1 /* pb_decode.c -- decode a protobuf using minimal resources
3 * 2011 Petteri Aimonen <jpa@kapsi.fi>
6 /* Use the GCC warn_unused_result attribute to check that all return values
7 * are propagated correctly. On other compilers and gcc before 3.4.0 just
8 * ignore the annotation.
10 #if !defined(__GNUC__) || ( __GNUC__ < 3) || (__GNUC__ == 3 && __GNUC_MINOR__ < 4)
13 #define checkreturn __attribute__((warn_unused_result))
17 #include "pb_decode.h"
18 #include "pb_common.h"
20 /**************************************
21 * Declarations internal to this file *
22 **************************************/
24 typedef bool (*pb_decoder_t)(pb_istream_t *stream, const pb_field_t *field, void *dest) checkreturn;
26 static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count);
27 static bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest);
28 static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size);
29 static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter);
30 static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter);
31 static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter);
32 static void iter_from_extension(pb_field_iter_t *iter, pb_extension_t *extension);
33 static bool checkreturn default_extension_decoder(pb_istream_t *stream, pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type);
34 static bool checkreturn decode_extension(pb_istream_t *stream, uint32_t tag, pb_wire_type_t wire_type, pb_field_iter_t *iter);
35 static bool checkreturn find_extension_field(pb_field_iter_t *iter);
36 static void pb_field_set_to_default(pb_field_iter_t *iter);
37 static void pb_message_set_to_defaults(const pb_field_t fields[], void *dest_struct);
38 static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_t *field, void *dest);
39 static bool checkreturn pb_dec_uvarint(pb_istream_t *stream, const pb_field_t *field, void *dest);
40 static bool checkreturn pb_dec_svarint(pb_istream_t *stream, const pb_field_t *field, void *dest);
41 static bool checkreturn pb_dec_fixed32(pb_istream_t *stream, const pb_field_t *field, void *dest);
42 static bool checkreturn pb_dec_fixed64(pb_istream_t *stream, const pb_field_t *field, void *dest);
43 static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest);
44 static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_t *field, void *dest);
45 static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_t *field, void *dest);
46 static bool checkreturn pb_skip_varint(pb_istream_t *stream);
47 static bool checkreturn pb_skip_string(pb_istream_t *stream);
49 #ifdef PB_ENABLE_MALLOC
50 static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size);
51 static bool checkreturn pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *iter);
52 static void pb_release_single_field(const pb_field_iter_t *iter);
55 /* --- Function pointers to field decoders ---
56 * Order in the array must match pb_action_t LTYPE numbering.
58 static const pb_decoder_t PB_DECODERS[PB_LTYPES_COUNT] = {
68 NULL, /* extensions */
69 &pb_dec_bytes /* PB_LTYPE_FIXED_LENGTH_BYTES */
72 /*******************************
73 * pb_istream_t implementation *
74 *******************************/
76 static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count)
78 const pb_byte_t *source = (const pb_byte_t*)stream->state;
79 stream->state = (pb_byte_t*)stream->state + count;
90 bool checkreturn pb_read(pb_istream_t *stream, pb_byte_t *buf, size_t count)
92 #ifndef PB_BUFFER_ONLY
93 if (buf == NULL && stream->callback != buf_read)
95 /* Skip input bytes */
99 if (!pb_read(stream, tmp, 16))
105 return pb_read(stream, tmp, count);
109 if (stream->bytes_left < count)
110 PB_RETURN_ERROR(stream, "end-of-stream");
112 #ifndef PB_BUFFER_ONLY
113 if (!stream->callback(stream, buf, count))
114 PB_RETURN_ERROR(stream, "io error");
116 if (!buf_read(stream, buf, count))
120 stream->bytes_left -= count;
124 /* Read a single byte from input stream. buf may not be NULL.
125 * This is an optimization for the varint decoding. */
126 static bool checkreturn pb_readbyte(pb_istream_t *stream, pb_byte_t *buf)
128 if (stream->bytes_left == 0)
129 PB_RETURN_ERROR(stream, "end-of-stream");
131 #ifndef PB_BUFFER_ONLY
132 if (!stream->callback(stream, buf, 1))
133 PB_RETURN_ERROR(stream, "io error");
135 *buf = *(const pb_byte_t*)stream->state;
136 stream->state = (pb_byte_t*)stream->state + 1;
139 stream->bytes_left--;
144 pb_istream_t pb_istream_from_buffer(const pb_byte_t *buf, size_t bufsize)
147 /* Cast away the const from buf without a compiler error. We are
148 * careful to use it only in a const manner in the callbacks.
154 #ifdef PB_BUFFER_ONLY
155 stream.callback = NULL;
157 stream.callback = &buf_read;
160 stream.state = state.state;
161 stream.bytes_left = bufsize;
163 stream.errmsg = NULL;
168 /********************
170 ********************/
172 static bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest)
177 if (!pb_readbyte(stream, &byte))
180 if ((byte & 0x80) == 0)
182 /* Quick case, 1 byte value */
188 uint_fast8_t bitpos = 7;
189 result = byte & 0x7F;
194 PB_RETURN_ERROR(stream, "varint overflow");
196 if (!pb_readbyte(stream, &byte))
199 result |= (uint32_t)(byte & 0x7F) << bitpos;
200 bitpos = (uint_fast8_t)(bitpos + 7);
201 } while (byte & 0x80);
208 bool checkreturn pb_decode_varint(pb_istream_t *stream, uint64_t *dest)
211 uint_fast8_t bitpos = 0;
217 PB_RETURN_ERROR(stream, "varint overflow");
219 if (!pb_readbyte(stream, &byte))
222 result |= (uint64_t)(byte & 0x7F) << bitpos;
223 bitpos = (uint_fast8_t)(bitpos + 7);
224 } while (byte & 0x80);
230 bool checkreturn pb_skip_varint(pb_istream_t *stream)
235 if (!pb_read(stream, &byte, 1))
237 } while (byte & 0x80);
241 bool checkreturn pb_skip_string(pb_istream_t *stream)
244 if (!pb_decode_varint32(stream, &length))
247 return pb_read(stream, NULL, length);
250 bool checkreturn pb_decode_tag(pb_istream_t *stream, pb_wire_type_t *wire_type, uint32_t *tag, bool *eof)
254 *wire_type = (pb_wire_type_t) 0;
257 if (!pb_decode_varint32(stream, &temp))
259 if (stream->bytes_left == 0)
267 *eof = true; /* Special feature: allow 0-terminated messages. */
272 *wire_type = (pb_wire_type_t)(temp & 7);
276 bool checkreturn pb_skip_field(pb_istream_t *stream, pb_wire_type_t wire_type)
280 case PB_WT_VARINT: return pb_skip_varint(stream);
281 case PB_WT_64BIT: return pb_read(stream, NULL, 8);
282 case PB_WT_STRING: return pb_skip_string(stream);
283 case PB_WT_32BIT: return pb_read(stream, NULL, 4);
284 default: PB_RETURN_ERROR(stream, "invalid wire_type");
288 /* Read a raw value to buffer, for the purpose of passing it to callback as
289 * a substream. Size is maximum size on call, and actual size on return.
291 static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size)
293 size_t max_size = *size;
301 if (*size > max_size) return false;
302 if (!pb_read(stream, buf, 1)) return false;
303 } while (*buf++ & 0x80);
308 return pb_read(stream, buf, 8);
312 return pb_read(stream, buf, 4);
314 default: PB_RETURN_ERROR(stream, "invalid wire_type");
318 /* Decode string length from stream and return a substream with limited length.
319 * Remember to close the substream using pb_close_string_substream().
321 bool checkreturn pb_make_string_substream(pb_istream_t *stream, pb_istream_t *substream)
324 if (!pb_decode_varint32(stream, &size))
327 *substream = *stream;
328 if (substream->bytes_left < size)
329 PB_RETURN_ERROR(stream, "parent stream too short");
331 substream->bytes_left = size;
332 stream->bytes_left -= size;
336 void pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream)
338 stream->state = substream->state;
341 stream->errmsg = substream->errmsg;
345 /*************************
346 * Decode a single field *
347 *************************/
349 static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter)
354 type = iter->pos->type;
355 func = PB_DECODERS[PB_LTYPE(type)];
357 switch (PB_HTYPE(type))
359 case PB_HTYPE_REQUIRED:
360 return func(stream, iter->pos, iter->pData);
362 case PB_HTYPE_OPTIONAL:
363 if (iter->pSize != iter->pData)
364 *(bool*)iter->pSize = true;
365 return func(stream, iter->pos, iter->pData);
367 case PB_HTYPE_REPEATED:
368 if (wire_type == PB_WT_STRING
369 && PB_LTYPE(type) <= PB_LTYPE_LAST_PACKABLE)
373 pb_size_t *size = (pb_size_t*)iter->pSize;
374 pb_istream_t substream;
375 if (!pb_make_string_substream(stream, &substream))
378 while (substream.bytes_left > 0 && *size < iter->pos->array_size)
380 void *pItem = (char*)iter->pData + iter->pos->data_size * (*size);
381 if (!func(&substream, iter->pos, pItem))
388 pb_close_string_substream(stream, &substream);
390 if (substream.bytes_left != 0)
391 PB_RETURN_ERROR(stream, "array overflow");
398 pb_size_t *size = (pb_size_t*)iter->pSize;
399 void *pItem = (char*)iter->pData + iter->pos->data_size * (*size);
400 if (*size >= iter->pos->array_size)
401 PB_RETURN_ERROR(stream, "array overflow");
404 return func(stream, iter->pos, pItem);
408 *(pb_size_t*)iter->pSize = iter->pos->tag;
409 if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE)
411 /* We memset to zero so that any callbacks are set to NULL.
412 * Then set any default values. */
413 memset(iter->pData, 0, iter->pos->data_size);
414 pb_message_set_to_defaults((const pb_field_t*)iter->pos->ptr, iter->pData);
416 return func(stream, iter->pos, iter->pData);
419 PB_RETURN_ERROR(stream, "invalid field type");
423 #ifdef PB_ENABLE_MALLOC
424 /* Allocate storage for the field and store the pointer at iter->pData.
425 * array_size is the number of entries to reserve in an array.
426 * Zero size is not allowed, use pb_free() for releasing.
428 static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size)
430 void *ptr = *(void**)pData;
432 if (data_size == 0 || array_size == 0)
433 PB_RETURN_ERROR(stream, "invalid size");
435 /* Check for multiplication overflows.
436 * This code avoids the costly division if the sizes are small enough.
437 * Multiplication is safe as long as only half of bits are set
438 * in either multiplicand.
441 const size_t check_limit = (size_t)1 << (sizeof(size_t) * 4);
442 if (data_size >= check_limit || array_size >= check_limit)
444 const size_t size_max = (size_t)-1;
445 if (size_max / array_size < data_size)
447 PB_RETURN_ERROR(stream, "size too large");
452 /* Allocate new or expand previous allocation */
453 /* Note: on failure the old pointer will remain in the structure,
454 * the message must be freed by caller also on error return. */
455 ptr = pb_realloc(ptr, array_size * data_size);
457 PB_RETURN_ERROR(stream, "realloc failed");
459 *(void**)pData = ptr;
463 /* Clear a newly allocated item in case it contains a pointer, or is a submessage. */
464 static void initialize_pointer_field(void *pItem, pb_field_iter_t *iter)
466 if (PB_LTYPE(iter->pos->type) == PB_LTYPE_STRING ||
467 PB_LTYPE(iter->pos->type) == PB_LTYPE_BYTES)
469 *(void**)pItem = NULL;
471 else if (PB_LTYPE(iter->pos->type) == PB_LTYPE_SUBMESSAGE)
473 pb_message_set_to_defaults((const pb_field_t *) iter->pos->ptr, pItem);
478 static bool checkreturn decode_pointer_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter)
480 #ifndef PB_ENABLE_MALLOC
481 PB_UNUSED(wire_type);
483 PB_RETURN_ERROR(stream, "no malloc support");
488 type = iter->pos->type;
489 func = PB_DECODERS[PB_LTYPE(type)];
491 switch (PB_HTYPE(type))
493 case PB_HTYPE_REQUIRED:
494 case PB_HTYPE_OPTIONAL:
496 if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE &&
497 *(void**)iter->pData != NULL)
499 /* Duplicate field, have to release the old allocation first. */
500 pb_release_single_field(iter);
503 if (PB_HTYPE(type) == PB_HTYPE_ONEOF)
505 *(pb_size_t*)iter->pSize = iter->pos->tag;
508 if (PB_LTYPE(type) == PB_LTYPE_STRING ||
509 PB_LTYPE(type) == PB_LTYPE_BYTES)
511 return func(stream, iter->pos, iter->pData);
515 if (!allocate_field(stream, iter->pData, iter->pos->data_size, 1))
518 initialize_pointer_field(*(void**)iter->pData, iter);
519 return func(stream, iter->pos, *(void**)iter->pData);
522 case PB_HTYPE_REPEATED:
523 if (wire_type == PB_WT_STRING
524 && PB_LTYPE(type) <= PB_LTYPE_LAST_PACKABLE)
526 /* Packed array, multiple items come in at once. */
528 pb_size_t *size = (pb_size_t*)iter->pSize;
529 size_t allocated_size = *size;
531 pb_istream_t substream;
533 if (!pb_make_string_substream(stream, &substream))
536 while (substream.bytes_left)
538 if ((size_t)*size + 1 > allocated_size)
540 /* Allocate more storage. This tries to guess the
541 * number of remaining entries. Round the division
543 allocated_size += (substream.bytes_left - 1) / iter->pos->data_size + 1;
545 if (!allocate_field(&substream, iter->pData, iter->pos->data_size, allocated_size))
552 /* Decode the array entry */
553 pItem = *(char**)iter->pData + iter->pos->data_size * (*size);
554 initialize_pointer_field(pItem, iter);
555 if (!func(&substream, iter->pos, pItem))
561 if (*size == PB_SIZE_MAX)
564 stream->errmsg = "too many array entries";
572 pb_close_string_substream(stream, &substream);
578 /* Normal repeated field, i.e. only one item at a time. */
579 pb_size_t *size = (pb_size_t*)iter->pSize;
582 if (*size == PB_SIZE_MAX)
583 PB_RETURN_ERROR(stream, "too many array entries");
586 if (!allocate_field(stream, iter->pData, iter->pos->data_size, *size))
589 pItem = *(char**)iter->pData + iter->pos->data_size * (*size - 1);
590 initialize_pointer_field(pItem, iter);
591 return func(stream, iter->pos, pItem);
595 PB_RETURN_ERROR(stream, "invalid field type");
600 static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter)
602 pb_callback_t *pCallback = (pb_callback_t*)iter->pData;
604 #ifdef PB_OLD_CALLBACK_STYLE
605 void *arg = pCallback->arg;
607 void **arg = &(pCallback->arg);
610 if (pCallback->funcs.decode == NULL)
611 return pb_skip_field(stream, wire_type);
613 if (wire_type == PB_WT_STRING)
615 pb_istream_t substream;
617 if (!pb_make_string_substream(stream, &substream))
622 if (!pCallback->funcs.decode(&substream, iter->pos, arg))
623 PB_RETURN_ERROR(stream, "callback failed");
624 } while (substream.bytes_left);
626 pb_close_string_substream(stream, &substream);
631 /* Copy the single scalar value to stack.
632 * This is required so that we can limit the stream length,
633 * which in turn allows to use same callback for packed and
634 * not-packed fields. */
635 pb_istream_t substream;
636 pb_byte_t buffer[10];
637 size_t size = sizeof(buffer);
639 if (!read_raw_value(stream, wire_type, buffer, &size))
641 substream = pb_istream_from_buffer(buffer, size);
643 return pCallback->funcs.decode(&substream, iter->pos, arg);
647 static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter)
649 #ifdef PB_ENABLE_MALLOC
650 /* When decoding an oneof field, check if there is old data that must be
652 if (PB_HTYPE(iter->pos->type) == PB_HTYPE_ONEOF)
654 if (!pb_release_union_field(stream, iter))
659 switch (PB_ATYPE(iter->pos->type))
661 case PB_ATYPE_STATIC:
662 return decode_static_field(stream, wire_type, iter);
664 case PB_ATYPE_POINTER:
665 return decode_pointer_field(stream, wire_type, iter);
667 case PB_ATYPE_CALLBACK:
668 return decode_callback_field(stream, wire_type, iter);
671 PB_RETURN_ERROR(stream, "invalid field type");
675 static void iter_from_extension(pb_field_iter_t *iter, pb_extension_t *extension)
677 /* Fake a field iterator for the extension field.
678 * It is not actually safe to advance this iterator, but decode_field
679 * will not even try to. */
680 const pb_field_t *field = (const pb_field_t*)extension->type->arg;
681 (void)pb_field_iter_begin(iter, field, extension->dest);
682 iter->pData = extension->dest;
683 iter->pSize = &extension->found;
685 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER)
687 /* For pointer extensions, the pointer is stored directly
688 * in the extension structure. This avoids having an extra
690 iter->pData = &extension->dest;
694 /* Default handler for extension fields. Expects a pb_field_t structure
695 * in extension->type->arg. */
696 static bool checkreturn default_extension_decoder(pb_istream_t *stream,
697 pb_extension_t *extension, uint32_t tag, pb_wire_type_t wire_type)
699 const pb_field_t *field = (const pb_field_t*)extension->type->arg;
700 pb_field_iter_t iter;
702 if (field->tag != tag)
705 iter_from_extension(&iter, extension);
706 extension->found = true;
707 return decode_field(stream, wire_type, &iter);
710 /* Try to decode an unknown field as an extension field. Tries each extension
711 * decoder in turn, until one of them handles the field or loop ends. */
712 static bool checkreturn decode_extension(pb_istream_t *stream,
713 uint32_t tag, pb_wire_type_t wire_type, pb_field_iter_t *iter)
715 pb_extension_t *extension = *(pb_extension_t* const *)iter->pData;
716 size_t pos = stream->bytes_left;
718 while (extension != NULL && pos == stream->bytes_left)
721 if (extension->type->decode)
722 status = extension->type->decode(stream, extension, tag, wire_type);
724 status = default_extension_decoder(stream, extension, tag, wire_type);
729 extension = extension->next;
735 /* Step through the iterator until an extension field is found or until all
736 * entries have been checked. There can be only one extension field per
737 * message. Returns false if no extension field is found. */
738 static bool checkreturn find_extension_field(pb_field_iter_t *iter)
740 const pb_field_t *start = iter->pos;
743 if (PB_LTYPE(iter->pos->type) == PB_LTYPE_EXTENSION)
745 (void)pb_field_iter_next(iter);
746 } while (iter->pos != start);
751 /* Initialize message fields to default values, recursively */
752 static void pb_field_set_to_default(pb_field_iter_t *iter)
755 type = iter->pos->type;
757 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION)
759 pb_extension_t *ext = *(pb_extension_t* const *)iter->pData;
762 pb_field_iter_t ext_iter;
764 iter_from_extension(&ext_iter, ext);
765 pb_field_set_to_default(&ext_iter);
769 else if (PB_ATYPE(type) == PB_ATYPE_STATIC)
771 bool init_data = true;
772 if (PB_HTYPE(type) == PB_HTYPE_OPTIONAL)
774 /* Set has_field to false. Still initialize the optional field
776 *(bool*)iter->pSize = false;
778 else if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
779 PB_HTYPE(type) == PB_HTYPE_ONEOF)
781 /* REPEATED: Set array count to 0, no need to initialize contents.
782 ONEOF: Set which_field to 0. */
783 *(pb_size_t*)iter->pSize = 0;
789 if (PB_LTYPE(iter->pos->type) == PB_LTYPE_SUBMESSAGE)
791 /* Initialize submessage to defaults */
792 pb_message_set_to_defaults((const pb_field_t *) iter->pos->ptr, iter->pData);
794 else if (iter->pos->ptr != NULL)
796 /* Initialize to default value */
797 memcpy(iter->pData, iter->pos->ptr, iter->pos->data_size);
801 /* Initialize to zeros */
802 memset(iter->pData, 0, iter->pos->data_size);
806 else if (PB_ATYPE(type) == PB_ATYPE_POINTER)
808 /* Initialize the pointer to NULL. */
809 *(void**)iter->pData = NULL;
811 /* Initialize array count to 0. */
812 if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
813 PB_HTYPE(type) == PB_HTYPE_ONEOF)
815 *(pb_size_t*)iter->pSize = 0;
818 else if (PB_ATYPE(type) == PB_ATYPE_CALLBACK)
820 /* Don't overwrite callback */
824 static void pb_message_set_to_defaults(const pb_field_t fields[], void *dest_struct)
826 pb_field_iter_t iter;
828 if (!pb_field_iter_begin(&iter, fields, dest_struct))
829 return; /* Empty message type */
833 pb_field_set_to_default(&iter);
834 } while (pb_field_iter_next(&iter));
837 /*********************
838 * Decode all fields *
839 *********************/
841 bool checkreturn pb_decode_noinit(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct)
843 uint32_t fields_seen[(PB_MAX_REQUIRED_FIELDS + 31) / 32] = {0, 0};
844 const uint32_t allbits = ~(uint32_t)0;
845 uint32_t extension_range_start = 0;
846 pb_field_iter_t iter;
848 /* Return value ignored, as empty message types will be correctly handled by
849 * pb_field_iter_find() anyway. */
850 (void)pb_field_iter_begin(&iter, fields, dest_struct);
852 while (stream->bytes_left)
855 pb_wire_type_t wire_type;
858 if (!pb_decode_tag(stream, &wire_type, &tag, &eof))
866 if (!pb_field_iter_find(&iter, tag))
868 /* No match found, check if it matches an extension. */
869 if (tag >= extension_range_start)
871 if (!find_extension_field(&iter))
872 extension_range_start = (uint32_t)-1;
874 extension_range_start = iter.pos->tag;
876 if (tag >= extension_range_start)
878 size_t pos = stream->bytes_left;
880 if (!decode_extension(stream, tag, wire_type, &iter))
883 if (pos != stream->bytes_left)
885 /* The field was handled */
891 /* No match found, skip data */
892 if (!pb_skip_field(stream, wire_type))
897 if (PB_HTYPE(iter.pos->type) == PB_HTYPE_REQUIRED
898 && iter.required_field_index < PB_MAX_REQUIRED_FIELDS)
900 uint32_t tmp = ((uint32_t)1 << (iter.required_field_index & 31));
901 fields_seen[iter.required_field_index >> 5] |= tmp;
904 if (!decode_field(stream, wire_type, &iter))
908 /* Check that all required fields were present. */
910 /* First figure out the number of required fields by
911 * seeking to the end of the field array. Usually we
912 * are already close to end after decoding.
914 unsigned req_field_count;
918 req_field_count = iter.required_field_index;
919 last_type = iter.pos->type;
920 } while (pb_field_iter_next(&iter));
922 /* Fixup if last field was also required. */
923 if (PB_HTYPE(last_type) == PB_HTYPE_REQUIRED && iter.pos->tag != 0)
926 if (req_field_count > 0)
928 /* Check the whole words */
929 for (i = 0; i < (req_field_count >> 5); i++)
931 if (fields_seen[i] != allbits)
932 PB_RETURN_ERROR(stream, "missing required field");
935 /* Check the remaining bits */
936 if (fields_seen[req_field_count >> 5] != (allbits >> (32 - (req_field_count & 31))))
937 PB_RETURN_ERROR(stream, "missing required field");
944 bool checkreturn pb_decode(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct)
947 pb_message_set_to_defaults(fields, dest_struct);
948 status = pb_decode_noinit(stream, fields, dest_struct);
950 #ifdef PB_ENABLE_MALLOC
952 pb_release(fields, dest_struct);
958 bool pb_decode_delimited(pb_istream_t *stream, const pb_field_t fields[], void *dest_struct)
960 pb_istream_t substream;
963 if (!pb_make_string_substream(stream, &substream))
966 status = pb_decode(&substream, fields, dest_struct);
967 pb_close_string_substream(stream, &substream);
971 #ifdef PB_ENABLE_MALLOC
972 /* Given an oneof field, if there has already been a field inside this oneof,
973 * release it before overwriting with a different one. */
974 static bool pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *iter)
976 pb_size_t old_tag = *(pb_size_t*)iter->pSize; /* Previous which_ value */
977 pb_size_t new_tag = iter->pos->tag; /* New which_ value */
980 return true; /* Ok, no old data in union */
982 if (old_tag == new_tag)
983 return true; /* Ok, old data is of same type => merge */
985 /* Release old data. The find can fail if the message struct contains
987 if (!pb_field_iter_find(iter, old_tag))
988 PB_RETURN_ERROR(stream, "invalid union tag");
990 pb_release_single_field(iter);
992 /* Restore iterator to where it should be.
993 * This shouldn't fail unless the pb_field_t structure is corrupted. */
994 if (!pb_field_iter_find(iter, new_tag))
995 PB_RETURN_ERROR(stream, "iterator error");
1000 static void pb_release_single_field(const pb_field_iter_t *iter)
1003 type = iter->pos->type;
1005 if (PB_HTYPE(type) == PB_HTYPE_ONEOF)
1007 if (*(pb_size_t*)iter->pSize != iter->pos->tag)
1008 return; /* This is not the current field in the union */
1011 /* Release anything contained inside an extension or submsg.
1012 * This has to be done even if the submsg itself is statically
1014 if (PB_LTYPE(type) == PB_LTYPE_EXTENSION)
1016 /* Release fields from all extensions in the linked list */
1017 pb_extension_t *ext = *(pb_extension_t**)iter->pData;
1020 pb_field_iter_t ext_iter;
1021 iter_from_extension(&ext_iter, ext);
1022 pb_release_single_field(&ext_iter);
1026 else if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE)
1028 /* Release fields in submessage or submsg array */
1029 void *pItem = iter->pData;
1030 pb_size_t count = 1;
1032 if (PB_ATYPE(type) == PB_ATYPE_POINTER)
1034 pItem = *(void**)iter->pData;
1037 if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
1039 count = *(pb_size_t*)iter->pSize;
1041 if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > iter->pos->array_size)
1043 /* Protect against corrupted _count fields */
1044 count = iter->pos->array_size;
1052 pb_release((const pb_field_t*)iter->pos->ptr, pItem);
1053 pItem = (char*)pItem + iter->pos->data_size;
1058 if (PB_ATYPE(type) == PB_ATYPE_POINTER)
1060 if (PB_HTYPE(type) == PB_HTYPE_REPEATED &&
1061 (PB_LTYPE(type) == PB_LTYPE_STRING ||
1062 PB_LTYPE(type) == PB_LTYPE_BYTES))
1064 /* Release entries in repeated string or bytes array */
1065 void **pItem = *(void***)iter->pData;
1066 pb_size_t count = *(pb_size_t*)iter->pSize;
1074 if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
1076 /* We are going to release the array, so set the size to 0 */
1077 *(pb_size_t*)iter->pSize = 0;
1080 /* Release main item */
1081 pb_free(*(void**)iter->pData);
1082 *(void**)iter->pData = NULL;
1086 void pb_release(const pb_field_t fields[], void *dest_struct)
1088 pb_field_iter_t iter;
1091 return; /* Ignore NULL pointers, similar to free() */
1093 if (!pb_field_iter_begin(&iter, fields, dest_struct))
1094 return; /* Empty message type */
1098 pb_release_single_field(&iter);
1099 } while (pb_field_iter_next(&iter));
1103 /* Field decoders */
1105 bool pb_decode_svarint(pb_istream_t *stream, int64_t *dest)
1108 if (!pb_decode_varint(stream, &value))
1112 *dest = (int64_t)(~(value >> 1));
1114 *dest = (int64_t)(value >> 1);
1119 bool pb_decode_fixed32(pb_istream_t *stream, void *dest)
1123 if (!pb_read(stream, bytes, 4))
1126 *(uint32_t*)dest = ((uint32_t)bytes[0] << 0) |
1127 ((uint32_t)bytes[1] << 8) |
1128 ((uint32_t)bytes[2] << 16) |
1129 ((uint32_t)bytes[3] << 24);
1133 bool pb_decode_fixed64(pb_istream_t *stream, void *dest)
1137 if (!pb_read(stream, bytes, 8))
1140 *(uint64_t*)dest = ((uint64_t)bytes[0] << 0) |
1141 ((uint64_t)bytes[1] << 8) |
1142 ((uint64_t)bytes[2] << 16) |
1143 ((uint64_t)bytes[3] << 24) |
1144 ((uint64_t)bytes[4] << 32) |
1145 ((uint64_t)bytes[5] << 40) |
1146 ((uint64_t)bytes[6] << 48) |
1147 ((uint64_t)bytes[7] << 56);
1152 static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_t *field, void *dest)
1157 if (!pb_decode_varint(stream, &value))
1160 /* See issue 97: Google's C++ protobuf allows negative varint values to
1161 * be cast as int32_t, instead of the int64_t that should be used when
1162 * encoding. Previous nanopb versions had a bug in encoding. In order to
1163 * not break decoding of such messages, we cast <=32 bit fields to
1164 * int32_t first to get the sign correct.
1166 if (field->data_size == sizeof(int64_t))
1167 svalue = (int64_t)value;
1169 svalue = (int32_t)value;
1171 /* Cast to the proper field size, while checking for overflows */
1172 if (field->data_size == sizeof(int64_t))
1173 clamped = *(int64_t*)dest = svalue;
1174 else if (field->data_size == sizeof(int32_t))
1175 clamped = *(int32_t*)dest = (int32_t)svalue;
1176 else if (field->data_size == sizeof(int_least16_t))
1177 clamped = *(int_least16_t*)dest = (int_least16_t)svalue;
1178 else if (field->data_size == sizeof(int_least8_t))
1179 clamped = *(int_least8_t*)dest = (int_least8_t)svalue;
1181 PB_RETURN_ERROR(stream, "invalid data_size");
1183 if (clamped != svalue)
1184 PB_RETURN_ERROR(stream, "integer too large");
1189 static bool checkreturn pb_dec_uvarint(pb_istream_t *stream, const pb_field_t *field, void *dest)
1191 uint64_t value, clamped;
1192 if (!pb_decode_varint(stream, &value))
1195 /* Cast to the proper field size, while checking for overflows */
1196 if (field->data_size == sizeof(uint64_t))
1197 clamped = *(uint64_t*)dest = value;
1198 else if (field->data_size == sizeof(uint32_t))
1199 clamped = *(uint32_t*)dest = (uint32_t)value;
1200 else if (field->data_size == sizeof(uint_least16_t))
1201 clamped = *(uint_least16_t*)dest = (uint_least16_t)value;
1202 else if (field->data_size == sizeof(uint_least8_t))
1203 clamped = *(uint_least8_t*)dest = (uint_least8_t)value;
1205 PB_RETURN_ERROR(stream, "invalid data_size");
1207 if (clamped != value)
1208 PB_RETURN_ERROR(stream, "integer too large");
1213 static bool checkreturn pb_dec_svarint(pb_istream_t *stream, const pb_field_t *field, void *dest)
1215 int64_t value, clamped;
1216 if (!pb_decode_svarint(stream, &value))
1219 /* Cast to the proper field size, while checking for overflows */
1220 if (field->data_size == sizeof(int64_t))
1221 clamped = *(int64_t*)dest = value;
1222 else if (field->data_size == sizeof(int32_t))
1223 clamped = *(int32_t*)dest = (int32_t)value;
1224 else if (field->data_size == sizeof(int_least16_t))
1225 clamped = *(int_least16_t*)dest = (int_least16_t)value;
1226 else if (field->data_size == sizeof(int_least8_t))
1227 clamped = *(int_least8_t*)dest = (int_least8_t)value;
1229 PB_RETURN_ERROR(stream, "invalid data_size");
1231 if (clamped != value)
1232 PB_RETURN_ERROR(stream, "integer too large");
1237 static bool checkreturn pb_dec_fixed32(pb_istream_t *stream, const pb_field_t *field, void *dest)
1240 return pb_decode_fixed32(stream, dest);
1243 static bool checkreturn pb_dec_fixed64(pb_istream_t *stream, const pb_field_t *field, void *dest)
1246 return pb_decode_fixed64(stream, dest);
1249 static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest)
1253 pb_bytes_array_t *bdest;
1255 if (!pb_decode_varint32(stream, &size))
1258 if (size > PB_SIZE_MAX)
1259 PB_RETURN_ERROR(stream, "bytes overflow");
1261 alloc_size = PB_BYTES_ARRAY_T_ALLOCSIZE(size);
1262 if (size > alloc_size)
1263 PB_RETURN_ERROR(stream, "size too large");
1265 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER)
1267 #ifndef PB_ENABLE_MALLOC
1268 PB_RETURN_ERROR(stream, "no malloc support");
1270 if (!allocate_field(stream, dest, alloc_size, 1))
1272 bdest = *(pb_bytes_array_t**)dest;
1277 if (PB_LTYPE(field->type) == PB_LTYPE_FIXED_LENGTH_BYTES) {
1278 if (size != field->data_size)
1279 PB_RETURN_ERROR(stream, "incorrect inline bytes size");
1280 return pb_read(stream, (pb_byte_t*)dest, field->data_size);
1283 if (alloc_size > field->data_size)
1284 PB_RETURN_ERROR(stream, "bytes overflow");
1285 bdest = (pb_bytes_array_t*)dest;
1288 bdest->size = (pb_size_t)size;
1289 return pb_read(stream, bdest->bytes, size);
1292 static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_t *field, void *dest)
1297 if (!pb_decode_varint32(stream, &size))
1300 /* Space for null terminator */
1301 alloc_size = size + 1;
1303 if (alloc_size < size)
1304 PB_RETURN_ERROR(stream, "size too large");
1306 if (PB_ATYPE(field->type) == PB_ATYPE_POINTER)
1308 #ifndef PB_ENABLE_MALLOC
1309 PB_RETURN_ERROR(stream, "no malloc support");
1311 if (!allocate_field(stream, dest, alloc_size, 1))
1313 dest = *(void**)dest;
1318 if (alloc_size > field->data_size)
1319 PB_RETURN_ERROR(stream, "string overflow");
1322 status = pb_read(stream, (pb_byte_t*)dest, size);
1323 *((pb_byte_t*)dest + size) = 0;
1327 static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_t *field, void *dest)
1330 pb_istream_t substream;
1331 const pb_field_t* submsg_fields = (const pb_field_t*)field->ptr;
1333 if (!pb_make_string_substream(stream, &substream))
1336 if (field->ptr == NULL)
1337 PB_RETURN_ERROR(stream, "invalid field descriptor");
1339 /* New array entries need to be initialized, while required and optional
1340 * submessages have already been initialized in the top-level pb_decode. */
1341 if (PB_HTYPE(field->type) == PB_HTYPE_REPEATED)
1342 status = pb_decode(&substream, submsg_fields, dest);
1344 status = pb_decode_noinit(&substream, submsg_fields, dest);
1346 pb_close_string_substream(stream, &substream);
Code Review / apps / agl-service-can-low-level.git / blob