/proc/self/cwd/pw_protobuf/stream_decoder.cc
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2021 The Pigweed Authors |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not |
4 | | // use this file except in compliance with the License. You may obtain a copy of |
5 | | // the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
11 | | // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
12 | | // License for the specific language governing permissions and limitations under |
13 | | // the License. |
14 | | |
15 | | #include "pw_protobuf/stream_decoder.h" |
16 | | |
17 | | #include <algorithm> |
18 | | #include <cstdint> |
19 | | #include <cstring> |
20 | | #include <limits> |
21 | | #include <optional> |
22 | | |
23 | | #include "pw_assert/assert.h" |
24 | | #include "pw_assert/check.h" |
25 | | #include "pw_bytes/bit.h" |
26 | | #include "pw_containers/vector.h" |
27 | | #include "pw_function/function.h" |
28 | | #include "pw_protobuf/encoder.h" |
29 | | #include "pw_protobuf/internal/codegen.h" |
30 | | #include "pw_protobuf/wire_format.h" |
31 | | #include "pw_span/span.h" |
32 | | #include "pw_status/status.h" |
33 | | #include "pw_status/status_with_size.h" |
34 | | #include "pw_status/try.h" |
35 | | #include "pw_string/string.h" |
36 | | #include "pw_varint/stream.h" |
37 | | #include "pw_varint/varint.h" |
38 | | |
39 | | namespace pw::protobuf { |
40 | | |
41 | | using internal::VarintType; |
42 | | |
43 | 0 | Status StreamDecoder::BytesReader::DoSeek(ptrdiff_t offset, Whence origin) { |
44 | 0 | PW_TRY(status_); |
45 | 0 | if (!decoder_.reader_.seekable()) { |
46 | 0 | return Status::Unimplemented(); |
47 | 0 | } |
48 | | |
49 | 0 | ptrdiff_t absolute_position = std::numeric_limits<ptrdiff_t>::min(); |
50 | | |
51 | | // Convert from the position within the bytes field to the position within the |
52 | | // proto stream. |
53 | 0 | switch (origin) { |
54 | 0 | case Whence::kBeginning: |
55 | 0 | absolute_position = start_offset_ + offset; |
56 | 0 | break; |
57 | | |
58 | 0 | case Whence::kCurrent: |
59 | 0 | absolute_position = decoder_.position_ + offset; |
60 | 0 | break; |
61 | | |
62 | 0 | case Whence::kEnd: |
63 | 0 | absolute_position = end_offset_ + offset; |
64 | 0 | break; |
65 | 0 | } |
66 | | |
67 | 0 | if (absolute_position < 0) { |
68 | 0 | return Status::InvalidArgument(); |
69 | 0 | } |
70 | | |
71 | 0 | if (static_cast<size_t>(absolute_position) < start_offset_ || |
72 | 0 | static_cast<size_t>(absolute_position) > end_offset_) { |
73 | 0 | return Status::OutOfRange(); |
74 | 0 | } |
75 | | |
76 | 0 | PW_TRY(decoder_.reader_.Seek(absolute_position, Whence::kBeginning)); |
77 | 0 | decoder_.position_ = absolute_position; |
78 | 0 | return OkStatus(); |
79 | 0 | } |
80 | | |
81 | 0 | StatusWithSize StreamDecoder::BytesReader::DoRead(ByteSpan destination) { |
82 | 0 | if (!status_.ok()) { |
83 | 0 | return StatusWithSize(status_, 0); |
84 | 0 | } |
85 | | |
86 | 0 | if (decoder_.position_ >= end_offset_ || decoder_.position_ < start_offset_) { |
87 | 0 | return StatusWithSize::OutOfRange(); |
88 | 0 | } |
89 | | |
90 | | // Bound the read buffer to the size of the bytes field. |
91 | 0 | size_t max_length = end_offset_ - decoder_.position_; |
92 | 0 | if (destination.size() > max_length) { |
93 | 0 | destination = destination.first(max_length); |
94 | 0 | } |
95 | |
|
96 | 0 | Result<ByteSpan> result = decoder_.reader_.Read(destination); |
97 | 0 | if (!result.ok()) { |
98 | 0 | return StatusWithSize(result.status(), 0); |
99 | 0 | } |
100 | | |
101 | 0 | decoder_.position_ += result.value().size(); |
102 | 0 | return StatusWithSize(result.value().size()); |
103 | 0 | } |
104 | | |
105 | 5.54k | StreamDecoder::~StreamDecoder() { |
106 | 5.54k | if (parent_ != nullptr) { |
107 | 3.12k | parent_->CloseNestedDecoder(*this); |
108 | 3.12k | } else if (stream_bounds_.high < std::numeric_limits<size_t>::max()) { |
109 | 0 | if (status_.ok()) { |
110 | | // Advance the stream to the end of the bounds. |
111 | 0 | PW_CHECK(Advance(stream_bounds_.high).ok()); |
112 | 0 | } |
113 | 0 | } |
114 | 5.54k | } |
115 | | |
116 | 14.9k | Status StreamDecoder::Next() { |
117 | 14.9k | PW_CHECK(!nested_reader_open_, |
118 | 14.9k | "Cannot use parent decoder while a nested one is open"); |
119 | | |
120 | 14.9k | PW_TRY(status_); |
121 | | |
122 | 14.8k | if (!field_consumed_) { |
123 | 0 | PW_TRY(SkipField()); |
124 | 0 | } |
125 | | |
126 | 14.8k | if (position_ >= stream_bounds_.high) { |
127 | 1.52k | return Status::OutOfRange(); |
128 | 1.52k | } |
129 | | |
130 | 13.3k | status_ = ReadFieldKey(); |
131 | 13.3k | return status_; |
132 | 14.8k | } |
133 | | |
134 | 0 | StreamDecoder::BytesReader StreamDecoder::GetBytesReader() { |
135 | 0 | Status status = CheckOkToRead(WireType::kDelimited); |
136 | |
|
137 | 0 | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
138 | 0 | status.Update(Status::DataLoss()); |
139 | 0 | } |
140 | |
|
141 | 0 | nested_reader_open_ = true; |
142 | |
|
143 | 0 | if (!status.ok()) { |
144 | 0 | return BytesReader(*this, status); |
145 | 0 | } |
146 | | |
147 | 0 | size_t low = position_; |
148 | 0 | size_t high = low + delimited_field_size_; |
149 | |
|
150 | 0 | return BytesReader(*this, low, high); |
151 | 0 | } |
152 | | |
153 | 3.12k | StreamDecoder StreamDecoder::GetNestedDecoder() { |
154 | 3.12k | Status status = CheckOkToRead(WireType::kDelimited); |
155 | | |
156 | 3.12k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
157 | 35 | status.Update(Status::DataLoss()); |
158 | 35 | } |
159 | | |
160 | 3.12k | nested_reader_open_ = true; |
161 | | |
162 | 3.12k | if (!status.ok()) { |
163 | 65 | return StreamDecoder(reader_, this, status); |
164 | 65 | } |
165 | | |
166 | 3.06k | size_t low = position_; |
167 | 3.06k | size_t high = low + delimited_field_size_; |
168 | | |
169 | 3.06k | return StreamDecoder(reader_, this, low, high); |
170 | 3.12k | } |
171 | | |
172 | 2.99k | Status StreamDecoder::Advance(size_t end_position) { |
173 | 2.99k | if (reader_.seekable()) { |
174 | 2.99k | PW_TRY(reader_.Seek(end_position - position_, stream::Stream::kCurrent)); |
175 | 2.99k | position_ = end_position; |
176 | 2.99k | return OkStatus(); |
177 | 2.99k | } |
178 | | |
179 | 0 | while (position_ < end_position) { |
180 | 0 | std::byte b; |
181 | 0 | PW_TRY(reader_.Read(span(&b, 1))); |
182 | 0 | position_++; |
183 | 0 | } |
184 | 0 | return OkStatus(); |
185 | 0 | } |
186 | | |
187 | 0 | void StreamDecoder::CloseBytesReader(BytesReader& reader) { |
188 | 0 | status_ = reader.status_; |
189 | 0 | if (status_.ok()) { |
190 | | // Advance the stream to the end of the bytes field. |
191 | | // The BytesReader already updated our position_ field as bytes were read. |
192 | 0 | PW_CHECK(Advance(reader.end_offset_).ok()); |
193 | 0 | } |
194 | | |
195 | 0 | field_consumed_ = true; |
196 | 0 | nested_reader_open_ = false; |
197 | 0 | } |
198 | | |
199 | 3.12k | void StreamDecoder::CloseNestedDecoder(StreamDecoder& nested) { |
200 | 3.12k | PW_CHECK_PTR_EQ(nested.parent_, this); |
201 | | |
202 | 3.12k | nested.nested_reader_open_ = true; |
203 | 3.12k | nested.parent_ = nullptr; |
204 | | |
205 | 3.12k | status_ = nested.status_; |
206 | 3.12k | position_ = nested.position_; |
207 | 3.12k | if (status_.ok()) { |
208 | | // Advance the stream to the end of the nested message field. |
209 | 2.99k | PW_CHECK(Advance(nested.stream_bounds_.high).ok()); |
210 | 2.99k | } |
211 | | |
212 | 3.12k | field_consumed_ = true; |
213 | 3.12k | nested_reader_open_ = false; |
214 | 3.12k | } |
215 | | |
216 | 13.3k | Status StreamDecoder::ReadFieldKey() { |
217 | 13.3k | PW_DCHECK(field_consumed_); |
218 | | |
219 | 13.3k | uint64_t varint = 0; |
220 | 13.3k | PW_TRY_ASSIGN(size_t bytes_read, |
221 | 13.2k | varint::Read(reader_, &varint, RemainingBytes())); |
222 | 13.2k | position_ += bytes_read; |
223 | | |
224 | 13.2k | if (!FieldKey::IsValidKey(varint)) { |
225 | 142 | return Status::DataLoss(); |
226 | 142 | } |
227 | | |
228 | 13.1k | PW_DCHECK(varint <= std::numeric_limits<uint32_t>::max()); |
229 | 13.1k | current_field_ = FieldKey(static_cast<uint32_t>(varint)); |
230 | | |
231 | 13.1k | if (current_field_.wire_type() == WireType::kDelimited) { |
232 | | // Read the length varint of length-delimited fields immediately to simplify |
233 | | // later processing of the field. |
234 | 9.04k | StatusWithSize sws = varint::Read(reader_, &varint, RemainingBytes()); |
235 | 9.04k | position_ += sws.size(); |
236 | 9.04k | if (sws.IsOutOfRange()) { |
237 | | // Out of range indicates the end of the stream. As a value is expected |
238 | | // here, report it as a data loss and terminate the decode operation. |
239 | 29 | return Status::DataLoss(); |
240 | 29 | } |
241 | 9.01k | if (!sws.ok()) { |
242 | 3 | return sws.status(); |
243 | 3 | } |
244 | | |
245 | 9.00k | if (varint > std::numeric_limits<uint32_t>::max()) { |
246 | 65 | return Status::DataLoss(); |
247 | 65 | } |
248 | | |
249 | 8.94k | delimited_field_size_ = varint; |
250 | 8.94k | delimited_field_offset_ = position_; |
251 | 8.94k | } |
252 | | |
253 | 13.0k | field_consumed_ = false; |
254 | 13.0k | return OkStatus(); |
255 | 13.1k | } |
256 | | |
257 | 0 | Result<StreamDecoder::Bounds> StreamDecoder::GetLengthDelimitedPayloadBounds() { |
258 | 0 | PW_TRY(CheckOkToRead(WireType::kDelimited)); |
259 | 0 | return StreamDecoder::Bounds{delimited_field_offset_, |
260 | 0 | delimited_field_size_ + delimited_field_offset_}; |
261 | 0 | } |
262 | | |
263 | | // Consumes the current protobuf field, advancing the stream to the key of the |
264 | | // next field (if one exists). |
265 | 0 | Status StreamDecoder::SkipField() { |
266 | 0 | PW_DCHECK(!field_consumed_); |
267 | | |
268 | 0 | size_t bytes_to_skip = 0; |
269 | 0 | uint64_t value = 0; |
270 | |
|
271 | 0 | switch (current_field_.wire_type()) { |
272 | 0 | case WireType::kVarint: { |
273 | | // Consume the varint field; nothing more to skip afterward. |
274 | 0 | PW_TRY_ASSIGN(size_t bytes_read, |
275 | 0 | varint::Read(reader_, &value, RemainingBytes())); |
276 | 0 | position_ += bytes_read; |
277 | 0 | break; |
278 | 0 | } |
279 | 0 | case WireType::kDelimited: |
280 | 0 | bytes_to_skip = delimited_field_size_; |
281 | 0 | break; |
282 | | |
283 | 0 | case WireType::kFixed32: |
284 | 0 | bytes_to_skip = sizeof(uint32_t); |
285 | 0 | break; |
286 | | |
287 | 0 | case WireType::kFixed64: |
288 | 0 | bytes_to_skip = sizeof(uint64_t); |
289 | 0 | break; |
290 | 0 | } |
291 | | |
292 | 0 | if (bytes_to_skip > 0) { |
293 | | // Check if the stream has the field available. If not, report it as a |
294 | | // DATA_LOSS since the proto is invalid (as opposed to OUT_OF_BOUNDS if we |
295 | | // just tried to seek beyond the end). |
296 | 0 | if (reader_.ConservativeReadLimit() < bytes_to_skip) { |
297 | 0 | status_ = Status::DataLoss(); |
298 | 0 | return status_; |
299 | 0 | } |
300 | | |
301 | 0 | if (RemainingBytes() < bytes_to_skip) { |
302 | 0 | status_ = Status::DataLoss(); |
303 | 0 | return status_; |
304 | 0 | } |
305 | | |
306 | 0 | PW_TRY(Advance(position_ + bytes_to_skip)); |
307 | 0 | } |
308 | | |
309 | 0 | field_consumed_ = true; |
310 | 0 | return OkStatus(); |
311 | 0 | } |
312 | | |
313 | | Status StreamDecoder::ReadVarintField(span<std::byte> out, |
314 | 2.33k | VarintType decode_type) { |
315 | 2.33k | PW_CHECK(out.size() == sizeof(bool) || out.size() == sizeof(uint32_t) || |
316 | 2.33k | out.size() == sizeof(uint64_t), |
317 | 2.33k | "Protobuf varints must only be used with bool, int32_t, uint32_t, " |
318 | 2.33k | "int64_t, or uint64_t"); |
319 | 2.33k | PW_TRY(CheckOkToRead(WireType::kVarint)); |
320 | | |
321 | 2.29k | const StatusWithSize sws = ReadOneVarint(out, decode_type); |
322 | 2.29k | if (sws.status() != Status::DataLoss()) |
323 | 2.04k | field_consumed_ = true; |
324 | 2.29k | return sws.status(); |
325 | 2.33k | } |
326 | | |
327 | | StatusWithSize StreamDecoder::ReadOneVarint(span<std::byte> out, |
328 | 12.5k | VarintType decode_type) { |
329 | 12.5k | uint64_t value; |
330 | 12.5k | StatusWithSize sws = varint::Read(reader_, &value, RemainingBytes()); |
331 | 12.5k | position_ += sws.size(); |
332 | 12.5k | if (sws.IsOutOfRange()) { |
333 | | // Out of range indicates the end of the stream. As a value is expected |
334 | | // here, report it as a data loss and terminate the decode operation. |
335 | 66 | status_ = Status::DataLoss(); |
336 | 66 | return StatusWithSize(status_, sws.size()); |
337 | 66 | } |
338 | 12.5k | if (!sws.ok()) { |
339 | 365 | return sws; |
340 | 365 | } |
341 | | |
342 | 12.1k | if (out.size() == sizeof(uint64_t)) { |
343 | 8.33k | if (decode_type == VarintType::kUnsigned) { |
344 | 2.20k | std::memcpy(out.data(), &value, out.size()); |
345 | 6.12k | } else { |
346 | 6.12k | const int64_t signed_value = decode_type == VarintType::kZigZag |
347 | 6.12k | ? varint::ZigZagDecode(value) |
348 | 6.12k | : static_cast<int64_t>(value); |
349 | 6.12k | std::memcpy(out.data(), &signed_value, out.size()); |
350 | 6.12k | } |
351 | 8.33k | } else if (out.size() == sizeof(uint32_t)) { |
352 | 3.82k | if (decode_type == VarintType::kUnsigned) { |
353 | 1.21k | if (value > std::numeric_limits<uint32_t>::max()) { |
354 | 81 | return StatusWithSize(Status::FailedPrecondition(), sws.size()); |
355 | 81 | } |
356 | 1.13k | std::memcpy(out.data(), &value, out.size()); |
357 | 2.61k | } else { |
358 | 2.61k | const int64_t signed_value = decode_type == VarintType::kZigZag |
359 | 2.61k | ? varint::ZigZagDecode(value) |
360 | 2.61k | : static_cast<int64_t>(value); |
361 | 2.61k | if (signed_value > std::numeric_limits<int32_t>::max() || |
362 | 2.61k | signed_value < std::numeric_limits<int32_t>::min()) { |
363 | 110 | return StatusWithSize(Status::FailedPrecondition(), sws.size()); |
364 | 110 | } |
365 | 2.50k | std::memcpy(out.data(), &signed_value, out.size()); |
366 | 2.50k | } |
367 | 3.82k | } else if (out.size() == sizeof(bool)) { |
368 | 0 | PW_CHECK(decode_type == VarintType::kUnsigned, |
369 | 0 | "Protobuf bool can never be signed"); |
370 | 0 | std::memcpy(out.data(), &value, out.size()); |
371 | 0 | } |
372 | | |
373 | 11.9k | return sws; |
374 | 12.1k | } |
375 | | |
376 | 1.64k | Status StreamDecoder::ReadFixedField(span<std::byte> out) { |
377 | 1.64k | WireType expected_wire_type = |
378 | 1.64k | out.size() == sizeof(uint32_t) ? WireType::kFixed32 : WireType::kFixed64; |
379 | 1.64k | PW_TRY(CheckOkToRead(expected_wire_type)); |
380 | | |
381 | 1.61k | if (reader_.ConservativeReadLimit() < out.size()) { |
382 | 13 | status_ = Status::DataLoss(); |
383 | 13 | return status_; |
384 | 13 | } |
385 | | |
386 | 1.60k | if (RemainingBytes() < out.size()) { |
387 | 8 | status_ = Status::DataLoss(); |
388 | 8 | return status_; |
389 | 8 | } |
390 | | |
391 | 1.59k | PW_TRY(reader_.Read(out)); |
392 | 1.59k | position_ += out.size(); |
393 | 1.59k | field_consumed_ = true; |
394 | | |
395 | 1.59k | if (endian::native != endian::little) { |
396 | 0 | std::reverse(out.begin(), out.end()); |
397 | 0 | } |
398 | | |
399 | 1.59k | return OkStatus(); |
400 | 1.59k | } |
401 | | |
402 | 1.06k | StatusWithSize StreamDecoder::ReadDelimitedField(span<std::byte> out) { |
403 | 1.06k | if (Status status = CheckOkToRead(WireType::kDelimited); !status.ok()) { |
404 | 15 | return StatusWithSize(status, 0); |
405 | 15 | } |
406 | | |
407 | 1.04k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
408 | 35 | status_ = Status::DataLoss(); |
409 | 35 | return StatusWithSize(status_, 0); |
410 | 35 | } |
411 | | |
412 | 1.01k | if (out.size() < delimited_field_size_) { |
413 | | // Value can't fit into the provided buffer. Don't advance the cursor so |
414 | | // that the field can be re-read with a larger buffer or through the stream |
415 | | // API. |
416 | 33 | return StatusWithSize::ResourceExhausted(); |
417 | 33 | } |
418 | | |
419 | 980 | Result<ByteSpan> result = reader_.Read(out.first(delimited_field_size_)); |
420 | 980 | if (!result.ok()) { |
421 | 59 | return StatusWithSize(result.status(), 0); |
422 | 59 | } |
423 | | |
424 | 921 | position_ += result.value().size(); |
425 | 921 | field_consumed_ = true; |
426 | 921 | return StatusWithSize(result.value().size()); |
427 | 980 | } |
428 | | |
429 | | StatusWithSize StreamDecoder::ReadPackedFixedField(span<std::byte> out, |
430 | 2.61k | size_t elem_size) { |
431 | 2.61k | if (Status status = CheckOkToRead(WireType::kDelimited); !status.ok()) { |
432 | 25 | return StatusWithSize(status, 0); |
433 | 25 | } |
434 | | |
435 | 2.58k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
436 | 38 | status_ = Status::DataLoss(); |
437 | 38 | return StatusWithSize(status_, 0); |
438 | 38 | } |
439 | | |
440 | 2.54k | if (out.size() < delimited_field_size_) { |
441 | | // Value can't fit into the provided buffer. Don't advance the cursor so |
442 | | // that the field can be re-read with a larger buffer or through the stream |
443 | | // API. |
444 | 22 | return StatusWithSize::ResourceExhausted(); |
445 | 22 | } |
446 | | |
447 | 2.52k | Result<ByteSpan> result = reader_.Read(out.first(delimited_field_size_)); |
448 | 2.52k | if (!result.ok()) { |
449 | 136 | return StatusWithSize(result.status(), 0); |
450 | 136 | } |
451 | | |
452 | 2.39k | position_ += result.value().size(); |
453 | 2.39k | field_consumed_ = true; |
454 | | |
455 | | // Decode little-endian serialized packed fields. |
456 | 2.39k | if (endian::native != endian::little) { |
457 | 0 | for (auto out_start = out.begin(); out_start != out.end(); |
458 | 0 | out_start += elem_size) { |
459 | 0 | std::reverse(out_start, out_start + elem_size); |
460 | 0 | } |
461 | 0 | } |
462 | | |
463 | 2.39k | return StatusWithSize(result.value().size() / elem_size); |
464 | 2.52k | } |
465 | | |
466 | | StatusWithSize StreamDecoder::ReadPackedVarintField(span<std::byte> out, |
467 | | size_t elem_size, |
468 | 2.24k | VarintType decode_type) { |
469 | 2.24k | PW_CHECK(elem_size == sizeof(bool) || elem_size == sizeof(uint32_t) || |
470 | 2.24k | elem_size == sizeof(uint64_t), |
471 | 2.24k | "Protobuf varints must only be used with bool, int32_t, uint32_t, " |
472 | 2.24k | "int64_t, or uint64_t"); |
473 | | |
474 | 2.24k | if (Status status = CheckOkToRead(WireType::kDelimited); !status.ok()) { |
475 | 53 | return StatusWithSize(status, 0); |
476 | 53 | } |
477 | | |
478 | 2.19k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
479 | 41 | status_ = Status::DataLoss(); |
480 | 41 | return StatusWithSize(status_, 0); |
481 | 41 | } |
482 | | |
483 | 2.15k | size_t bytes_read = 0; |
484 | 2.15k | size_t number_out = 0; |
485 | 12.0k | while (bytes_read < delimited_field_size_ && !out.empty()) { |
486 | 10.2k | const StatusWithSize sws = ReadOneVarint(out.first(elem_size), decode_type); |
487 | 10.2k | if (!sws.ok()) { |
488 | 369 | return StatusWithSize(sws.status(), number_out); |
489 | 369 | } |
490 | | |
491 | 9.92k | bytes_read += sws.size(); |
492 | 9.92k | out = out.subspan(elem_size); |
493 | 9.92k | ++number_out; |
494 | 9.92k | } |
495 | | |
496 | 1.78k | if (bytes_read < delimited_field_size_) { |
497 | 11 | return StatusWithSize(Status::ResourceExhausted(), number_out); |
498 | 11 | } |
499 | | |
500 | 1.77k | field_consumed_ = true; |
501 | 1.77k | return StatusWithSize(OkStatus(), number_out); |
502 | 1.78k | } |
503 | | |
504 | 13.0k | Status StreamDecoder::CheckOkToRead(WireType type) { |
505 | 13.0k | PW_CHECK(!nested_reader_open_, |
506 | 13.0k | "Cannot read from a decoder while a nested decoder is open"); |
507 | 13.0k | PW_CHECK(!field_consumed_, |
508 | 13.0k | "Attempting to read from protobuf decoder without first calling " |
509 | 13.0k | "Next()"); |
510 | | |
511 | | // Attempting to read the wrong type is typically a programmer error; |
512 | | // however, it could also occur due to data corruption. As we don't want to |
513 | | // crash on bad data, return NOT_FOUND here to distinguish it from other |
514 | | // corruption cases. |
515 | 13.0k | if (current_field_.wire_type() != type) { |
516 | 202 | status_ = Status::NotFound(); |
517 | 202 | } |
518 | | |
519 | 13.0k | return status_; |
520 | 13.0k | } |
521 | | |
522 | | Status StreamDecoder::Read(span<std::byte> message, |
523 | 0 | span<const internal::MessageField> table) { |
524 | 0 | PW_TRY(status_); |
525 | | |
526 | 0 | while (Next().ok()) { |
527 | | // Find the field in the table, |
528 | | // TODO: b/234876102 - Finding the field can be made more efficient. |
529 | 0 | const auto field = |
530 | 0 | std::find(table.begin(), table.end(), current_field_.field_number()); |
531 | 0 | if (field == table.end()) { |
532 | | // If the field is not found, skip to the next one. |
533 | | // TODO: b/234873295 - Provide a way to allow the caller to inspect |
534 | | // unknown fields, and serialize them back out later. |
535 | 0 | continue; |
536 | 0 | } |
537 | | |
538 | | // Calculate the span of bytes corresponding to the structure field to |
539 | | // output into. |
540 | 0 | const auto out = |
541 | 0 | message.subspan(field->field_offset(), field->field_size()); |
542 | 0 | PW_CHECK(out.begin() >= message.begin() && out.end() <= message.end()); |
543 | | |
544 | | // If the field is using callbacks, interpret the output field accordingly |
545 | | // and allow the caller to provide custom handling. |
546 | 0 | if (field->use_callback()) { |
547 | 0 | const Callback<StreamEncoder, StreamDecoder>* callback = |
548 | 0 | reinterpret_cast<const Callback<StreamEncoder, StreamDecoder>*>( |
549 | 0 | out.data()); |
550 | 0 | PW_TRY(callback->Decode(*this)); |
551 | 0 | continue; |
552 | 0 | } |
553 | | |
554 | | // Switch on the expected wire type of the field, not the actual, to ensure |
555 | | // the remote encoder doesn't influence our decoding unexpectedly. |
556 | 0 | switch (field->wire_type()) { |
557 | 0 | case WireType::kFixed64: |
558 | 0 | case WireType::kFixed32: { |
559 | | // Fixed fields call ReadFixedField() for singular case, and either |
560 | | // ReadPackedFixedField() or ReadRepeatedFixedField() for repeated |
561 | | // fields. |
562 | 0 | PW_CHECK(field->elem_size() == (field->wire_type() == WireType::kFixed32 |
563 | 0 | ? sizeof(uint32_t) |
564 | 0 | : sizeof(uint64_t)), |
565 | 0 | "Mismatched message field type and size"); |
566 | 0 | if (field->is_fixed_size()) { |
567 | 0 | PW_CHECK(field->is_repeated(), "Non-repeated fixed size field"); |
568 | 0 | PW_TRY(ReadPackedFixedField(out, field->elem_size())); |
569 | 0 | } else if (field->is_repeated()) { |
570 | | // The struct member for this field is a vector of a type |
571 | | // corresponding to the field element size. Cast to the correct |
572 | | // vector type so we're not performing type aliasing (except for |
573 | | // unsigned vs signed which is explicitly allowed). |
574 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
575 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint64_t>*>(out.data()); |
576 | 0 | PW_TRY(ReadRepeatedFixedField(*vector)); |
577 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
578 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint32_t>*>(out.data()); |
579 | 0 | PW_TRY(ReadRepeatedFixedField(*vector)); |
580 | 0 | } |
581 | 0 | } else if (field->is_optional()) { |
582 | | // The struct member for this field is a std::optional of a type |
583 | | // corresponding to the field element size. Cast to the correct |
584 | | // optional type so we're not performing type aliasing (except for |
585 | | // unsigned vs signed which is explicitly allowed), and assign through |
586 | | // a temporary. |
587 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
588 | 0 | uint64_t value = 0; |
589 | 0 | PW_TRY(ReadFixedField(as_writable_bytes(span(&value, 1)))); |
590 | 0 | auto* optional = |
591 | 0 | reinterpret_cast<std::optional<uint64_t>*>(out.data()); |
592 | 0 | *optional = value; |
593 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
594 | 0 | uint32_t value = 0; |
595 | 0 | PW_TRY(ReadFixedField(as_writable_bytes(span(&value, 1)))); |
596 | 0 | auto* optional = |
597 | 0 | reinterpret_cast<std::optional<uint32_t>*>(out.data()); |
598 | 0 | *optional = value; |
599 | 0 | } |
600 | 0 | } else { |
601 | 0 | PW_CHECK(out.size() == field->elem_size(), |
602 | 0 | "Mismatched message field type and size"); |
603 | 0 | PW_TRY(ReadFixedField(out)); |
604 | 0 | } |
605 | 0 | break; |
606 | 0 | } |
607 | 0 | case WireType::kVarint: { |
608 | | // Varint fields call ReadVarintField() for singular case, and either |
609 | | // ReadPackedVarintField() or ReadRepeatedVarintField() for repeated |
610 | | // fields. |
611 | 0 | PW_CHECK(field->elem_size() == sizeof(uint64_t) || |
612 | 0 | field->elem_size() == sizeof(uint32_t) || |
613 | 0 | field->elem_size() == sizeof(bool), |
614 | 0 | "Mismatched message field type and size"); |
615 | 0 | if (field->is_fixed_size()) { |
616 | 0 | PW_CHECK(field->is_repeated(), "Non-repeated fixed size field"); |
617 | 0 | PW_TRY(ReadPackedVarintField( |
618 | 0 | out, field->elem_size(), field->varint_type())); |
619 | 0 | } else if (field->is_repeated()) { |
620 | | // The struct member for this field is a vector of a type |
621 | | // corresponding to the field element size. Cast to the correct |
622 | | // vector type so we're not performing type aliasing (except for |
623 | | // unsigned vs signed which is explicitly allowed). |
624 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
625 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint64_t>*>(out.data()); |
626 | 0 | PW_TRY(ReadRepeatedVarintField(*vector, field->varint_type())); |
627 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
628 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint32_t>*>(out.data()); |
629 | 0 | PW_TRY(ReadRepeatedVarintField(*vector, field->varint_type())); |
630 | 0 | } else if (field->elem_size() == sizeof(bool)) { |
631 | 0 | auto* vector = reinterpret_cast<pw::Vector<bool>*>(out.data()); |
632 | 0 | PW_TRY(ReadRepeatedVarintField(*vector, field->varint_type())); |
633 | 0 | } |
634 | 0 | } else if (field->is_optional()) { |
635 | | // The struct member for this field is a std::optional of a type |
636 | | // corresponding to the field element size. Cast to the correct |
637 | | // optional type so we're not performing type aliasing (except for |
638 | | // unsigned vs signed which is explicitly allowed), and assign through |
639 | | // a temporary. |
640 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
641 | 0 | uint64_t value = 0; |
642 | 0 | PW_TRY(ReadVarintField(as_writable_bytes(span(&value, 1)), |
643 | 0 | field->varint_type())); |
644 | 0 | auto* optional = |
645 | 0 | reinterpret_cast<std::optional<uint64_t>*>(out.data()); |
646 | 0 | *optional = value; |
647 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
648 | 0 | uint32_t value = 0; |
649 | 0 | PW_TRY(ReadVarintField(as_writable_bytes(span(&value, 1)), |
650 | 0 | field->varint_type())); |
651 | 0 | auto* optional = |
652 | 0 | reinterpret_cast<std::optional<uint32_t>*>(out.data()); |
653 | 0 | *optional = value; |
654 | 0 | } else if (field->elem_size() == sizeof(bool)) { |
655 | 0 | bool value = false; |
656 | 0 | PW_TRY(ReadVarintField(as_writable_bytes(span(&value, 1)), |
657 | 0 | field->varint_type())); |
658 | 0 | auto* optional = reinterpret_cast<std::optional<bool>*>(out.data()); |
659 | 0 | *optional = value; |
660 | 0 | } |
661 | 0 | } else { |
662 | 0 | PW_CHECK(out.size() == field->elem_size(), |
663 | 0 | "Mismatched message field type and size"); |
664 | 0 | PW_TRY(ReadVarintField(out, field->varint_type())); |
665 | 0 | } |
666 | 0 | break; |
667 | 0 | } |
668 | 0 | case WireType::kDelimited: { |
669 | | // Delimited fields are always a singular case because of the inability |
670 | | // to cast to a generic vector with an element of a certain size (we |
671 | | // always need a type). |
672 | 0 | PW_CHECK(!field->is_repeated(), |
673 | 0 | "Repeated delimited messages always require a callback"); |
674 | 0 | if (field->nested_message_fields()) { |
675 | | // Nested Message. Struct member is an embedded struct for the |
676 | | // nested field. Obtain a nested decoder and recursively call Read() |
677 | | // using the fields table pointer from this field. |
678 | 0 | auto nested_decoder = GetNestedDecoder(); |
679 | 0 | PW_TRY(nested_decoder.Read(out, *field->nested_message_fields())); |
680 | 0 | } else if (field->is_fixed_size()) { |
681 | | // Fixed-length bytes field. Struct member is a std::array<std::byte>. |
682 | | // Call ReadDelimitedField() to populate it from the stream. |
683 | 0 | PW_CHECK(field->elem_size() == sizeof(std::byte), |
684 | 0 | "Mismatched message field type and size"); |
685 | 0 | PW_TRY(ReadDelimitedField(out)); |
686 | 0 | } else { |
687 | | // bytes or string field with a maximum size. The struct member is |
688 | | // pw::Vector<std::byte> for bytes or pw::InlineString<> for string. |
689 | 0 | PW_CHECK(field->elem_size() == sizeof(std::byte), |
690 | 0 | "Mismatched message field type and size"); |
691 | 0 | if (field->is_string()) { |
692 | 0 | PW_TRY(ReadStringOrBytesField<pw::InlineString<>>(out.data())); |
693 | 0 | } else { |
694 | 0 | PW_TRY(ReadStringOrBytesField<pw::Vector<std::byte>>(out.data())); |
695 | 0 | } |
696 | 0 | } |
697 | 0 | break; |
698 | 0 | } |
699 | 0 | } |
700 | 0 | } |
701 | | |
702 | | // Reaching the end of the encoded protobuf is not an error. |
703 | 0 | if (status_ == Status::OutOfRange()) { |
704 | 0 | return OkStatus(); |
705 | 0 | } |
706 | | |
707 | 0 | return status_; |
708 | 0 | } |
709 | | |
710 | | } // namespace pw::protobuf |