == PB_HTYPE_REPEATED &&
1207 (PB_LTYPE(type) == PB_LTYPE_STRING ||
1208 PB_LTYPE(type) == PB_LTYPE_BYTES)) {
1209 /* Release entries in repeated string or bytes array */
1210 void **pItem = *(void ***)field->pField;
1211 pb_size_t count = *(pb_size_t *)field->pSize;
1212 for (; count > 0; count--) {
1213 pb_free(*pItem);
1214 *pItem++ = NULL;
1215 }
1216 }
1217
1218 if (PB_HTYPE(type) == PB_HTYPE_REPEATED) {
1219 /* We are going to release the array, so set the size to 0 */
1220 *(pb_size_t *)field->pSize = 0;
1221 }
1222
1223 /* Release main pointer */
1224 pb_free(*(void **)field->pField);
1225 *(void **)field->pField = NULL;
1226 }
1227}
1228
1229void pb_release(const pb_msgdesc_t *fields, void *dest_struct) {
1230 pb_field_iter_t iter;
1231
1232 if (!dest_struct) {
1233 return; /* Ignore NULL pointers, similar to free() */
1234 }
1235 if (!pb_field_iter_begin(&iter, fields, dest_struct)) {
1236 return; /* Empty message type */
1237 }
1238 do{
1239 pb_release_single_field(&iter);
1240 } while (pb_field_iter_next(&iter));
1241}
1242#endif
1243
1244/* Field decoders */
1245
1246bool pb_decode_bool(pb_istream_t *stream, bool *dest) {
1247 uint32_t value;
1248
1249 if (!pb_decode_varint32(stream, &value)) {
1250 return false;
1251 }
1252
1253 *(bool *)dest = (value != 0);
1254 return true;
1255}
1256
1257bool pb_decode_svarint(pb_istream_t *stream, pb_int64_t *dest) {
1258 pb_uint64_t value;
1259
1260 if (!pb_decode_varint(stream, &value)) {
1261 return false;
1262 }
1263
1264 if (value & 1) {
1265 *dest = (pb_int64_t)(~(value >> 1));
1266 } else {
1267 *dest = (pb_int64_t)(value >> 1);
1268 }
1269
1270 return true;
1271}
1272
1273bool pb_decode_fixed32(pb_istream_t *stream, void *dest) {
1274 union {
1275 uint32_t fixed32;
1276 pb_byte_t bytes[4];
1277 } u;
1278
1279 if (!pb_read(stream, u.bytes, 4)) {
1280 return false;
1281 }
1282
1283#if defined(PB_LITTLE_ENDIAN_8BIT) && PB_LITTLE_ENDIAN_8BIT == 1
1284 /* fast path - if we know that we're on little endian, assign directly */
1285 *(uint32_t *)dest = u.fixed32;
1286#else
1287 *(uint32_t *)dest = ((uint32_t)u.bytes[0] << 0) |
1288 ((uint32_t)u.bytes[1] << 8) |
1289 ((uint32_t)u.bytes[2] << 16) |
1290 ((uint32_t)u.bytes[3] << 24);
1291#endif
1292 return true;
1293}
1294
1295#ifndef PB_WITHOUT_64BIT
1296bool pb_decode_fixed64(pb_istream_t *stream, void *dest) {
1297 union {
1298 uint64_t fixed64;
1299 pb_byte_t bytes[8];
1300 } u;
1301
1302 if (!pb_read(stream, u.bytes, 8)) {
1303 return false;
1304 }
1305
1306#if defined(PB_LITTLE_ENDIAN_8BIT) && PB_LITTLE_ENDIAN_8BIT == 1
1307 /* fast path - if we know that we're on little endian, assign directly */
1308 *(uint64_t *)dest = u.fixed64;
1309#else
1310 *(uint64_t *)dest = ((uint64_t)u.bytes[0] << 0) |
1311 ((uint64_t)u.bytes[1] << 8) |
1312 ((uint64_t)u.bytes[2] << 16) |
1313 ((uint64_t)u.bytes[3] << 24) |
1314 ((uint64_t)u.bytes[4] << 32) |
1315 ((uint64_t)u.bytes[5] << 40) |
1316 ((uint64_t)u.bytes[6] << 48) |
1317 ((uint64_t)u.bytes[7] << 56);
1318#endif
1319 return true;
1320}
1321#endif
1322
1323static bool checkreturn pb_dec_bool(pb_istream_t *stream, const pb_field_iter_t *field) {
1324 return pb_decode_bool(stream, (bool *)field->pData);
1325}
1326
1327static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_iter_t *field) {
1328 if (PB_LTYPE(field->type) == PB_LTYPE_UVARINT) {
1329 pb_uint64_t value, clamped;
1330 if (!pb_decode_varint(stream, &value)) {
1331 return false;
1332 }
1333
1334 /* Cast to the proper field size, while checking for overflows */
1335 if (field->data_size == sizeof(pb_uint64_t)) {
1336 clamped = *(pb_uint64_t *)field->pData = value;
1337 } else if (field->data_size == sizeof(uint32_t)) {
1338 clamped = *(uint32_t *)field->pData = (uint32_t)value;
1339 } else if (field->data_size == sizeof(uint_least16_t)) {
1340 clamped = *(uint_least16_t *)field->pData = (uint_least16_t)value;
1341 } else if (field->data_size == sizeof(uint_least8_t)) {
1342 clamped = *(uint_least8_t *)field->pData = (uint_least8_t)value;
1343 } else {
1344 PB_RETURN_ERROR(stream, "invalid data_size");
1345 }
1346
1347 if (clamped != value) {
1348 PB_RETURN_ERROR(stream, "integer too large");
1349 }
1350
1351 return true;
1352 } else {
1353 pb_uint64_t value;
1354 pb_int64_t svalue;
1355 pb_int64_t clamped;
1356
1357 if (PB_LTYPE(field->type) == PB_LTYPE_SVARINT) {
1358 if (!pb_decode_svarint(stream, &svalue)) {
1359 return false;
1360 }
1361 } else {
1362 if (!pb_decode_varint(stream, &value)) {
1363 return false;
1364 }
1365
1366 /* See issue 97: Google's C++ protobuf allows negative varint values to
1367 * be cast as int32_t, instead of the int64_t that should be used when
1368 * encoding. Nanopb versions before 0.2.5 had a bug in encoding. In order to
1369 * not break decoding of such messages, we cast <=32 bit fields to
1370 * int32_t first to get the sign correct.
1371 */
1372 if (field->data_size == sizeof(pb_int64_t)) {
1373 svalue = (pb_int64_t)value;
1374 } else {
1375 svalue = (int32_t)value;
1376 }
1377 }
1378
1379 /* Cast to the proper field size, while checking for overflows */
1380 if (field->data_size == sizeof(pb_int64_t)) {
1381 clamped = *(pb_int64_t *)field->pData = svalue;
1382 } else if (field->data_size == sizeof(int32_t)) {
1383 clamped = *(int32_t *)field->pData = (int32_t)svalue;
1384 } else if (field->data_size == sizeof(int_least16_t)) {
1385 clamped = *(int_least16_t *)field->pData = (int_least16_t)svalue;
1386 } else if (field->data_size == sizeof(int_least8_t)) {
1387 clamped = *(int_least8_t *)field->pData = (int_least8_t)svalue;
1388 } else {
1389 PB_RETURN_ERROR(stream, "invalid data_size");
1390 }
1391
1392 if (clamped != svalue) {
1393 PB_RETURN_ERROR(stream, "integer too large");
1394 }
1395
1396 return true;
1397 }
1398}
1399
1400static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_iter_t *field) {
1401 uint32_t size;
1402 size_t alloc_size;
1403 pb_bytes_array_t *dest;
1404
1405 if (!pb_decode_varint32(stream, &size)) {
1406 return false;
1407 }
1408
1409 if (size > PB_SIZE_MAX) {
1410 PB_RETURN_ERROR(stream, "bytes overflow");
1411 }
1412
1413 alloc_size = PB_BYTES_ARRAY_T_ALLOCSIZE(size);
1414 if (size > alloc_size) {
1415 PB_RETURN_ERROR(stream, "size too large");
1416 }
1417
1418 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) {
1419#ifndef PB_ENABLE_MALLOC
1420 PB_RETURN_ERROR(stream, "no malloc support");
1421#else
1422 if (stream->bytes_left < size) {
1423 PB_RETURN_ERROR(stream, "end-of-stream");
1424 }
1425
1426 if (!allocate_field(stream, field->pData, alloc_size, 1)) {
1427 return false;
1428 }
1429 dest = *(pb_bytes_array_t **)field->pData;
1430#endif
1431 } else {
1432 if (alloc_size > field->data_size) {
1433 PB_RETURN_ERROR(stream, "bytes overflow");
1434 }
1435 dest = (pb_bytes_array_t *)field->pData;
1436 }
1437
1438 dest->size = (pb_size_t)size;
1439 return pb_read(stream, dest->bytes, (size_t)size);
1440}
1441
1442static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_iter_t *field) {
1443 uint32_t size;
1444 size_t alloc_size;
1445 pb_byte_t *dest = (pb_byte_t *)field->pData;
1446
1447 if (!pb_decode_varint32(stream, &size)) {
1448 return false;
1449 }
1450
1451 if (size == (uint32_t)-1) {
1452 PB_RETURN_ERROR(stream, "size too large");
1453 }
1454
1455 /* Space for null terminator */
1456 alloc_size = (size_t)(size + 1);
1457
1458 if (alloc_size < size) {
1459 PB_RETURN_ERROR(stream, "size too large");
1460 }
1461
1462 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) {
1463#ifndef PB_ENABLE_MALLOC
1464 PB_RETURN_ERROR(stream, "no malloc support");
1465#else
1466 if (stream->bytes_left < size) {
1467 PB_RETURN_ERROR(stream, "end-of-stream");
1468 }
1469
1470 if (!allocate_field(stream, field->pData, alloc_size, 1)) {
1471 return false;
1472 }
1473 dest = *(pb_byte_t **)field->pData;
1474#endif
1475 } else {
1476 if (alloc_size > field->data_size) {
1477 PB_RETURN_ERROR(stream, "string overflow");
1478 }
1479 }
1480
1481 dest[size] = 0;
1482
1483 if (!pb_read(stream, dest, (size_t)size)) {
1484 return false;
1485 }
1486
1487#ifdef PB_VALIDATE_UTF8
1488 if (!pb_validate_utf8((const char *)dest)) {
1489 PB_RETURN_ERROR(stream, "invalid utf8");
1490 }
1491#endif
1492
1493 return true;
1494}
1495
1496static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_iter_t *field) {
1497 bool status = true;
1498 bool submsg_consumed = false;
1499 pb_istream_t substream;
1500
1501 if (!pb_make_string_substream(stream, &substream)) {
1502 return false;
1503 }
1504
1505 if (field->submsg_desc == NULL) {
1506 PB_RETURN_ERROR(stream, "invalid field descriptor");
1507 }
1508
1509 /* Submessages can have a separate message-level callback that is called
1510 * before decoding the message. Typically it is used to set callback fields
1511 * inside oneofs. */
1512 if (PB_LTYPE(field->type) == PB_LTYPE_SUBMSG_W_CB && field->pSize != NULL) {
1513 /* Message callback is stored right before pSize. */
1514 pb_callback_t *callback = (pb_callback_t *)field->pSize - 1;
1515 if (callback->funcs.decode) {
1516 status = callback->funcs.decode(&substream, field, &callback->arg);
1517
1518 if (substream.bytes_left == 0) {
1519 submsg_consumed = true;
1520 }
1521 }
1522 }
1523
1524 /* Now decode the submessage contents */
1525 if (status && !submsg_consumed) {
1526 unsigned int flags = 0;
1527
1528 /* Static required/optional fields are already initialized by top-level
1529 * pb_decode(), no need to initialize them again. */
1530 if (PB_ATYPE(field->type) == PB_ATYPE_STATIC &&
1531 PB_HTYPE(field->type) != PB_HTYPE_REPEATED) {
1532 flags = PB_DECODE_NOINIT;
1533 }
1534
1535 status = pb_decode_inner(&substream, field->submsg_desc, field->pData, flags);
1536 }
1537
1538 if (!pb_close_string_substream(stream, &substream)) {
1539 return false;
1540 }
1541
1542 return status;
1543}
1544
1545static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_iter_t *field) {
1546 uint32_t size;
1547
1548 if (!pb_decode_varint32(stream, &size)) {
1549 return false;
1550 }
1551
1552 if (size > PB_SIZE_MAX) {
1553 PB_RETURN_ERROR(stream, "bytes overflow");
1554 }
1555
1556 if (size == 0) {
1557 /* As a special case, treat empty bytes string as all zeros for fixed_length_bytes. */
1558 memset(field->pData, 0, (size_t)field->data_size);
1559 return true;
1560 }
1561
1562 if (size != field->data_size) {
1563 PB_RETURN_ERROR(stream, "incorrect fixed length bytes size");
1564 }
1565
1566 return pb_read(stream, (pb_byte_t *)field->pData, (size_t)field->data_size);
1567}
1568
1569#ifdef PB_CONVERT_DOUBLE_FLOAT
1570bool pb_decode_double_as_float(pb_istream_t *stream, float *dest) {
1571 uint_least8_t sign;
1572 int exponent;
1573 uint32_t mantissa;
1574 uint64_t value;
1575
1576 union { float f; uint32_t i; } out;
1577
1578 if (!pb_decode_fixed64(stream, &value)) {
1579 return false;
1580 }
1581
1582 /* Decompose input value */
1583 sign = (uint_least8_t)((value >> 63) & 1);
1584 exponent = (int)((value >> 52) & 0x7FF) - 1023;
1585 mantissa = (value >> 28) & 0xFFFFFF; /* Highest 24 bits */
1586
1587 /* Figure if value is in range representable by floats. */
1588 if (exponent == 1024) {
1589 /* Special value */
1590 exponent = 128;
1591 mantissa >>= 1;
1592 } else {
1593 if (exponent > 127) {
1594 /* Too large, convert to infinity */
1595 exponent = 128;
1596 mantissa = 0;
1597 } else if (exponent < -150) {
1598 /* Too small, convert to zero */
1599 exponent = -127;
1600 mantissa = 0;
1601 } else if (exponent < -126) {
1602 /* Denormalized */
1603 mantissa |= 0x1000000;
1604 mantissa >>= (-126 - exponent);
1605 exponent = -127;
1606 }
1607
1608 /* Round off mantissa */
1609 mantissa = (mantissa + 1) >> 1;
1610
1611 /* Check if mantissa went over 2.0 */
1612 if (mantissa & 0x800000) {
1613 exponent += 1;
1614 mantissa &= 0x7FFFFF;
1615 mantissa >>= 1;
1616 }
1617 }
1618
1619 /* Combine fields */
1620 out.i = mantissa;
1621 out.i |= (uint32_t)(exponent + 127) << 23;
1622 out.i |= (uint32_t)sign << 31;
1623
1624 *dest = out.f;
1625 return true;
1626}
1627#endif
Definition: streams.h:14