#ifdef PB_ENABLE_MALLOC
static bool checkreturn allocate_field(pb_istream_t *stream, void *pData, size_t data_size, size_t array_size);
+static bool checkreturn pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *iter);
static void pb_release_single_field(const pb_field_iter_t *iter);
#endif
static bool checkreturn buf_read(pb_istream_t *stream, uint8_t *buf, size_t count)
{
- uint8_t *source = (uint8_t*)stream->state;
- stream->state = source + count;
+ const uint8_t *source = (const uint8_t*)stream->state;
+ stream->state = (uint8_t*)stream->state + count;
if (buf != NULL)
{
if (!stream->callback(stream, buf, 1))
PB_RETURN_ERROR(stream, "io error");
#else
- *buf = *(uint8_t*)stream->state;
+ *buf = *(const uint8_t*)stream->state;
stream->state = (uint8_t*)stream->state + 1;
#endif
return true;
}
-pb_istream_t pb_istream_from_buffer(uint8_t *buf, size_t bufsize)
+pb_istream_t pb_istream_from_buffer(const uint8_t *buf, size_t bufsize)
{
pb_istream_t stream;
+ /* Cast away the const from buf without a compiler error. We are
+ * careful to use it only in a const manner in the callbacks.
+ */
+ union {
+ void *state;
+ const void *c_state;
+ } state;
#ifdef PB_BUFFER_ONLY
stream.callback = NULL;
#else
stream.callback = &buf_read;
#endif
- stream.state = buf;
+ state.c_state = buf;
+ stream.state = state.state;
stream.bytes_left = bufsize;
#ifndef PB_NO_ERRMSG
stream.errmsg = NULL;
return func(stream, iter->pos, pItem);
}
+ case PB_HTYPE_ONEOF:
+ *(pb_size_t*)iter->pSize = iter->pos->tag;
+ if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE)
+ {
+ /* We memset to zero so that any callbacks are set to NULL.
+ * Then set any default values. */
+ memset(iter->pData, 0, iter->pos->data_size);
+ pb_message_set_to_defaults((const pb_field_t*)iter->pos->ptr, iter->pData);
+ }
+ return func(stream, iter->pos, iter->pData);
+
default:
PB_RETURN_ERROR(stream, "invalid field type");
}
{
case PB_HTYPE_REQUIRED:
case PB_HTYPE_OPTIONAL:
+ case PB_HTYPE_ONEOF:
if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE &&
*(void**)iter->pData != NULL)
{
pb_release_single_field(iter);
}
+ if (PB_HTYPE(type) == PB_HTYPE_ONEOF)
+ {
+ *(pb_size_t*)iter->pSize = iter->pos->tag;
+ }
+
if (PB_LTYPE(type) == PB_LTYPE_STRING ||
PB_LTYPE(type) == PB_LTYPE_BYTES)
{
initialize_pointer_field(pItem, iter);
return func(stream, iter->pos, pItem);
}
-
+
default:
PB_RETURN_ERROR(stream, "invalid field type");
}
static bool checkreturn decode_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter)
{
+#ifdef PB_ENABLE_MALLOC
+ /* When decoding an oneof field, check if there is old data that must be
+ * released first. */
+ if (PB_HTYPE(iter->pos->type) == PB_HTYPE_ONEOF)
+ {
+ if (!pb_release_union_field(stream, iter))
+ return false;
+ }
+#endif
+
switch (PB_ATYPE(iter->pos->type))
{
case PB_ATYPE_STATIC:
* itself also. */
*(bool*)iter->pSize = false;
}
- else if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
+ else if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
+ PB_HTYPE(type) == PB_HTYPE_ONEOF)
{
- /* Set array count to 0, no need to initialize contents. */
+ /* REPEATED: Set array count to 0, no need to initialize contents.
+ ONEOF: Set which_field to 0. */
*(pb_size_t*)iter->pSize = 0;
init_data = false;
}
-
+
if (init_data)
{
if (PB_LTYPE(iter->pos->type) == PB_LTYPE_SUBMESSAGE)
*(void**)iter->pData = NULL;
/* Initialize array count to 0. */
- if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
+ if (PB_HTYPE(type) == PB_HTYPE_REPEATED ||
+ PB_HTYPE(type) == PB_HTYPE_ONEOF)
{
*(pb_size_t*)iter->pSize = 0;
}
if (PB_HTYPE(iter.pos->type) == PB_HTYPE_REQUIRED
&& iter.required_field_index < PB_MAX_REQUIRED_FIELDS)
{
- fields_seen[iter.required_field_index >> 3] |= (uint8_t)(1 << (iter.required_field_index & 7));
+ uint8_t tmp = (uint8_t)(1 << (iter.required_field_index & 7));
+ fields_seen[iter.required_field_index >> 3] |= tmp;
}
if (!decode_field(stream, wire_type, &iter))
}
#ifdef PB_ENABLE_MALLOC
+/* Given an oneof field, if there has already been a field inside this oneof,
+ * release it before overwriting with a different one. */
+static bool pb_release_union_field(pb_istream_t *stream, pb_field_iter_t *iter)
+{
+ pb_size_t old_tag = *(pb_size_t*)iter->pSize; /* Previous which_ value */
+ pb_size_t new_tag = iter->pos->tag; /* New which_ value */
+
+ if (old_tag == 0)
+ return true; /* Ok, no old data in union */
+
+ if (old_tag == new_tag)
+ return true; /* Ok, old data is of same type => merge */
+
+ /* Release old data. The find can fail if the message struct contains
+ * invalid data. */
+ if (!pb_field_iter_find(iter, old_tag))
+ PB_RETURN_ERROR(stream, "invalid union tag");
+
+ pb_release_single_field(iter);
+
+ /* Restore iterator to where it should be.
+ * This shouldn't fail unless the pb_field_t structure is corrupted. */
+ if (!pb_field_iter_find(iter, new_tag))
+ PB_RETURN_ERROR(stream, "iterator error");
+
+ return true;
+}
+
static void pb_release_single_field(const pb_field_iter_t *iter)
{
pb_type_t type;
type = iter->pos->type;
+ if (PB_HTYPE(type) == PB_HTYPE_ONEOF)
+ {
+ if (*(pb_size_t*)iter->pSize != iter->pos->tag)
+ return; /* This is not the current field in the union */
+ }
+
+ /* Release anything contained inside an extension or submsg.
+ * This has to be done even if the submsg itself is statically
+ * allocated. */
+ if (PB_LTYPE(type) == PB_LTYPE_EXTENSION)
+ {
+ /* Release fields from all extensions in the linked list */
+ pb_extension_t *ext = *(pb_extension_t**)iter->pData;
+ while (ext != NULL)
+ {
+ pb_field_iter_t ext_iter;
+ iter_from_extension(&ext_iter, ext);
+ pb_release_single_field(&ext_iter);
+ ext = ext->next;
+ }
+ }
+ else if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE)
+ {
+ /* Release fields in submessage or submsg array */
+ void *pItem = iter->pData;
+ pb_size_t count = 1;
+
+ if (PB_ATYPE(type) == PB_ATYPE_POINTER)
+ {
+ pItem = *(void**)iter->pData;
+ }
+
+ if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
+ {
+ count = *(pb_size_t*)iter->pSize;
+ }
+
+ if (pItem)
+ {
+ while (count--)
+ {
+ pb_release((const pb_field_t*)iter->pos->ptr, pItem);
+ pItem = (uint8_t*)pItem + iter->pos->data_size;
+ }
+ }
+ }
+
if (PB_ATYPE(type) == PB_ATYPE_POINTER)
{
if (PB_HTYPE(type) == PB_HTYPE_REPEATED &&
pb_free(*pItem);
*pItem++ = NULL;
}
- *(pb_size_t*)iter->pSize = 0;
}
- else if (PB_LTYPE(type) == PB_LTYPE_SUBMESSAGE)
+
+ if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
{
- /* Release fields in submessages */
- void *pItem = *(void**)iter->pData;
- if (pItem)
- {
- pb_size_t count = 1;
-
- if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
- {
- count = *(pb_size_t*)iter->pSize;
- *(pb_size_t*)iter->pSize = 0;
- }
-
- while (count--)
- {
- pb_release((const pb_field_t*)iter->pos->ptr, pItem);
- pItem = (uint8_t*)pItem + iter->pos->data_size;
- }
- }
+ /* We are going to release the array, so set the size to 0 */
+ *(pb_size_t*)iter->pSize = 0;
}
/* Release main item */
{
pb_field_iter_t iter;
+ if (!dest_struct)
+ return; /* Ignore NULL pointers, similar to free() */
+
if (!pb_field_iter_begin(&iter, fields, dest_struct))
return; /* Empty message type */
static bool checkreturn pb_dec_varint(pb_istream_t *stream, const pb_field_t *field, void *dest)
{
uint64_t value;
+ int64_t svalue;
+ int64_t clamped;
if (!pb_decode_varint(stream, &value))
return false;
+ /* See issue 97: Google's C++ protobuf allows negative varint values to
+ * be cast as int32_t, instead of the int64_t that should be used when
+ * encoding. Previous nanopb versions had a bug in encoding. In order to
+ * not break decoding of such messages, we cast <=32 bit fields to
+ * int32_t first to get the sign correct.
+ */
+ if (field->data_size == 8)
+ svalue = (int64_t)value;
+ else
+ svalue = (int32_t)value;
+
switch (field->data_size)
{
- case 1: *(int8_t*)dest = (int8_t)value; break;
- case 2: *(int16_t*)dest = (int16_t)value; break;
- case 4: *(int32_t*)dest = (int32_t)value; break;
- case 8: *(int64_t*)dest = (int64_t)value; break;
+ case 1: clamped = *(int8_t*)dest = (int8_t)svalue; break;
+ case 2: clamped = *(int16_t*)dest = (int16_t)svalue; break;
+ case 4: clamped = *(int32_t*)dest = (int32_t)svalue; break;
+ case 8: clamped = *(int64_t*)dest = svalue; break;
default: PB_RETURN_ERROR(stream, "invalid data_size");
}
+
+ if (clamped != svalue)
+ PB_RETURN_ERROR(stream, "integer too large");
return true;
}
static bool checkreturn pb_dec_uvarint(pb_istream_t *stream, const pb_field_t *field, void *dest)
{
- uint64_t value;
+ uint64_t value, clamped;
if (!pb_decode_varint(stream, &value))
return false;
switch (field->data_size)
{
- case 4: *(uint32_t*)dest = (uint32_t)value; break;
- case 8: *(uint64_t*)dest = value; break;
+ case 1: clamped = *(uint8_t*)dest = (uint8_t)value; break;
+ case 2: clamped = *(uint16_t*)dest = (uint16_t)value; break;
+ case 4: clamped = *(uint32_t*)dest = (uint32_t)value; break;
+ case 8: clamped = *(uint64_t*)dest = value; break;
default: PB_RETURN_ERROR(stream, "invalid data_size");
}
+ if (clamped != value)
+ PB_RETURN_ERROR(stream, "integer too large");
+
return true;
}
static bool checkreturn pb_dec_svarint(pb_istream_t *stream, const pb_field_t *field, void *dest)
{
- int64_t value;
+ int64_t value, clamped;
if (!pb_decode_svarint(stream, &value))
return false;
switch (field->data_size)
{
- case 4: *(int32_t*)dest = (int32_t)value; break;
- case 8: *(int64_t*)dest = value; break;
+ case 1: clamped = *(int8_t*)dest = (int8_t)value; break;
+ case 2: clamped = *(int16_t*)dest = (int16_t)value; break;
+ case 4: clamped = *(int32_t*)dest = (int32_t)value; break;
+ case 8: clamped = *(int64_t*)dest = value; break;
default: PB_RETURN_ERROR(stream, "invalid data_size");
}
+
+ if (clamped != value)
+ PB_RETURN_ERROR(stream, "integer too large");
return true;
}