typedef bool (*pb_decoder_t)(pb_istream_t *stream, const pb_field_t *field, void *dest) checkreturn;
static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count);
-static bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest);
static bool checkreturn read_raw_value(pb_istream_t *stream, pb_wire_type_t wire_type, pb_byte_t *buf, size_t *size);
static bool checkreturn decode_static_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter);
static bool checkreturn decode_callback_field(pb_istream_t *stream, pb_wire_type_t wire_type, pb_field_iter_t *iter);
static bool checkreturn pb_dec_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest);
static bool checkreturn pb_dec_string(pb_istream_t *stream, const pb_field_t *field, void *dest);
static bool checkreturn pb_dec_submessage(pb_istream_t *stream, const pb_field_t *field, void *dest);
+static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest);
static bool checkreturn pb_skip_varint(pb_istream_t *stream);
static bool checkreturn pb_skip_string(pb_istream_t *stream);
&pb_dec_bytes,
&pb_dec_string,
&pb_dec_submessage,
- NULL /* extensions */
+ NULL, /* extensions */
+ &pb_dec_fixed_length_bytes
};
/*******************************
static bool checkreturn buf_read(pb_istream_t *stream, pb_byte_t *buf, size_t count)
{
+ size_t i;
const pb_byte_t *source = (const pb_byte_t*)stream->state;
stream->state = (pb_byte_t*)stream->state + count;
if (buf != NULL)
{
- while (count--)
- *buf++ = *source++;
+ for (i = 0; i < count; i++)
+ buf[i] = source[i];
}
return true;
* Helper functions *
********************/
-static bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest)
+bool checkreturn pb_decode_varint32(pb_istream_t *stream, uint32_t *dest)
{
pb_byte_t byte;
uint32_t result;
return true;
}
-void pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream)
+bool checkreturn pb_close_string_substream(pb_istream_t *stream, pb_istream_t *substream)
{
+ if (substream->bytes_left) {
+ if (!pb_read(substream, NULL, substream->bytes_left))
+ return false;
+ }
+
stream->state = substream->state;
#ifndef PB_NO_ERRMSG
stream->errmsg = substream->errmsg;
#endif
+ return true;
}
/*************************
return func(stream, iter->pos, iter->pData);
case PB_HTYPE_OPTIONAL:
- *(bool*)iter->pSize = true;
+ if (iter->pSize != iter->pData)
+ *(bool*)iter->pSize = true;
return func(stream, iter->pos, iter->pData);
case PB_HTYPE_REPEATED:
}
(*size)++;
}
- pb_close_string_substream(stream, &substream);
-
+
if (substream.bytes_left != 0)
PB_RETURN_ERROR(stream, "array overflow");
-
+ if (!pb_close_string_substream(stream, &substream))
+ return false;
+
return status;
}
else
(*size)++;
}
- pb_close_string_substream(stream, &substream);
+ if (!pb_close_string_substream(stream, &substream))
+ return false;
return status;
}
PB_RETURN_ERROR(stream, "callback failed");
} while (substream.bytes_left);
- pb_close_string_substream(stream, &substream);
+ if (!pb_close_string_substream(stream, &substream))
+ return false;
+
return true;
}
else
return false;
status = pb_decode(&substream, fields, dest_struct);
- pb_close_string_substream(stream, &substream);
+
+ if (!pb_close_string_substream(stream, &substream))
+ return false;
return status;
}
if (PB_HTYPE(type) == PB_HTYPE_REPEATED)
{
count = *(pb_size_t*)iter->pSize;
+
+ if (PB_ATYPE(type) == PB_ATYPE_STATIC && count > iter->pos->array_size)
+ {
+ /* Protect against corrupted _count fields */
+ count = iter->pos->array_size;
+ }
}
if (pItem)
* not break decoding of such messages, we cast <=32 bit fields to
* int32_t first to get the sign correct.
*/
- if (field->data_size == 8)
+ if (field->data_size == sizeof(int64_t))
svalue = (int64_t)value;
else
svalue = (int32_t)value;
- switch (field->data_size)
- {
- case 1: clamped = *(int8_t*)dest = (int8_t)svalue; break;
- case 2: clamped = *(int16_t*)dest = (int16_t)svalue; break;
- case 4: clamped = *(int32_t*)dest = (int32_t)svalue; break;
- case 8: clamped = *(int64_t*)dest = svalue; break;
- default: PB_RETURN_ERROR(stream, "invalid data_size");
- }
+ /* Cast to the proper field size, while checking for overflows */
+ if (field->data_size == sizeof(int64_t))
+ clamped = *(int64_t*)dest = svalue;
+ else if (field->data_size == sizeof(int32_t))
+ clamped = *(int32_t*)dest = (int32_t)svalue;
+ else if (field->data_size == sizeof(int_least16_t))
+ clamped = *(int_least16_t*)dest = (int_least16_t)svalue;
+ else if (field->data_size == sizeof(int_least8_t))
+ clamped = *(int_least8_t*)dest = (int_least8_t)svalue;
+ else
+ PB_RETURN_ERROR(stream, "invalid data_size");
if (clamped != svalue)
PB_RETURN_ERROR(stream, "integer too large");
if (!pb_decode_varint(stream, &value))
return false;
- switch (field->data_size)
- {
- case 1: clamped = *(uint_least8_t*)dest = (uint_least8_t)value; break;
- case 2: clamped = *(uint_least16_t*)dest = (uint_least16_t)value; break;
- case 4: clamped = *(uint32_t*)dest = (uint32_t)value; break;
- case 8: clamped = *(uint64_t*)dest = value; break;
- default: PB_RETURN_ERROR(stream, "invalid data_size");
- }
+ /* Cast to the proper field size, while checking for overflows */
+ if (field->data_size == sizeof(uint64_t))
+ clamped = *(uint64_t*)dest = value;
+ else if (field->data_size == sizeof(uint32_t))
+ clamped = *(uint32_t*)dest = (uint32_t)value;
+ else if (field->data_size == sizeof(uint_least16_t))
+ clamped = *(uint_least16_t*)dest = (uint_least16_t)value;
+ else if (field->data_size == sizeof(uint_least8_t))
+ clamped = *(uint_least8_t*)dest = (uint_least8_t)value;
+ else
+ PB_RETURN_ERROR(stream, "invalid data_size");
if (clamped != value)
PB_RETURN_ERROR(stream, "integer too large");
if (!pb_decode_svarint(stream, &value))
return false;
- switch (field->data_size)
- {
- case 1: clamped = *(int_least8_t*)dest = (int_least8_t)value; break;
- case 2: clamped = *(int_least16_t*)dest = (int_least16_t)value; break;
- case 4: clamped = *(int32_t*)dest = (int32_t)value; break;
- case 8: clamped = *(int64_t*)dest = value; break;
- default: PB_RETURN_ERROR(stream, "invalid data_size");
- }
+ /* Cast to the proper field size, while checking for overflows */
+ if (field->data_size == sizeof(int64_t))
+ clamped = *(int64_t*)dest = value;
+ else if (field->data_size == sizeof(int32_t))
+ clamped = *(int32_t*)dest = (int32_t)value;
+ else if (field->data_size == sizeof(int_least16_t))
+ clamped = *(int_least16_t*)dest = (int_least16_t)value;
+ else if (field->data_size == sizeof(int_least8_t))
+ clamped = *(int_least8_t*)dest = (int_least8_t)value;
+ else
+ PB_RETURN_ERROR(stream, "invalid data_size");
if (clamped != value)
PB_RETURN_ERROR(stream, "integer too large");
else
status = pb_decode_noinit(&substream, submsg_fields, dest);
- pb_close_string_substream(stream, &substream);
+ if (!pb_close_string_substream(stream, &substream))
+ return false;
return status;
}
+
+static bool checkreturn pb_dec_fixed_length_bytes(pb_istream_t *stream, const pb_field_t *field, void *dest)
+{
+ uint32_t size;
+
+ if (!pb_decode_varint32(stream, &size))
+ return false;
+
+ if (size > PB_SIZE_MAX)
+ PB_RETURN_ERROR(stream, "bytes overflow");
+
+ if (size == 0)
+ {
+ /* As a special case, treat empty bytes string as all zeros for fixed_length_bytes. */
+ memset(dest, 0, field->data_size);
+ return true;
+ }
+
+ if (size != field->data_size)
+ PB_RETURN_ERROR(stream, "incorrect fixed length bytes size");
+
+ return pb_read(stream, (pb_byte_t*)dest, field->data_size);
+}