1 /* pb_decode.c -- decode a protobuf using minimal resources 2 * 3 * 2011 Petteri Aimonen <jpa (at) kapsi.fi> 4 */ 5 6 /* Use the GCC warn_unused_result attribute to check that all return values 7 * are propagated correctly. On other compilers and gcc before 3.4.0 just 8 * ignore the annotation. 9 */ 10 #if !defined(__GNUC__) || ( __GNUC__ < 3) || (__GNUC__ == 3 && __GNUC_MINOR__ < 4) 11 #define checkreturn 12 #else 13 #define checkreturn __attribute__((warn_unused_result)) 14 #endif 15 16 #include "pb.h" 17 #include "pb_decode.h" 18 #include "pb_common.h" 19 20 /************************************** 21 * Declarations internal to this file * 22 **************************************/ 23 24 typedef bool (*pb_decoder_t)(pb_istream_t *stream, const pb_field_t *field, void *dest) checkreturn; 25 26 static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count); 27 static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size); 28 static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter); 29 static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter); 30 static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter); 31 static void iter_from_extension(pb_field_iter_t *iter, pb_extension_t *extension); 32 static bool checkreturn default_extension_decoder(pb_istream_t *stream, pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type); 33 static bool checkreturn decode_extension(pb_istream_t *stream, uint32_t tag, pb_wire_type_t wire_type, pb_field_iter_t *iter); 34 static bool checkreturn find_extension_field(pb_field_iter_t *iter); 35 static void pb_field_set_to_default(pb_field_iter_t *iter); 36 static void pb_message_set_to_defaults(const pb_field_t fields[], void *dest_struct); 37 static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_t *field, void *dest); 38 static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof); 39 static bool checkreturn pb_dec_uvarint(pb_istream_t *stream, const pb_field_t *field, void *dest); 40 static bool checkreturn pb_dec_svarint(pb_istream_t *stream, const pb_field_t *field, void *dest); 41 static bool checkreturn pb_dec_fixed32(pb_istream_t *stream, const pb_field_t *field, void *dest); 42 static bool checkreturn pb_dec_fixed64(pb_istream_t *stream, const pb_field_t *field, void *dest); 43 static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest); 44 static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_t *field, void *dest); 45 static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_t *field, void *dest); 46 static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest); 47 static bool checkreturn pb_skip_varint(pb_istream_t *stream); 48 static bool checkreturn pb_skip_string(pb_istream_t *stream); 49 50 #ifdef PB_ENABLE_MALLOC 51 static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size); 52 static bool checkreturn pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *iter); 53 static void pb_release_single_field(const pb_field_iter_t *iter); 54 #endif 55 56 #ifdef PB_WITHOUT_64BIT 57 #define pb_int64_t int32_t 58 #define pb_uint64_t uint32_t 59 #else 60 #define pb_int64_t int64_t 61 #define pb_uint64_t uint64_t 62 #endif 63 64 /* --- Function pointers to field decoders --- 65 * Order in the array must match pb_action_t LTYPE numbering. 66 */ 67 static const pb_decoder_t PB_DECODERS[PB_LTYPES_COUNT] = { 68 &pb_dec_varint, 69 &pb_dec_uvarint, 70 &pb_dec_svarint, 71 &pb_dec_fixed32, 72 &pb_dec_fixed64, 73 74 &pb_dec_bytes, 75 &pb_dec_string, 76 &pb_dec_submessage, 77 NULL, /* extensions */ 78 &pb_dec_fixed_length_bytes 79 }; 80 81 /******************************* 82 * pb_istream_t implementation * 83 *******************************/ 84 85 static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count) 86 { 87 size_t i; 88 const pb_byte_t *source = (const pb_byte_t*)stream->state; 89 stream->state = (pb_byte_t*)stream->state + count; 90 91 if (buf != NULL) 92 { 93 for (i = 0; i < count; i++) 94 buf[i] = source[i]; 95 } 96 97 return true; 98 } 99 100 bool checkreturn pb_read(pb_istream_t *stream, pb_byte_t *buf, size_t count) 101 { 102 #ifndef PB_BUFFER_ONLY 103 if (buf == NULL && stream->callback != buf_read) 104 { 105 /* Skip input bytes */ 106 pb_byte_t tmp[16]; 107 while (count > 16) 108 { 109 if (!pb_read(stream, tmp, 16)) 110 return false; 111 112 count -= 16; 113 } 114 115 return pb_read(stream, tmp, count); 116 } 117 #endif 118 119 if (stream->bytes_left < count) 120 PB_RETURN_ERROR(stream, "end-of-stream"); 121 122 #ifndef PB_BUFFER_ONLY 123 if (!stream->callback(stream, buf, count)) 124 PB_RETURN_ERROR(stream, "io error"); 125 #else 126 if (!buf_read(stream, buf, count)) 127 return false; 128 #endif 129 130 stream->bytes_left -= count; 131 return true; 132 } 133 134 /* Read a single byte from input stream. buf may not be NULL. 135 * This is an optimization for the varint decoding. */ 136 static bool checkreturn pb_readbyte(pb_istream_t *stream, pb_byte_t *buf) 137 { 138 if (stream->bytes_left == 0) 139 PB_RETURN_ERROR(stream, "end-of-stream"); 140 141 #ifndef PB_BUFFER_ONLY 142 if (!stream->callback(stream, buf, 1)) 143 PB_RETURN_ERROR(stream, "io error"); 144 #else 145 *buf = *(const pb_byte_t*)stream->state; 146 stream->state = (pb_byte_t*)stream->state + 1; 147 #endif 148 149 stream->bytes_left--; 150 151 return true; 152 } 153 154 pb_istream_t pb_istream_from_buffer(const pb_byte_t *buf, size_t bufsize) 155 { 156 pb_istream_t stream; 157 /* Cast away the const from buf without a compiler error. We are 158 * careful to use it only in a const manner in the callbacks. 159 */ 160 union { 161 void *state; 162 const void *c_state; 163 } state; 164 #ifdef PB_BUFFER_ONLY 165 stream.callback = NULL; 166 #else 167 stream.callback = &buf_read; 168 #endif 169 state.c_state = buf; 170 stream.state = state.state; 171 stream.bytes_left = bufsize; 172 #ifndef PB_NO_ERRMSG 173 stream.errmsg = NULL; 174 #endif 175 return stream; 176 } 177 178 /******************** 179 * Helper functions * 180 ********************/ 181 182 static bool checkreturn pb_decode_varint32_eof(pb_istream_t *stream, uint32_t *dest, bool *eof) 183 { 184 pb_byte_t byte; 185 uint32_t result; 186 187 if (!pb_readbyte(stream, &byte)) 188 { 189 if (stream->bytes_left == 0) 190 { 191 if (eof) 192 { 193 *eof = true; 194 } 195 } 196 197 return false; 198 } 199 200 if ((byte & 0x80) == 0) 201 { 202 /* Quick case, 1 byte value */ 203 result = byte; 204 } 205 else 206 { 207 /* Multibyte case */ 208 uint_fast8_t bitpos = 7; 209 result = byte & 0x7F; 210 211 do 212 { 213 if (!pb_readbyte(stream, &byte)) 214 return false; 215 216 if (bitpos >= 32) 217 { 218 /* Note: The varint could have trailing 0x80 bytes, or 0xFF for negative. */ 219 uint8_t sign_extension = (bitpos < 63) ? 0xFF : 0x01; 220 221 if ((byte & 0x7F) != 0x00 && ((result >> 31) == 0 || byte != sign_extension)) 222 { 223 PB_RETURN_ERROR(stream, "varint overflow"); 224 } 225 } 226 else 227 { 228 result |= (uint32_t)(byte & 0x7F) << bitpos; 229 } 230 bitpos = (uint_fast8_t)(bitpos + 7); 231 } while (byte & 0x80); 232 233 if (bitpos == 35 && (byte & 0x70) != 0) 234 { 235 /* The last byte was at bitpos=28, so only bottom 4 bits fit. */ 236 PB_RETURN_ERROR(stream, "varint overflow"); 237 } 238 } 239 240 *dest = result; 241 return true; 242 } 243 244 bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest) 245 { 246 return pb_decode_varint32_eof(stream, dest, NULL); 247 } 248 249 #ifndef PB_WITHOUT_64BIT 250 bool checkreturn pb_decode_varint(pb_istream_t *stream, uint64_t *dest) 251 { 252 pb_byte_t byte; 253 uint_fast8_t bitpos = 0; 254 uint64_t result = 0; 255 256 do 257 { 258 if (bitpos >= 64) 259 PB_RETURN_ERROR(stream, "varint overflow"); 260 261 if (!pb_readbyte(stream, &byte)) 262 return false; 263 264 result |= (uint64_t)(byte & 0x7F) << bitpos; 265 bitpos = (uint_fast8_t)(bitpos + 7); 266 } while (byte & 0x80); 267 268 *dest = result; 269 return true; 270 } 271 #endif 272 273 bool checkreturn pb_skip_varint(pb_istream_t *stream) 274 { 275 pb_byte_t byte; 276 do 277 { 278 if (!pb_read(stream, &byte, 1)) 279 return false; 280 } while (byte & 0x80); 281 return true; 282 } 283 284 bool checkreturn pb_skip_string(pb_istream_t *stream) 285 { 286 uint32_t length; 287 if (!pb_decode_varint32(stream, &length)) 288 return false; 289 290 return pb_read(stream, NULL, length); 291 } 292 293 bool checkreturn pb_decode_tag(pb_istream_t *stream, pb_wire_type_t *wire_type, uint32_t *tag, bool *eof) 294 { 295 uint32_t temp; 296 *eof = false; 297 *wire_type = (pb_wire_type_t) 0; 298 *tag = 0; 299 300 if (!pb_decode_varint32_eof(stream, &temp, eof)) 301 { 302 return false; 303 } 304 305 if (temp == 0) 306 { 307 *eof = true; /* Special feature: allow 0-terminated messages. */ 308 return false; 309 } 310 311 *tag = temp >> 3; 312 *wire_type = (pb_wire_type_t)(temp & 7); 313 return true; 314 } 315 316 bool checkreturn pb_skip_field(pb_istream_t *stream, pb_wire_type_t wire_type) 317 { 318 switch (wire_type) 319 { 320 case PB_WT_VARINT: return pb_skip_varint(stream); 321 case PB_WT_64BIT: return pb_read(stream, NULL, 8); 322 case PB_WT_STRING: return pb_skip_string(stream); 323 case PB_WT_32BIT: return pb_read(stream, NULL, 4); 324 default: PB_RETURN_ERROR(stream, "invalid wire_type"); 325 } 326 } 327 328 /* Read a raw value to buffer, for the purpose of passing it to callback as 329 * a substream. Size is maximum size on call, and actual size on return. 330 */ 331 static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size) 332 { 333 size_t max_size = *size; 334 switch (wire_type) 335 { 336 case PB_WT_VARINT: 337 *size = 0; 338 do 339 { 340 (*size)++; 341 if (*size > max_size) return false; 342 if (!pb_read(stream, buf, 1)) return false; 343 } while (*buf++ & 0x80); 344 return true; 345 346 case PB_WT_64BIT: 347 *size = 8; 348 return pb_read(stream, buf, 8); 349 350 case PB_WT_32BIT: 351 *size = 4; 352 return pb_read(stream, buf, 4); 353 354 case PB_WT_STRING: 355 /* Calling read_raw_value with a PB_WT_STRING is an error. 356 * Explicitly handle this case and fallthrough to default to avoid 357 * compiler warnings. 358 */ 359 360 default: PB_RETURN_ERROR(stream, "invalid wire_type"); 361 } 362 } 363 364 /* Decode string length from stream and return a substream with limited length. 365 * Remember to close the substream using pb_close_string_substream(). 366 */ 367 bool checkreturn pb_make_string_substream(pb_istream_t *stream, pb_istream_t *substream) 368 { 369 uint32_t size; 370 if (!pb_decode_varint32(stream, &size)) 371 return false; 372 373 *substream = *stream; 374 if (substream->bytes_left < size) 375 PB_RETURN_ERROR(stream, "parent stream too short"); 376 377 substream->bytes_left = size; 378 stream->bytes_left -= size; 379 return true; 380 } 381 382 bool checkreturn pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream) 383 { 384 if (substream->bytes_left) { 385 if (!pb_read(substream, NULL, substream->bytes_left)) 386 return false; 387 } 388 389 stream->state = substream->state; 390 391 #ifndef PB_NO_ERRMSG 392 stream->errmsg = substream->errmsg; 393 #endif 394 return true; 395 } 396 397 /************************* 398 * Decode a single field * 399 *************************/ 400 401 static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter) 402 { 403 pb_type_t type; 404 pb_decoder_t func; 405 406 type = iter->pos->type; 407 func = PB_DECODERS[PB_LTYPE(type)]; 408 409 switch (PB_HTYPE(type)) 410 { 411 case PB_HTYPE_REQUIRED: 412 return func(stream, iter->pos, iter->pData); 413 414 case PB_HTYPE_OPTIONAL: 415 if (iter->pSize != iter->pData) 416 *(bool*)iter->pSize = true; 417 return func(stream, iter->pos, iter->pData); 418 419 case PB_HTYPE_REPEATED: 420 if (wire_type == PB_WT_STRING 421 && PB_LTYPE(type) <= PB_LTYPE_LAST_PACKABLE) 422 { 423 /* Packed array */ 424 bool status = true; 425 pb_size_t *size = (pb_size_t*)iter->pSize; 426 427 pb_istream_t substream; 428 if (!pb_make_string_substream(stream, &substream)) 429 return false; 430 431 while (substream.bytes_left > 0 && *size < iter->pos->array_size) 432 { 433 void *pItem = (char*)iter->pData + iter->pos->data_size * (*size); 434 if (!func(&substream, iter->pos, pItem)) 435 { 436 status = false; 437 break; 438 } 439 (*size)++; 440 } 441 442 if (substream.bytes_left != 0) 443 PB_RETURN_ERROR(stream, "array overflow"); 444 if (!pb_close_string_substream(stream, &substream)) 445 return false; 446 447 return status; 448 } 449 else 450 { 451 /* Repeated field */ 452 pb_size_t *size = (pb_size_t*)iter->pSize; 453 char *pItem = (char*)iter->pData + iter->pos->data_size * (*size); 454 455 if ((*size)++ >= iter->pos->array_size) 456 PB_RETURN_ERROR(stream, "array overflow"); 457 458 return func(stream, iter->pos, pItem); 459 } 460 461 case PB_HTYPE_ONEOF: 462 *(pb_size_t*)iter->pSize = iter->pos->tag; 463 if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE) 464 { 465 /* We memset to zero so that any callbacks are set to NULL. 466 * Then set any default values. */ 467 memset(iter->pData, 0, iter->pos->data_size); 468 pb_message_set_to_defaults((const pb_field_t*)iter->pos->ptr, iter->pData); 469 } 470 return func(stream, iter->pos, iter->pData); 471 472 default: 473 PB_RETURN_ERROR(stream, "invalid field type"); 474 } 475 } 476 477 #ifdef PB_ENABLE_MALLOC 478 /* Allocate storage for the field and store the pointer at iter->pData. 479 * array_size is the number of entries to reserve in an array. 480 * Zero size is not allowed, use pb_free() for releasing. 481 */ 482 static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size) 483 { 484 void *ptr = *(void**)pData; 485 486 if (data_size == 0 || array_size == 0) 487 PB_RETURN_ERROR(stream, "invalid size"); 488 489 /* Check for multiplication overflows. 490 * This code avoids the costly division if the sizes are small enough. 491 * Multiplication is safe as long as only half of bits are set 492 * in either multiplicand. 493 */ 494 { 495 const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4); 496 if (data_size >= check_limit || array_size >= check_limit) 497 { 498 const size_t size_max = (size_t)-1; 499 if (size_max / array_size < data_size) 500 { 501 PB_RETURN_ERROR(stream, "size too large"); 502 } 503 } 504 } 505 506 /* Allocate new or expand previous allocation */ 507 /* Note: on failure the old pointer will remain in the structure, 508 * the message must be freed by caller also on error return. */ 509 ptr = pb_realloc(ptr, array_size * data_size); 510 if (ptr == NULL) 511 PB_RETURN_ERROR(stream, "realloc failed"); 512 513 *(void**)pData = ptr; 514 return true; 515 } 516 517 /* Clear a newly allocated item in case it contains a pointer, or is a submessage. */ 518 static void initialize_pointer_field(void *pItem, pb_field_iter_t *iter) 519 { 520 if (PB_LTYPE(iter->pos->type) == PB_LTYPE_STRING || 521 PB_LTYPE(iter->pos->type) == PB_LTYPE_BYTES) 522 { 523 *(void**)pItem = NULL; 524 } 525 else if (PB_LTYPE(iter->pos->type) == PB_LTYPE_SUBMESSAGE) 526 { 527 /* We memset to zero so that any callbacks are set to NULL. 528 * Then set any default values. */ 529 memset(pItem, 0, iter->pos->data_size); 530 pb_message_set_to_defaults((const pb_field_t *) iter->pos->ptr, pItem); 531 } 532 } 533 #endif 534 535 static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter) 536 { 537 #ifndef PB_ENABLE_MALLOC 538 PB_UNUSED(wire_type); 539 PB_UNUSED(iter); 540 PB_RETURN_ERROR(stream, "no malloc support"); 541 #else 542 pb_type_t type; 543 pb_decoder_t func; 544 545 type = iter->pos->type; 546 func = PB_DECODERS[PB_LTYPE(type)]; 547 548 switch (PB_HTYPE(type)) 549 { 550 case PB_HTYPE_REQUIRED: 551 case PB_HTYPE_OPTIONAL: 552 case PB_HTYPE_ONEOF: 553 if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE && 554 *(void**)iter->pData != NULL) 555 { 556 /* Duplicate field, have to release the old allocation first. */ 557 pb_release_single_field(iter); 558 } 559 560 if (PB_HTYPE(type) == PB_HTYPE_ONEOF) 561 { 562 *(pb_size_t*)iter->pSize = iter->pos->tag; 563 } 564 565 if (PB_LTYPE(type) == PB_LTYPE_STRING || 566 PB_LTYPE(type) == PB_LTYPE_BYTES) 567 { 568 return func(stream, iter->pos, iter->pData); 569 } 570 else 571 { 572 if (!allocate_field(stream, iter->pData, iter->pos->data_size, 1)) 573 return false; 574 575 initialize_pointer_field(*(void**)iter->pData, iter); 576 return func(stream, iter->pos, *(void**)iter->pData); 577 } 578 579 case PB_HTYPE_REPEATED: 580 if (wire_type == PB_WT_STRING 581 && PB_LTYPE(type) <= PB_LTYPE_LAST_PACKABLE) 582 { 583 /* Packed array, multiple items come in at once. */ 584 bool status = true; 585 pb_size_t *size = (pb_size_t*)iter->pSize; 586 size_t allocated_size = *size; 587 void *pItem; 588 pb_istream_t substream; 589 590 if (!pb_make_string_substream(stream, &substream)) 591 return false; 592 593 while (substream.bytes_left) 594 { 595 if ((size_t)*size + 1 > allocated_size) 596 { 597 /* Allocate more storage. This tries to guess the 598 * number of remaining entries. Round the division 599 * upwards. */ 600 allocated_size += (substream.bytes_left - 1) / iter->pos->data_size + 1; 601 602 if (!allocate_field(&substream, iter->pData, iter->pos->data_size, allocated_size)) 603 { 604 status = false; 605 break; 606 } 607 } 608 609 /* Decode the array entry */ 610 pItem = *(char**)iter->pData + iter->pos->data_size * (*size); 611 initialize_pointer_field(pItem, iter); 612 if (!func(&substream, iter->pos, pItem)) 613 { 614 status = false; 615 break; 616 } 617 618 if (*size == PB_SIZE_MAX) 619 { 620 #ifndef PB_NO_ERRMSG 621 stream->errmsg = "too many array entries"; 622 #endif 623 status = false; 624 break; 625 } 626 627 (*size)++; 628 } 629 if (!pb_close_string_substream(stream, &substream)) 630 return false; 631 632 return status; 633 } 634 else 635 { 636 /* Normal repeated field, i.e. only one item at a time. */ 637 pb_size_t *size = (pb_size_t*)iter->pSize; 638 void *pItem; 639 640 if (*size == PB_SIZE_MAX) 641 PB_RETURN_ERROR(stream, "too many array entries"); 642 643 (*size)++; 644 if (!allocate_field(stream, iter->pData, iter->pos->data_size, *size)) 645 return false; 646 647 pItem = *(char**)iter->pData + iter->pos->data_size * (*size - 1); 648 initialize_pointer_field(pItem, iter); 649 return func(stream, iter->pos, pItem); 650 } 651 652 default: 653 PB_RETURN_ERROR(stream, "invalid field type"); 654 } 655 #endif 656 } 657 658 static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter) 659 { 660 pb_callback_t *pCallback = (pb_callback_t*)iter->pData; 661 662 #ifdef PB_OLD_CALLBACK_STYLE 663 void *arg = pCallback->arg; 664 #else 665 void **arg = &(pCallback->arg); 666 #endif 667 668 if (pCallback == NULL || pCallback->funcs.decode == NULL) 669 return pb_skip_field(stream, wire_type); 670 671 if (wire_type == PB_WT_STRING) 672 { 673 pb_istream_t substream; 674 675 if (!pb_make_string_substream(stream, &substream)) 676 return false; 677 678 do 679 { 680 if (!pCallback->funcs.decode(&substream, iter->pos, arg)) 681 PB_RETURN_ERROR(stream, "callback failed"); 682 } while (substream.bytes_left); 683 684 if (!pb_close_string_substream(stream, &substream)) 685 return false; 686 687 return true; 688 } 689 else 690 { 691 /* Copy the single scalar value to stack. 692 * This is required so that we can limit the stream length, 693 * which in turn allows to use same callback for packed and 694 * not-packed fields. */ 695 pb_istream_t substream; 696 pb_byte_t buffer[10]; 697 size_t size = sizeof(buffer); 698 699 if (!read_raw_value(stream, wire_type, buffer, &size)) 700 return false; 701 substream = pb_istream_from_buffer(buffer, size); 702 703 return pCallback->funcs.decode(&substream, iter->pos, arg); 704 } 705 } 706 707 static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter) 708 { 709 #ifdef PB_ENABLE_MALLOC 710 /* When decoding an oneof field, check if there is old data that must be 711 * released first. */ 712 if (PB_HTYPE(iter->pos->type) == PB_HTYPE_ONEOF) 713 { 714 if (!pb_release_union_field(stream, iter)) 715 return false; 716 } 717 #endif 718 719 switch (PB_ATYPE(iter->pos->type)) 720 { 721 case PB_ATYPE_STATIC: 722 return decode_static_field(stream, wire_type, iter); 723 724 case PB_ATYPE_POINTER: 725 return decode_pointer_field(stream, wire_type, iter); 726 727 case PB_ATYPE_CALLBACK: 728 return decode_callback_field(stream, wire_type, iter); 729 730 default: 731 PB_RETURN_ERROR(stream, "invalid field type"); 732 } 733 } 734 735 static void iter_from_extension(pb_field_iter_t *iter, pb_extension_t *extension) 736 { 737 /* Fake a field iterator for the extension field. 738 * It is not actually safe to advance this iterator, but decode_field 739 * will not even try to. */ 740 const pb_field_t *field = (const pb_field_t*)extension->type->arg; 741 (void)pb_field_iter_begin(iter, field, extension->dest); 742 iter->pData = extension->dest; 743 iter->pSize = &extension->found; 744 745 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) 746 { 747 /* For pointer extensions, the pointer is stored directly 748 * in the extension structure. This avoids having an extra 749 * indirection. */ 750 iter->pData = &extension->dest; 751 } 752 } 753 754 /* Default handler for extension fields. Expects a pb_field_t structure 755 * in extension->type->arg. */ 756 static bool checkreturn default_extension_decoder(pb_istream_t *stream, 757 pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type) 758 { 759 const pb_field_t *field = (const pb_field_t*)extension->type->arg; 760 pb_field_iter_t iter; 761 762 if (field->tag != tag) 763 return true; 764 765 iter_from_extension(&iter, extension); 766 extension->found = true; 767 return decode_field(stream, wire_type, &iter); 768 } 769 770 /* Try to decode an unknown field as an extension field. Tries each extension 771 * decoder in turn, until one of them handles the field or loop ends. */ 772 static bool checkreturn decode_extension(pb_istream_t *stream, 773 uint32_t tag, pb_wire_type_t wire_type, pb_field_iter_t *iter) 774 { 775 pb_extension_t *extension = *(pb_extension_t* const *)iter->pData; 776 size_t pos = stream->bytes_left; 777 778 while (extension != NULL && pos == stream->bytes_left) 779 { 780 bool status; 781 if (extension->type->decode) 782 status = extension->type->decode(stream, extension, tag, wire_type); 783 else 784 status = default_extension_decoder(stream, extension, tag, wire_type); 785 786 if (!status) 787 return false; 788 789 extension = extension->next; 790 } 791 792 return true; 793 } 794 795 /* Step through the iterator until an extension field is found or until all 796 * entries have been checked. There can be only one extension field per 797 * message. Returns false if no extension field is found. */ 798 static bool checkreturn find_extension_field(pb_field_iter_t *iter) 799 { 800 const pb_field_t *start = iter->pos; 801 802 do { 803 if (PB_LTYPE(iter->pos->type) == PB_LTYPE_EXTENSION) 804 return true; 805 (void)pb_field_iter_next(iter); 806 } while (iter->pos != start); 807 808 return false; 809 } 810 811 /* Initialize message fields to default values, recursively */ 812 static void pb_field_set_to_default(pb_field_iter_t *iter) 813 { 814 pb_type_t type; 815 type = iter->pos->type; 816 817 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION) 818 { 819 pb_extension_t *ext = *(pb_extension_t* const *)iter->pData; 820 while (ext != NULL) 821 { 822 pb_field_iter_t ext_iter; 823 ext->found = false; 824 iter_from_extension(&ext_iter, ext); 825 pb_field_set_to_default(&ext_iter); 826 ext = ext->next; 827 } 828 } 829 else if (PB_ATYPE(type) == PB_ATYPE_STATIC) 830 { 831 bool init_data = true; 832 if (PB_HTYPE(type) == PB_HTYPE_OPTIONAL && iter->pSize != iter->pData) 833 { 834 /* Set has_field to false. Still initialize the optional field 835 * itself also. */ 836 *(bool*)iter->pSize = false; 837 } 838 else if (PB_HTYPE(type) == PB_HTYPE_REPEATED || 839 PB_HTYPE(type) == PB_HTYPE_ONEOF) 840 { 841 /* REPEATED: Set array count to 0, no need to initialize contents. 842 ONEOF: Set which_field to 0. */ 843 *(pb_size_t*)iter->pSize = 0; 844 init_data = false; 845 } 846 847 if (init_data) 848 { 849 if (PB_LTYPE(iter->pos->type) == PB_LTYPE_SUBMESSAGE) 850 { 851 /* Initialize submessage to defaults */ 852 pb_message_set_to_defaults((const pb_field_t *) iter->pos->ptr, iter->pData); 853 } 854 else if (iter->pos->ptr != NULL) 855 { 856 /* Initialize to default value */ 857 memcpy(iter->pData, iter->pos->ptr, iter->pos->data_size); 858 } 859 else 860 { 861 /* Initialize to zeros */ 862 memset(iter->pData, 0, iter->pos->data_size); 863 } 864 } 865 } 866 else if (PB_ATYPE(type) == PB_ATYPE_POINTER) 867 { 868 /* Initialize the pointer to NULL. */ 869 *(void**)iter->pData = NULL; 870 871 /* Initialize array count to 0. */ 872 if (PB_HTYPE(type) == PB_HTYPE_REPEATED || 873 PB_HTYPE(type) == PB_HTYPE_ONEOF) 874 { 875 *(pb_size_t*)iter->pSize = 0; 876 } 877 } 878 else if (PB_ATYPE(type) == PB_ATYPE_CALLBACK) 879 { 880 /* Don't overwrite callback */ 881 } 882 } 883 884 static void pb_message_set_to_defaults(const pb_field_t fields[], void *dest_struct) 885 { 886 pb_field_iter_t iter; 887 888 if (!pb_field_iter_begin(&iter, fields, dest_struct)) 889 return; /* Empty message type */ 890 891 do 892 { 893 pb_field_set_to_default(&iter); 894 } while (pb_field_iter_next(&iter)); 895 } 896 897 /********************* 898 * Decode all fields * 899 *********************/ 900 901 bool checkreturn pb_decode_noinit(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct) 902 { 903 uint32_t fields_seen[(PB_MAX_REQUIRED_FIELDS + 31) / 32] = {0, 0}; 904 const uint32_t allbits = ~(uint32_t)0; 905 uint32_t extension_range_start = 0; 906 pb_field_iter_t iter; 907 908 /* 'fixed_count_field' and 'fixed_count_size' track position of a repeated fixed 909 * count field. This can only handle _one_ repeated fixed count field that 910 * is unpacked and unordered among other (non repeated fixed count) fields. 911 */ 912 const pb_field_t *fixed_count_field = NULL; 913 pb_size_t fixed_count_size = 0; 914 915 /* Return value ignored, as empty message types will be correctly handled by 916 * pb_field_iter_find() anyway. */ 917 (void)pb_field_iter_begin(&iter, fields, dest_struct); 918 919 while (stream->bytes_left) 920 { 921 uint32_t tag; 922 pb_wire_type_t wire_type; 923 bool eof; 924 925 if (!pb_decode_tag(stream, &wire_type, &tag, &eof)) 926 { 927 if (eof) 928 break; 929 else 930 return false; 931 } 932 933 if (!pb_field_iter_find(&iter, tag)) 934 { 935 /* No match found, check if it matches an extension. */ 936 if (tag >= extension_range_start) 937 { 938 if (!find_extension_field(&iter)) 939 extension_range_start = (uint32_t)-1; 940 else 941 extension_range_start = iter.pos->tag; 942 943 if (tag >= extension_range_start) 944 { 945 size_t pos = stream->bytes_left; 946 947 if (!decode_extension(stream, tag, wire_type, &iter)) 948 return false; 949 950 if (pos != stream->bytes_left) 951 { 952 /* The field was handled */ 953 continue; 954 } 955 } 956 } 957 958 /* No match found, skip data */ 959 if (!pb_skip_field(stream, wire_type)) 960 return false; 961 continue; 962 } 963 964 /* If a repeated fixed count field was found, get size from 965 * 'fixed_count_field' as there is no counter contained in the struct. 966 */ 967 if (PB_HTYPE(iter.pos->type) == PB_HTYPE_REPEATED 968 && iter.pSize == iter.pData) 969 { 970 if (fixed_count_field != iter.pos) { 971 /* If the new fixed count field does not match the previous one, 972 * check that the previous one is NULL or that it finished 973 * receiving all the expected data. 974 */ 975 if (fixed_count_field != NULL && 976 fixed_count_size != fixed_count_field->array_size) 977 { 978 PB_RETURN_ERROR(stream, "wrong size for fixed count field"); 979 } 980 981 fixed_count_field = iter.pos; 982 fixed_count_size = 0; 983 } 984 985 iter.pSize = &fixed_count_size; 986 } 987 988 if (PB_HTYPE(iter.pos->type) == PB_HTYPE_REQUIRED 989 && iter.required_field_index < PB_MAX_REQUIRED_FIELDS) 990 { 991 uint32_t tmp = ((uint32_t)1 << (iter.required_field_index & 31)); 992 fields_seen[iter.required_field_index >> 5] |= tmp; 993 } 994 995 if (!decode_field(stream, wire_type, &iter)) 996 return false; 997 } 998 999 /* Check that all elements of the last decoded fixed count field were present. */ 1000 if (fixed_count_field != NULL && 1001 fixed_count_size != fixed_count_field->array_size) 1002 { 1003 PB_RETURN_ERROR(stream, "wrong size for fixed count field"); 1004 } 1005 1006 /* Check that all required fields were present. */ 1007 { 1008 /* First figure out the number of required fields by 1009 * seeking to the end of the field array. Usually we 1010 * are already close to end after decoding. 1011 */ 1012 unsigned req_field_count; 1013 pb_type_t last_type; 1014 unsigned i; 1015 do { 1016 req_field_count = iter.required_field_index; 1017 last_type = iter.pos->type; 1018 } while (pb_field_iter_next(&iter)); 1019 1020 /* Fixup if last field was also required. */ 1021 if (PB_HTYPE(last_type) == PB_HTYPE_REQUIRED && iter.pos->tag != 0) 1022 req_field_count++; 1023 1024 if (req_field_count > PB_MAX_REQUIRED_FIELDS) 1025 req_field_count = PB_MAX_REQUIRED_FIELDS; 1026 1027 if (req_field_count > 0) 1028 { 1029 /* Check the whole words */ 1030 for (i = 0; i < (req_field_count >> 5); i++) 1031 { 1032 if (fields_seen[i] != allbits) 1033 PB_RETURN_ERROR(stream, "missing required field"); 1034 } 1035 1036 /* Check the remaining bits (if any) */ 1037 if ((req_field_count & 31) != 0) 1038 { 1039 if (fields_seen[req_field_count >> 5] != 1040 (allbits >> (32 - (req_field_count & 31)))) 1041 { 1042 PB_RETURN_ERROR(stream, "missing required field"); 1043 } 1044 } 1045 } 1046 } 1047 1048 return true; 1049 } 1050 1051 bool checkreturn pb_decode(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct) 1052 { 1053 bool status; 1054 pb_message_set_to_defaults(fields, dest_struct); 1055 status = pb_decode_noinit(stream, fields, dest_struct); 1056 1057 #ifdef PB_ENABLE_MALLOC 1058 if (!status) 1059 pb_release(fields, dest_struct); 1060 #endif 1061 1062 return status; 1063 } 1064 1065 bool pb_decode_delimited_noinit(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct) 1066 { 1067 pb_istream_t substream; 1068 bool status; 1069 1070 if (!pb_make_string_substream(stream, &substream)) 1071 return false; 1072 1073 status = pb_decode_noinit(&substream, fields, dest_struct); 1074 1075 if (!pb_close_string_substream(stream, &substream)) 1076 return false; 1077 return status; 1078 } 1079 1080 bool pb_decode_delimited(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct) 1081 { 1082 pb_istream_t substream; 1083 bool status; 1084 1085 if (!pb_make_string_substream(stream, &substream)) 1086 return false; 1087 1088 status = pb_decode(&substream, fields, dest_struct); 1089 1090 if (!pb_close_string_substream(stream, &substream)) 1091 return false; 1092 return status; 1093 } 1094 1095 bool pb_decode_nullterminated(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct) 1096 { 1097 /* This behaviour will be separated in nanopb-0.4.0, see issue #278. */ 1098 return pb_decode(stream, fields, dest_struct); 1099 } 1100 1101 #ifdef PB_ENABLE_MALLOC 1102 /* Given an oneof field, if there has already been a field inside this oneof, 1103 * release it before overwriting with a different one. */ 1104 static bool pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *iter) 1105 { 1106 pb_size_t old_tag = *(pb_size_t*)iter->pSize; /* Previous which_ value */ 1107 pb_size_t new_tag = iter->pos->tag; /* New which_ value */ 1108 1109 if (old_tag == 0) 1110 return true; /* Ok, no old data in union */ 1111 1112 if (old_tag == new_tag) 1113 return true; /* Ok, old data is of same type => merge */ 1114 1115 /* Release old data. The find can fail if the message struct contains 1116 * invalid data. */ 1117 if (!pb_field_iter_find(iter, old_tag)) 1118 PB_RETURN_ERROR(stream, "invalid union tag"); 1119 1120 pb_release_single_field(iter); 1121 1122 /* Restore iterator to where it should be. 1123 * This shouldn't fail unless the pb_field_t structure is corrupted. */ 1124 if (!pb_field_iter_find(iter, new_tag)) 1125 PB_RETURN_ERROR(stream, "iterator error"); 1126 1127 return true; 1128 } 1129 1130 static void pb_release_single_field(const pb_field_iter_t *iter) 1131 { 1132 pb_type_t type; 1133 type = iter->pos->type; 1134 1135 if (PB_HTYPE(type) == PB_HTYPE_ONEOF) 1136 { 1137 if (*(pb_size_t*)iter->pSize != iter->pos->tag) 1138 return; /* This is not the current field in the union */ 1139 } 1140 1141 /* Release anything contained inside an extension or submsg. 1142 * This has to be done even if the submsg itself is statically 1143 * allocated. */ 1144 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION) 1145 { 1146 /* Release fields from all extensions in the linked list */ 1147 pb_extension_t *ext = *(pb_extension_t**)iter->pData; 1148 while (ext != NULL) 1149 { 1150 pb_field_iter_t ext_iter; 1151 iter_from_extension(&ext_iter, ext); 1152 pb_release_single_field(&ext_iter); 1153 ext = ext->next; 1154 } 1155 } 1156 else if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE) 1157 { 1158 /* Release fields in submessage or submsg array */ 1159 void *pItem = iter->pData; 1160 pb_size_t count = 1; 1161 1162 if (PB_ATYPE(type) == PB_ATYPE_POINTER) 1163 { 1164 pItem = *(void**)iter->pData; 1165 } 1166 1167 if (PB_HTYPE(type) == PB_HTYPE_REPEATED) 1168 { 1169 if (PB_ATYPE(type) == PB_ATYPE_STATIC && iter->pSize == iter->pData) { 1170 /* No _count field so use size of the array */ 1171 count = iter->pos->array_size; 1172 } else { 1173 count = *(pb_size_t*)iter->pSize; 1174 } 1175 1176 if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > iter->pos->array_size) 1177 { 1178 /* Protect against corrupted _count fields */ 1179 count = iter->pos->array_size; 1180 } 1181 } 1182 1183 if (pItem) 1184 { 1185 while (count--) 1186 { 1187 pb_release((const pb_field_t*)iter->pos->ptr, pItem); 1188 pItem = (char*)pItem + iter->pos->data_size; 1189 } 1190 } 1191 } 1192 1193 if (PB_ATYPE(type) == PB_ATYPE_POINTER) 1194 { 1195 if (PB_HTYPE(type) == PB_HTYPE_REPEATED && 1196 (PB_LTYPE(type) == PB_LTYPE_STRING || 1197 PB_LTYPE(type) == PB_LTYPE_BYTES)) 1198 { 1199 /* Release entries in repeated string or bytes array */ 1200 void **pItem = *(void***)iter->pData; 1201 pb_size_t count = *(pb_size_t*)iter->pSize; 1202 while (count--) 1203 { 1204 pb_free(*pItem); 1205 *pItem++ = NULL; 1206 } 1207 } 1208 1209 if (PB_HTYPE(type) == PB_HTYPE_REPEATED) 1210 { 1211 /* We are going to release the array, so set the size to 0 */ 1212 *(pb_size_t*)iter->pSize = 0; 1213 } 1214 1215 /* Release main item */ 1216 pb_free(*(void**)iter->pData); 1217 *(void**)iter->pData = NULL; 1218 } 1219 } 1220 1221 void pb_release(const pb_field_t fields[], void *dest_struct) 1222 { 1223 pb_field_iter_t iter; 1224 1225 if (!dest_struct) 1226 return; /* Ignore NULL pointers, similar to free() */ 1227 1228 if (!pb_field_iter_begin(&iter, fields, dest_struct)) 1229 return; /* Empty message type */ 1230 1231 do 1232 { 1233 pb_release_single_field(&iter); 1234 } while (pb_field_iter_next(&iter)); 1235 } 1236 #endif 1237 1238 /* Field decoders */ 1239 1240 bool pb_decode_svarint(pb_istream_t *stream, pb_int64_t *dest) 1241 { 1242 pb_uint64_t value; 1243 if (!pb_decode_varint(stream, &value)) 1244 return false; 1245 1246 if (value & 1) 1247 *dest = (pb_int64_t)(~(value >> 1)); 1248 else 1249 *dest = (pb_int64_t)(value >> 1); 1250 1251 return true; 1252 } 1253 1254 bool pb_decode_fixed32(pb_istream_t *stream, void *dest) 1255 { 1256 pb_byte_t bytes[4]; 1257 1258 if (!pb_read(stream, bytes, 4)) 1259 return false; 1260 1261 *(uint32_t*)dest = ((uint32_t)bytes[0] << 0) | 1262 ((uint32_t)bytes[1] << 8) | 1263 ((uint32_t)bytes[2] << 16) | 1264 ((uint32_t)bytes[3] << 24); 1265 return true; 1266 } 1267 1268 #ifndef PB_WITHOUT_64BIT 1269 bool pb_decode_fixed64(pb_istream_t *stream, void *dest) 1270 { 1271 pb_byte_t bytes[8]; 1272 1273 if (!pb_read(stream, bytes, 8)) 1274 return false; 1275 1276 *(uint64_t*)dest = ((uint64_t)bytes[0] << 0) | 1277 ((uint64_t)bytes[1] << 8) | 1278 ((uint64_t)bytes[2] << 16) | 1279 ((uint64_t)bytes[3] << 24) | 1280 ((uint64_t)bytes[4] << 32) | 1281 ((uint64_t)bytes[5] << 40) | 1282 ((uint64_t)bytes[6] << 48) | 1283 ((uint64_t)bytes[7] << 56); 1284 1285 return true; 1286 } 1287 #endif 1288 1289 static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_t *field, void *dest) 1290 { 1291 pb_uint64_t value; 1292 pb_int64_t svalue; 1293 pb_int64_t clamped; 1294 if (!pb_decode_varint(stream, &value)) 1295 return false; 1296 1297 /* See issue 97: Google's C++ protobuf allows negative varint values to 1298 * be cast as int32_t, instead of the int64_t that should be used when 1299 * encoding. Previous nanopb versions had a bug in encoding. In order to 1300 * not break decoding of such messages, we cast <=32 bit fields to 1301 * int32_t first to get the sign correct. 1302 */ 1303 if (field->data_size == sizeof(pb_int64_t)) 1304 svalue = (pb_int64_t)value; 1305 else 1306 svalue = (int32_t)value; 1307 1308 /* Cast to the proper field size, while checking for overflows */ 1309 if (field->data_size == sizeof(pb_int64_t)) 1310 clamped = *(pb_int64_t*)dest = svalue; 1311 else if (field->data_size == sizeof(int32_t)) 1312 clamped = *(int32_t*)dest = (int32_t)svalue; 1313 else if (field->data_size == sizeof(int_least16_t)) 1314 clamped = *(int_least16_t*)dest = (int_least16_t)svalue; 1315 else if (field->data_size == sizeof(int_least8_t)) 1316 clamped = *(int_least8_t*)dest = (int_least8_t)svalue; 1317 else 1318 PB_RETURN_ERROR(stream, "invalid data_size"); 1319 1320 if (clamped != svalue) 1321 PB_RETURN_ERROR(stream, "integer too large"); 1322 1323 return true; 1324 } 1325 1326 static bool checkreturn pb_dec_uvarint(pb_istream_t *stream, const pb_field_t *field, void *dest) 1327 { 1328 pb_uint64_t value, clamped; 1329 if (!pb_decode_varint(stream, &value)) 1330 return false; 1331 1332 /* Cast to the proper field size, while checking for overflows */ 1333 if (field->data_size == sizeof(pb_uint64_t)) 1334 clamped = *(pb_uint64_t*)dest = value; 1335 else if (field->data_size == sizeof(uint32_t)) 1336 clamped = *(uint32_t*)dest = (uint32_t)value; 1337 else if (field->data_size == sizeof(uint_least16_t)) 1338 clamped = *(uint_least16_t*)dest = (uint_least16_t)value; 1339 else if (field->data_size == sizeof(uint_least8_t)) 1340 clamped = *(uint_least8_t*)dest = (uint_least8_t)value; 1341 else 1342 PB_RETURN_ERROR(stream, "invalid data_size"); 1343 1344 if (clamped != value) 1345 PB_RETURN_ERROR(stream, "integer too large"); 1346 1347 return true; 1348 } 1349 1350 static bool checkreturn pb_dec_svarint(pb_istream_t *stream, const pb_field_t *field, void *dest) 1351 { 1352 pb_int64_t value, clamped; 1353 if (!pb_decode_svarint(stream, &value)) 1354 return false; 1355 1356 /* Cast to the proper field size, while checking for overflows */ 1357 if (field->data_size == sizeof(pb_int64_t)) 1358 clamped = *(pb_int64_t*)dest = value; 1359 else if (field->data_size == sizeof(int32_t)) 1360 clamped = *(int32_t*)dest = (int32_t)value; 1361 else if (field->data_size == sizeof(int_least16_t)) 1362 clamped = *(int_least16_t*)dest = (int_least16_t)value; 1363 else if (field->data_size == sizeof(int_least8_t)) 1364 clamped = *(int_least8_t*)dest = (int_least8_t)value; 1365 else 1366 PB_RETURN_ERROR(stream, "invalid data_size"); 1367 1368 if (clamped != value) 1369 PB_RETURN_ERROR(stream, "integer too large"); 1370 1371 return true; 1372 } 1373 1374 static bool checkreturn pb_dec_fixed32(pb_istream_t *stream, const pb_field_t *field, void *dest) 1375 { 1376 PB_UNUSED(field); 1377 return pb_decode_fixed32(stream, dest); 1378 } 1379 1380 static bool checkreturn pb_dec_fixed64(pb_istream_t *stream, const pb_field_t *field, void *dest) 1381 { 1382 PB_UNUSED(field); 1383 #ifndef PB_WITHOUT_64BIT 1384 return pb_decode_fixed64(stream, dest); 1385 #else 1386 PB_UNUSED(dest); 1387 PB_RETURN_ERROR(stream, "no 64bit support"); 1388 #endif 1389 } 1390 1391 static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest) 1392 { 1393 uint32_t size; 1394 size_t alloc_size; 1395 pb_bytes_array_t *bdest; 1396 1397 if (!pb_decode_varint32(stream, &size)) 1398 return false; 1399 1400 if (size > PB_SIZE_MAX) 1401 PB_RETURN_ERROR(stream, "bytes overflow"); 1402 1403 alloc_size = PB_BYTES_ARRAY_T_ALLOCSIZE(size); 1404 if (size > alloc_size) 1405 PB_RETURN_ERROR(stream, "size too large"); 1406 1407 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) 1408 { 1409 #ifndef PB_ENABLE_MALLOC 1410 PB_RETURN_ERROR(stream, "no malloc support"); 1411 #else 1412 if (!allocate_field(stream, dest, alloc_size, 1)) 1413 return false; 1414 bdest = *(pb_bytes_array_t**)dest; 1415 #endif 1416 } 1417 else 1418 { 1419 if (alloc_size > field->data_size) 1420 PB_RETURN_ERROR(stream, "bytes overflow"); 1421 bdest = (pb_bytes_array_t*)dest; 1422 } 1423 1424 bdest->size = (pb_size_t)size; 1425 return pb_read(stream, bdest->bytes, size); 1426 } 1427 1428 static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_t *field, void *dest) 1429 { 1430 uint32_t size; 1431 size_t alloc_size; 1432 bool status; 1433 if (!pb_decode_varint32(stream, &size)) 1434 return false; 1435 1436 /* Space for null terminator */ 1437 alloc_size = size + 1; 1438 1439 if (alloc_size < size) 1440 PB_RETURN_ERROR(stream, "size too large"); 1441 1442 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER) 1443 { 1444 #ifndef PB_ENABLE_MALLOC 1445 PB_RETURN_ERROR(stream, "no malloc support"); 1446 #else 1447 if (!allocate_field(stream, dest, alloc_size, 1)) 1448 return false; 1449 dest = *(void**)dest; 1450 #endif 1451 } 1452 else 1453 { 1454 if (alloc_size > field->data_size) 1455 PB_RETURN_ERROR(stream, "string overflow"); 1456 } 1457 1458 status = pb_read(stream, (pb_byte_t*)dest, size); 1459 *((pb_byte_t*)dest + size) = 0; 1460 return status; 1461 } 1462 1463 static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_t *field, void *dest) 1464 { 1465 bool status; 1466 pb_istream_t substream; 1467 const pb_field_t* submsg_fields = (const pb_field_t*)field->ptr; 1468 1469 if (!pb_make_string_substream(stream, &substream)) 1470 return false; 1471 1472 if (field->ptr == NULL) 1473 PB_RETURN_ERROR(stream, "invalid field descriptor"); 1474 1475 /* New array entries need to be initialized, while required and optional 1476 * submessages have already been initialized in the top-level pb_decode. */ 1477 if (PB_HTYPE(field->type) == PB_HTYPE_REPEATED) 1478 status = pb_decode(&substream, submsg_fields, dest); 1479 else 1480 status = pb_decode_noinit(&substream, submsg_fields, dest); 1481 1482 if (!pb_close_string_substream(stream, &substream)) 1483 return false; 1484 return status; 1485 } 1486 1487 static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest) 1488 { 1489 uint32_t size; 1490 1491 if (!pb_decode_varint32(stream, &size)) 1492 return false; 1493 1494 if (size > PB_SIZE_MAX) 1495 PB_RETURN_ERROR(stream, "bytes overflow"); 1496 1497 if (size == 0) 1498 { 1499 /* As a special case, treat empty bytes string as all zeros for fixed_length_bytes. */ 1500 memset(dest, 0, field->data_size); 1501 return true; 1502 } 1503 1504 if (size != field->data_size) 1505 PB_RETURN_ERROR(stream, "incorrect fixed length bytes size"); 1506 1507 return pb_read(stream, (pb_byte_t*)dest, field->data_size); 1508 } 1509