/proc/self/cwd/pw_protobuf/stream_decoder.cc
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 2021 The Pigweed Authors |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); you may not |
4 | | // use this file except in compliance with the License. You may obtain a copy of |
5 | | // the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
11 | | // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
12 | | // License for the specific language governing permissions and limitations under |
13 | | // the License. |
14 | | |
15 | | #include "pw_protobuf/stream_decoder.h" |
16 | | |
17 | | #include <algorithm> |
18 | | #include <cstdint> |
19 | | #include <cstring> |
20 | | #include <limits> |
21 | | #include <optional> |
22 | | |
23 | | #include "pw_assert/assert.h" |
24 | | #include "pw_assert/check.h" |
25 | | #include "pw_bytes/bit.h" |
26 | | #include "pw_containers/vector.h" |
27 | | #include "pw_function/function.h" |
28 | | #include "pw_protobuf/encoder.h" |
29 | | #include "pw_protobuf/internal/codegen.h" |
30 | | #include "pw_protobuf/wire_format.h" |
31 | | #include "pw_span/span.h" |
32 | | #include "pw_status/status.h" |
33 | | #include "pw_status/status_with_size.h" |
34 | | #include "pw_status/try.h" |
35 | | #include "pw_string/string.h" |
36 | | #include "pw_varint/stream.h" |
37 | | #include "pw_varint/varint.h" |
38 | | |
39 | | namespace pw::protobuf { |
40 | | |
41 | | using internal::VarintType; |
42 | | |
43 | 0 | Status StreamDecoder::BytesReader::DoSeek(ptrdiff_t offset, Whence origin) { |
44 | 0 | PW_TRY(status_); |
45 | 0 | if (!decoder_.reader_.seekable()) { |
46 | 0 | return Status::Unimplemented(); |
47 | 0 | } |
48 | | |
49 | 0 | ptrdiff_t absolute_position = std::numeric_limits<ptrdiff_t>::min(); |
50 | | |
51 | | // Convert from the position within the bytes field to the position within the |
52 | | // proto stream. |
53 | 0 | switch (origin) { |
54 | 0 | case Whence::kBeginning: |
55 | 0 | absolute_position = start_offset_ + offset; |
56 | 0 | break; |
57 | | |
58 | 0 | case Whence::kCurrent: |
59 | 0 | absolute_position = decoder_.position_ + offset; |
60 | 0 | break; |
61 | | |
62 | 0 | case Whence::kEnd: |
63 | 0 | absolute_position = end_offset_ + offset; |
64 | 0 | break; |
65 | 0 | } |
66 | | |
67 | 0 | if (absolute_position < 0) { |
68 | 0 | return Status::InvalidArgument(); |
69 | 0 | } |
70 | | |
71 | 0 | if (static_cast<size_t>(absolute_position) < start_offset_ || |
72 | 0 | static_cast<size_t>(absolute_position) > end_offset_) { |
73 | 0 | return Status::OutOfRange(); |
74 | 0 | } |
75 | | |
76 | 0 | PW_TRY(decoder_.reader_.Seek(absolute_position, Whence::kBeginning)); |
77 | 0 | decoder_.position_ = absolute_position; |
78 | 0 | return OkStatus(); |
79 | 0 | } |
80 | | |
81 | 0 | StatusWithSize StreamDecoder::BytesReader::DoRead(ByteSpan destination) { |
82 | 0 | if (!status_.ok()) { |
83 | 0 | return StatusWithSize(status_, 0); |
84 | 0 | } |
85 | | |
86 | 0 | if (decoder_.position_ >= end_offset_ || decoder_.position_ < start_offset_) { |
87 | 0 | return StatusWithSize::OutOfRange(); |
88 | 0 | } |
89 | | |
90 | | // Bound the read buffer to the size of the bytes field. |
91 | 0 | size_t max_length = end_offset_ - decoder_.position_; |
92 | 0 | if (destination.size() > max_length) { |
93 | 0 | destination = destination.first(max_length); |
94 | 0 | } |
95 | |
|
96 | 0 | Result<ByteSpan> result = decoder_.reader_.Read(destination); |
97 | 0 | if (!result.ok()) { |
98 | 0 | return StatusWithSize(result.status(), 0); |
99 | 0 | } |
100 | | |
101 | 0 | decoder_.position_ += result.value().size(); |
102 | 0 | return StatusWithSize(result.value().size()); |
103 | 0 | } |
104 | | |
105 | 5.56k | StreamDecoder::~StreamDecoder() { |
106 | 5.56k | if (parent_ != nullptr) { |
107 | 3.23k | parent_->CloseNestedDecoder(*this); |
108 | 3.23k | } else if (stream_bounds_.high < std::numeric_limits<size_t>::max()) { |
109 | 0 | if (status_.ok()) { |
110 | | // Advance the stream to the end of the bounds. |
111 | 0 | PW_CHECK(Advance(stream_bounds_.high).ok()); |
112 | 0 | } |
113 | 0 | } |
114 | 5.56k | } |
115 | | |
116 | 14.7k | Status StreamDecoder::Next() { |
117 | 14.7k | PW_CHECK(!nested_reader_open_, |
118 | 14.7k | "Cannot use parent decoder while a nested one is open"); |
119 | | |
120 | 14.7k | PW_TRY(status_); |
121 | | |
122 | 14.7k | if (!field_consumed_) { |
123 | 0 | PW_TRY(SkipField()); |
124 | 0 | } |
125 | | |
126 | 14.7k | if (position_ >= stream_bounds_.high || |
127 | 14.7k | reader_.ConservativeReadLimit() == 0) { |
128 | 1.68k | return Status::OutOfRange(); |
129 | 1.68k | } |
130 | | |
131 | 13.0k | status_ = ReadFieldKey(); |
132 | 13.0k | return status_; |
133 | 14.7k | } |
134 | | |
135 | 0 | StreamDecoder::BytesReader StreamDecoder::GetBytesReader() { |
136 | 0 | Status status = CheckOkToRead(WireType::kDelimited); |
137 | |
|
138 | 0 | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
139 | 0 | status.Update(Status::DataLoss()); |
140 | 0 | } |
141 | |
|
142 | 0 | nested_reader_open_ = true; |
143 | |
|
144 | 0 | if (!status.ok()) { |
145 | 0 | return BytesReader(*this, status); |
146 | 0 | } |
147 | | |
148 | 0 | size_t low = position_; |
149 | 0 | size_t high = low + delimited_field_size_; |
150 | |
|
151 | 0 | return BytesReader(*this, low, high); |
152 | 0 | } |
153 | | |
154 | 3.23k | StreamDecoder StreamDecoder::GetNestedDecoder() { |
155 | 3.23k | Status status = CheckOkToRead(WireType::kDelimited); |
156 | | |
157 | 3.23k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
158 | 4 | status.Update(Status::DataLoss()); |
159 | 4 | } |
160 | | |
161 | 3.23k | nested_reader_open_ = true; |
162 | | |
163 | 3.23k | if (!status.ok()) { |
164 | 21 | return StreamDecoder(reader_, this, status); |
165 | 21 | } |
166 | | |
167 | 3.21k | size_t low = position_; |
168 | 3.21k | size_t high = low + delimited_field_size_; |
169 | | |
170 | 3.21k | return StreamDecoder(reader_, this, low, high); |
171 | 3.23k | } |
172 | | |
173 | 3.15k | Status StreamDecoder::Advance(size_t end_position) { |
174 | 3.15k | if (reader_.seekable()) { |
175 | 3.15k | PW_TRY(reader_.Seek(end_position - position_, stream::Stream::kCurrent)); |
176 | 3.15k | position_ = end_position; |
177 | 3.15k | return OkStatus(); |
178 | 3.15k | } |
179 | | |
180 | 0 | while (position_ < end_position) { |
181 | 0 | std::byte b; |
182 | 0 | PW_TRY(reader_.Read(span(&b, 1))); |
183 | 0 | position_++; |
184 | 0 | } |
185 | 0 | return OkStatus(); |
186 | 0 | } |
187 | | |
188 | 0 | void StreamDecoder::CloseBytesReader(BytesReader& reader) { |
189 | 0 | status_ = reader.status_; |
190 | 0 | if (status_.ok()) { |
191 | | // Advance the stream to the end of the bytes field. |
192 | | // The BytesReader already updated our position_ field as bytes were read. |
193 | 0 | PW_CHECK(Advance(reader.end_offset_).ok()); |
194 | 0 | } |
195 | | |
196 | 0 | field_consumed_ = true; |
197 | 0 | nested_reader_open_ = false; |
198 | 0 | } |
199 | | |
200 | 3.23k | void StreamDecoder::CloseNestedDecoder(StreamDecoder& nested) { |
201 | 3.23k | PW_CHECK_PTR_EQ(nested.parent_, this); |
202 | | |
203 | 3.23k | nested.nested_reader_open_ = true; |
204 | 3.23k | nested.parent_ = nullptr; |
205 | | |
206 | 3.23k | status_ = nested.status_; |
207 | 3.23k | position_ = nested.position_; |
208 | 3.23k | if (status_.ok()) { |
209 | | // Advance the stream to the end of the nested message field. |
210 | 3.15k | PW_CHECK(Advance(nested.stream_bounds_.high).ok()); |
211 | 3.15k | } |
212 | | |
213 | 3.23k | field_consumed_ = true; |
214 | 3.23k | nested_reader_open_ = false; |
215 | 3.23k | } |
216 | | |
217 | 13.0k | Status StreamDecoder::ReadFieldKey() { |
218 | 13.0k | PW_DCHECK(field_consumed_); |
219 | | |
220 | 13.0k | uint64_t varint = 0; |
221 | 13.0k | PW_TRY_ASSIGN(size_t bytes_read, |
222 | 12.9k | varint::Read(reader_, &varint, RemainingBytes())); |
223 | 12.9k | position_ += bytes_read; |
224 | | |
225 | 12.9k | if (!FieldKey::IsValidKey(varint)) { |
226 | 132 | return Status::DataLoss(); |
227 | 132 | } |
228 | | |
229 | 12.8k | PW_DCHECK(varint <= std::numeric_limits<uint32_t>::max()); |
230 | 12.8k | current_field_ = FieldKey(static_cast<uint32_t>(varint)); |
231 | | |
232 | 12.8k | if (current_field_.wire_type() == WireType::kDelimited) { |
233 | | // Read the length varint of length-delimited fields immediately to simplify |
234 | | // later processing of the field. |
235 | 8.71k | StatusWithSize sws = varint::Read(reader_, &varint, RemainingBytes()); |
236 | 8.71k | position_ += sws.size(); |
237 | 8.71k | if (sws.IsOutOfRange()) { |
238 | | // Out of range indicates the end of the stream. As a value is expected |
239 | | // here, report it as a data loss and terminate the decode operation. |
240 | 28 | return Status::DataLoss(); |
241 | 28 | } |
242 | 8.68k | if (!sws.ok()) { |
243 | 3 | return sws.status(); |
244 | 3 | } |
245 | | |
246 | 8.68k | if (varint > std::numeric_limits<uint32_t>::max()) { |
247 | 65 | return Status::DataLoss(); |
248 | 65 | } |
249 | | |
250 | 8.62k | delimited_field_size_ = varint; |
251 | 8.62k | delimited_field_offset_ = position_; |
252 | 8.62k | } |
253 | | |
254 | 12.7k | field_consumed_ = false; |
255 | 12.7k | return OkStatus(); |
256 | 12.8k | } |
257 | | |
258 | 0 | Result<StreamDecoder::Bounds> StreamDecoder::GetLengthDelimitedPayloadBounds() { |
259 | 0 | PW_TRY(CheckOkToRead(WireType::kDelimited)); |
260 | 0 | return StreamDecoder::Bounds{delimited_field_offset_, |
261 | 0 | delimited_field_size_ + delimited_field_offset_}; |
262 | 0 | } |
263 | | |
264 | | // Consumes the current protobuf field, advancing the stream to the key of the |
265 | | // next field (if one exists). |
266 | 0 | Status StreamDecoder::SkipField() { |
267 | 0 | PW_DCHECK(!field_consumed_); |
268 | | |
269 | 0 | size_t bytes_to_skip = 0; |
270 | 0 | uint64_t value = 0; |
271 | |
|
272 | 0 | switch (current_field_.wire_type()) { |
273 | 0 | case WireType::kVarint: { |
274 | | // Consume the varint field; nothing more to skip afterward. |
275 | 0 | PW_TRY_ASSIGN(size_t bytes_read, |
276 | 0 | varint::Read(reader_, &value, RemainingBytes())); |
277 | 0 | position_ += bytes_read; |
278 | 0 | break; |
279 | 0 | } |
280 | 0 | case WireType::kDelimited: |
281 | 0 | bytes_to_skip = delimited_field_size_; |
282 | 0 | break; |
283 | | |
284 | 0 | case WireType::kFixed32: |
285 | 0 | bytes_to_skip = sizeof(uint32_t); |
286 | 0 | break; |
287 | | |
288 | 0 | case WireType::kFixed64: |
289 | 0 | bytes_to_skip = sizeof(uint64_t); |
290 | 0 | break; |
291 | 0 | } |
292 | | |
293 | 0 | if (bytes_to_skip > 0) { |
294 | | // Check if the stream has the field available. If not, report it as a |
295 | | // DATA_LOSS since the proto is invalid (as opposed to OUT_OF_BOUNDS if we |
296 | | // just tried to seek beyond the end). |
297 | 0 | if (reader_.ConservativeReadLimit() < bytes_to_skip) { |
298 | 0 | status_ = Status::DataLoss(); |
299 | 0 | return status_; |
300 | 0 | } |
301 | | |
302 | 0 | if (RemainingBytes() < bytes_to_skip) { |
303 | 0 | status_ = Status::DataLoss(); |
304 | 0 | return status_; |
305 | 0 | } |
306 | | |
307 | 0 | PW_TRY(Advance(position_ + bytes_to_skip)); |
308 | 0 | } |
309 | | |
310 | 0 | field_consumed_ = true; |
311 | 0 | return OkStatus(); |
312 | 0 | } |
313 | | |
314 | | Status StreamDecoder::ReadVarintField(span<std::byte> out, |
315 | 2.40k | VarintType decode_type) { |
316 | 2.40k | PW_CHECK(out.size() == sizeof(bool) || out.size() == sizeof(uint32_t) || |
317 | 2.40k | out.size() == sizeof(uint64_t), |
318 | 2.40k | "Protobuf varints must only be used with bool, int32_t, uint32_t, " |
319 | 2.40k | "int64_t, or uint64_t"); |
320 | 2.40k | PW_TRY(CheckOkToRead(WireType::kVarint)); |
321 | | |
322 | 2.35k | const StatusWithSize sws = ReadOneVarint(out, decode_type); |
323 | 2.35k | if (sws.status() != Status::DataLoss()) |
324 | 2.07k | field_consumed_ = true; |
325 | 2.35k | return sws.status(); |
326 | 2.40k | } |
327 | | |
328 | | StatusWithSize StreamDecoder::ReadOneVarint(span<std::byte> out, |
329 | 12.3k | VarintType decode_type) { |
330 | 12.3k | uint64_t value; |
331 | 12.3k | StatusWithSize sws = varint::Read(reader_, &value, RemainingBytes()); |
332 | 12.3k | position_ += sws.size(); |
333 | 12.3k | if (sws.IsOutOfRange()) { |
334 | | // Out of range indicates the end of the stream. As a value is expected |
335 | | // here, report it as a data loss and terminate the decode operation. |
336 | 51 | status_ = Status::DataLoss(); |
337 | 51 | return StatusWithSize(status_, sws.size()); |
338 | 51 | } |
339 | 12.2k | if (!sws.ok()) { |
340 | 403 | return sws; |
341 | 403 | } |
342 | | |
343 | 11.8k | if (out.size() == sizeof(uint64_t)) { |
344 | 8.05k | if (decode_type == VarintType::kUnsigned) { |
345 | 3.43k | std::memcpy(out.data(), &value, out.size()); |
346 | 4.61k | } else { |
347 | 4.61k | const int64_t signed_value = decode_type == VarintType::kZigZag |
348 | 4.61k | ? varint::ZigZagDecode(value) |
349 | 4.61k | : static_cast<int64_t>(value); |
350 | 4.61k | std::memcpy(out.data(), &signed_value, out.size()); |
351 | 4.61k | } |
352 | 8.05k | } else if (out.size() == sizeof(uint32_t)) { |
353 | 3.79k | if (decode_type == VarintType::kUnsigned) { |
354 | 1.59k | if (value > std::numeric_limits<uint32_t>::max()) { |
355 | 85 | return StatusWithSize(Status::FailedPrecondition(), sws.size()); |
356 | 85 | } |
357 | 1.50k | std::memcpy(out.data(), &value, out.size()); |
358 | 2.20k | } else { |
359 | 2.20k | const int64_t signed_value = decode_type == VarintType::kZigZag |
360 | 2.20k | ? varint::ZigZagDecode(value) |
361 | 2.20k | : static_cast<int64_t>(value); |
362 | 2.20k | if (signed_value > std::numeric_limits<int32_t>::max() || |
363 | 2.20k | signed_value < std::numeric_limits<int32_t>::min()) { |
364 | 105 | return StatusWithSize(Status::FailedPrecondition(), sws.size()); |
365 | 105 | } |
366 | 2.09k | std::memcpy(out.data(), &signed_value, out.size()); |
367 | 2.09k | } |
368 | 3.79k | } else if (out.size() == sizeof(bool)) { |
369 | 0 | PW_CHECK(decode_type == VarintType::kUnsigned, |
370 | 0 | "Protobuf bool can never be signed"); |
371 | 0 | std::memcpy(out.data(), &value, out.size()); |
372 | 0 | } |
373 | | |
374 | 11.6k | return sws; |
375 | 11.8k | } |
376 | | |
377 | 1.65k | Status StreamDecoder::ReadFixedField(span<std::byte> out) { |
378 | 1.65k | WireType expected_wire_type = |
379 | 1.65k | out.size() == sizeof(uint32_t) ? WireType::kFixed32 : WireType::kFixed64; |
380 | 1.65k | PW_TRY(CheckOkToRead(expected_wire_type)); |
381 | | |
382 | 1.62k | if (reader_.ConservativeReadLimit() < out.size()) { |
383 | 16 | status_ = Status::DataLoss(); |
384 | 16 | return status_; |
385 | 16 | } |
386 | | |
387 | 1.60k | if (RemainingBytes() < out.size()) { |
388 | 6 | status_ = Status::DataLoss(); |
389 | 6 | return status_; |
390 | 6 | } |
391 | | |
392 | 1.59k | PW_TRY(reader_.Read(out)); |
393 | 1.59k | position_ += out.size(); |
394 | 1.59k | field_consumed_ = true; |
395 | | |
396 | 1.59k | if (endian::native != endian::little) { |
397 | 0 | std::reverse(out.begin(), out.end()); |
398 | 0 | } |
399 | | |
400 | 1.59k | return OkStatus(); |
401 | 1.59k | } |
402 | | |
403 | 1.01k | StatusWithSize StreamDecoder::ReadDelimitedField(span<std::byte> out) { |
404 | 1.01k | if (Status status = CheckOkToRead(WireType::kDelimited); !status.ok()) { |
405 | 7 | return StatusWithSize(status, 0); |
406 | 7 | } |
407 | | |
408 | 1.01k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
409 | 40 | status_ = Status::DataLoss(); |
410 | 40 | return StatusWithSize(status_, 0); |
411 | 40 | } |
412 | | |
413 | 972 | if (out.size() < delimited_field_size_) { |
414 | | // Value can't fit into the provided buffer. Don't advance the cursor so |
415 | | // that the field can be re-read with a larger buffer or through the stream |
416 | | // API. |
417 | 33 | return StatusWithSize::ResourceExhausted(); |
418 | 33 | } |
419 | | |
420 | 939 | Result<ByteSpan> result = reader_.Read(out.first(delimited_field_size_)); |
421 | 939 | if (!result.ok()) { |
422 | 51 | return StatusWithSize(result.status(), 0); |
423 | 51 | } |
424 | | |
425 | 888 | position_ += result.value().size(); |
426 | 888 | field_consumed_ = true; |
427 | 888 | return StatusWithSize(result.value().size()); |
428 | 939 | } |
429 | | |
430 | | StatusWithSize StreamDecoder::ReadPackedFixedField(span<std::byte> out, |
431 | 2.19k | size_t elem_size) { |
432 | 2.19k | if (Status status = CheckOkToRead(WireType::kDelimited); !status.ok()) { |
433 | 32 | return StatusWithSize(status, 0); |
434 | 32 | } |
435 | | |
436 | 2.16k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
437 | 39 | status_ = Status::DataLoss(); |
438 | 39 | return StatusWithSize(status_, 0); |
439 | 39 | } |
440 | | |
441 | 2.12k | if (out.size() < delimited_field_size_) { |
442 | | // Value can't fit into the provided buffer. Don't advance the cursor so |
443 | | // that the field can be re-read with a larger buffer or through the stream |
444 | | // API. |
445 | 62 | return StatusWithSize::ResourceExhausted(); |
446 | 62 | } |
447 | | |
448 | 2.06k | Result<ByteSpan> result = reader_.Read(out.first(delimited_field_size_)); |
449 | 2.06k | if (!result.ok()) { |
450 | 138 | return StatusWithSize(result.status(), 0); |
451 | 138 | } |
452 | | |
453 | 1.92k | position_ += result.value().size(); |
454 | 1.92k | field_consumed_ = true; |
455 | | |
456 | | // Decode little-endian serialized packed fields. |
457 | 1.92k | if (endian::native != endian::little) { |
458 | 0 | for (auto out_start = out.begin(); out_start != out.end(); |
459 | 0 | out_start += elem_size) { |
460 | 0 | std::reverse(out_start, out_start + elem_size); |
461 | 0 | } |
462 | 0 | } |
463 | | |
464 | 1.92k | return StatusWithSize(result.value().size() / elem_size); |
465 | 2.06k | } |
466 | | |
467 | | StatusWithSize StreamDecoder::ReadPackedVarintField(span<std::byte> out, |
468 | | size_t elem_size, |
469 | 2.26k | VarintType decode_type) { |
470 | 2.26k | PW_CHECK(elem_size == sizeof(bool) || elem_size == sizeof(uint32_t) || |
471 | 2.26k | elem_size == sizeof(uint64_t), |
472 | 2.26k | "Protobuf varints must only be used with bool, int32_t, uint32_t, " |
473 | 2.26k | "int64_t, or uint64_t"); |
474 | | |
475 | 2.26k | if (Status status = CheckOkToRead(WireType::kDelimited); !status.ok()) { |
476 | 52 | return StatusWithSize(status, 0); |
477 | 52 | } |
478 | | |
479 | 2.21k | if (reader_.ConservativeReadLimit() < delimited_field_size_) { |
480 | 41 | status_ = Status::DataLoss(); |
481 | 41 | return StatusWithSize(status_, 0); |
482 | 41 | } |
483 | | |
484 | 2.16k | size_t bytes_read = 0; |
485 | 2.16k | size_t number_out = 0; |
486 | 11.7k | while (bytes_read < delimited_field_size_ && !out.empty()) { |
487 | 9.94k | const StatusWithSize sws = ReadOneVarint(out.first(elem_size), decode_type); |
488 | 9.94k | if (!sws.ok()) { |
489 | 361 | return StatusWithSize(sws.status(), number_out); |
490 | 361 | } |
491 | | |
492 | 9.58k | bytes_read += sws.size(); |
493 | 9.58k | out = out.subspan(elem_size); |
494 | 9.58k | ++number_out; |
495 | 9.58k | } |
496 | | |
497 | 1.80k | if (bytes_read < delimited_field_size_) { |
498 | 12 | return StatusWithSize(Status::ResourceExhausted(), number_out); |
499 | 12 | } |
500 | | |
501 | 1.79k | field_consumed_ = true; |
502 | 1.79k | return StatusWithSize(OkStatus(), number_out); |
503 | 1.80k | } |
504 | | |
505 | 12.7k | Status StreamDecoder::CheckOkToRead(WireType type) { |
506 | 12.7k | PW_CHECK(!nested_reader_open_, |
507 | 12.7k | "Cannot read from a decoder while a nested decoder is open"); |
508 | 12.7k | PW_CHECK(!field_consumed_, |
509 | 12.7k | "Attempting to read from protobuf decoder without first calling " |
510 | 12.7k | "Next()"); |
511 | | |
512 | | // Attempting to read the wrong type is typically a programmer error; |
513 | | // however, it could also occur due to data corruption. As we don't want to |
514 | | // crash on bad data, return NOT_FOUND here to distinguish it from other |
515 | | // corruption cases. |
516 | 12.7k | if (current_field_.wire_type() != type) { |
517 | 185 | status_ = Status::NotFound(); |
518 | 185 | } |
519 | | |
520 | 12.7k | return status_; |
521 | 12.7k | } |
522 | | |
523 | | Status StreamDecoder::Read(span<std::byte> message, |
524 | 0 | span<const internal::MessageField> table) { |
525 | 0 | PW_TRY(status_); |
526 | | |
527 | 0 | while (Next().ok()) { |
528 | | // Find the field in the table, |
529 | | // TODO: b/234876102 - Finding the field can be made more efficient. |
530 | 0 | const auto field = |
531 | 0 | std::find(table.begin(), table.end(), current_field_.field_number()); |
532 | 0 | if (field == table.end()) { |
533 | | // If the field is not found, skip to the next one. |
534 | | // TODO: b/234873295 - Provide a way to allow the caller to inspect |
535 | | // unknown fields, and serialize them back out later. |
536 | 0 | continue; |
537 | 0 | } |
538 | | |
539 | | // Calculate the span of bytes corresponding to the structure field to |
540 | | // output into. |
541 | 0 | const auto out = |
542 | 0 | message.subspan(field->field_offset(), field->field_size()); |
543 | 0 | PW_CHECK(out.begin() >= message.begin() && out.end() <= message.end()); |
544 | | |
545 | | // If the field is using callbacks, interpret the output field accordingly |
546 | | // and allow the caller to provide custom handling. |
547 | 0 | if (field->callback_type() == internal::CallbackType::kSingleField) { |
548 | 0 | const Callback<StreamEncoder, StreamDecoder>* callback = |
549 | 0 | reinterpret_cast<const Callback<StreamEncoder, StreamDecoder>*>( |
550 | 0 | out.data()); |
551 | 0 | PW_TRY(callback->Decode(*this)); |
552 | 0 | continue; |
553 | 0 | } |
554 | 0 | if (field->callback_type() == internal::CallbackType::kOneOfGroup) { |
555 | 0 | const OneOf<StreamEncoder, StreamDecoder>* callback = |
556 | 0 | reinterpret_cast<const OneOf<StreamEncoder, StreamDecoder>*>( |
557 | 0 | out.data()); |
558 | 0 | PW_TRY(callback->Decode( |
559 | 0 | static_cast<NullFields>(current_field_.field_number()), *this)); |
560 | 0 | continue; |
561 | 0 | } |
562 | | |
563 | | // Switch on the expected wire type of the field, not the actual, to ensure |
564 | | // the remote encoder doesn't influence our decoding unexpectedly. |
565 | 0 | switch (field->wire_type()) { |
566 | 0 | case WireType::kFixed64: |
567 | 0 | case WireType::kFixed32: { |
568 | | // Fixed fields call ReadFixedField() for singular case, and either |
569 | | // ReadPackedFixedField() or ReadRepeatedFixedField() for repeated |
570 | | // fields. |
571 | 0 | PW_CHECK(field->elem_size() == (field->wire_type() == WireType::kFixed32 |
572 | 0 | ? sizeof(uint32_t) |
573 | 0 | : sizeof(uint64_t)), |
574 | 0 | "Mismatched message field type and size"); |
575 | 0 | if (field->is_fixed_size()) { |
576 | 0 | PW_CHECK(field->is_repeated(), "Non-repeated fixed size field"); |
577 | 0 | PW_TRY(ReadPackedFixedField(out, field->elem_size())); |
578 | 0 | } else if (field->is_repeated()) { |
579 | | // The struct member for this field is a vector of a type |
580 | | // corresponding to the field element size. Cast to the correct |
581 | | // vector type so we're not performing type aliasing (except for |
582 | | // unsigned vs signed which is explicitly allowed). |
583 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
584 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint64_t>*>(out.data()); |
585 | 0 | PW_TRY(ReadRepeatedFixedField(*vector)); |
586 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
587 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint32_t>*>(out.data()); |
588 | 0 | PW_TRY(ReadRepeatedFixedField(*vector)); |
589 | 0 | } |
590 | 0 | } else if (field->is_optional()) { |
591 | | // The struct member for this field is a std::optional of a type |
592 | | // corresponding to the field element size. Cast to the correct |
593 | | // optional type so we're not performing type aliasing (except for |
594 | | // unsigned vs signed which is explicitly allowed), and assign through |
595 | | // a temporary. |
596 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
597 | 0 | uint64_t value = 0; |
598 | 0 | PW_TRY(ReadFixedField(as_writable_bytes(span(&value, 1)))); |
599 | 0 | auto* optional = |
600 | 0 | reinterpret_cast<std::optional<uint64_t>*>(out.data()); |
601 | 0 | *optional = value; |
602 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
603 | 0 | uint32_t value = 0; |
604 | 0 | PW_TRY(ReadFixedField(as_writable_bytes(span(&value, 1)))); |
605 | 0 | auto* optional = |
606 | 0 | reinterpret_cast<std::optional<uint32_t>*>(out.data()); |
607 | 0 | *optional = value; |
608 | 0 | } |
609 | 0 | } else { |
610 | 0 | PW_CHECK(out.size() == field->elem_size(), |
611 | 0 | "Mismatched message field type and size"); |
612 | 0 | PW_TRY(ReadFixedField(out)); |
613 | 0 | } |
614 | 0 | break; |
615 | 0 | } |
616 | 0 | case WireType::kVarint: { |
617 | | // Varint fields call ReadVarintField() for singular case, and either |
618 | | // ReadPackedVarintField() or ReadRepeatedVarintField() for repeated |
619 | | // fields. |
620 | 0 | PW_CHECK(field->elem_size() == sizeof(uint64_t) || |
621 | 0 | field->elem_size() == sizeof(uint32_t) || |
622 | 0 | field->elem_size() == sizeof(bool), |
623 | 0 | "Mismatched message field type and size"); |
624 | 0 | if (field->is_fixed_size()) { |
625 | 0 | PW_CHECK(field->is_repeated(), "Non-repeated fixed size field"); |
626 | 0 | PW_TRY(ReadPackedVarintField( |
627 | 0 | out, field->elem_size(), field->varint_type())); |
628 | 0 | } else if (field->is_repeated()) { |
629 | | // The struct member for this field is a vector of a type |
630 | | // corresponding to the field element size. Cast to the correct |
631 | | // vector type so we're not performing type aliasing (except for |
632 | | // unsigned vs signed which is explicitly allowed). |
633 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
634 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint64_t>*>(out.data()); |
635 | 0 | PW_TRY(ReadRepeatedVarintField(*vector, field->varint_type())); |
636 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
637 | 0 | auto* vector = reinterpret_cast<pw::Vector<uint32_t>*>(out.data()); |
638 | 0 | PW_TRY(ReadRepeatedVarintField(*vector, field->varint_type())); |
639 | 0 | } else if (field->elem_size() == sizeof(bool)) { |
640 | 0 | auto* vector = reinterpret_cast<pw::Vector<bool>*>(out.data()); |
641 | 0 | PW_TRY(ReadRepeatedVarintField(*vector, field->varint_type())); |
642 | 0 | } |
643 | 0 | } else if (field->is_optional()) { |
644 | | // The struct member for this field is a std::optional of a type |
645 | | // corresponding to the field element size. Cast to the correct |
646 | | // optional type so we're not performing type aliasing (except for |
647 | | // unsigned vs signed which is explicitly allowed), and assign through |
648 | | // a temporary. |
649 | 0 | if (field->elem_size() == sizeof(uint64_t)) { |
650 | 0 | uint64_t value = 0; |
651 | 0 | PW_TRY(ReadVarintField(as_writable_bytes(span(&value, 1)), |
652 | 0 | field->varint_type())); |
653 | 0 | auto* optional = |
654 | 0 | reinterpret_cast<std::optional<uint64_t>*>(out.data()); |
655 | 0 | *optional = value; |
656 | 0 | } else if (field->elem_size() == sizeof(uint32_t)) { |
657 | 0 | uint32_t value = 0; |
658 | 0 | PW_TRY(ReadVarintField(as_writable_bytes(span(&value, 1)), |
659 | 0 | field->varint_type())); |
660 | 0 | auto* optional = |
661 | 0 | reinterpret_cast<std::optional<uint32_t>*>(out.data()); |
662 | 0 | *optional = value; |
663 | 0 | } else if (field->elem_size() == sizeof(bool)) { |
664 | 0 | bool value = false; |
665 | 0 | PW_TRY(ReadVarintField(as_writable_bytes(span(&value, 1)), |
666 | 0 | field->varint_type())); |
667 | 0 | auto* optional = reinterpret_cast<std::optional<bool>*>(out.data()); |
668 | 0 | *optional = value; |
669 | 0 | } |
670 | 0 | } else { |
671 | 0 | PW_CHECK(out.size() == field->elem_size(), |
672 | 0 | "Mismatched message field type and size"); |
673 | 0 | PW_TRY(ReadVarintField(out, field->varint_type())); |
674 | 0 | } |
675 | 0 | break; |
676 | 0 | } |
677 | 0 | case WireType::kDelimited: { |
678 | | // Delimited fields are always a singular case because of the inability |
679 | | // to cast to a generic vector with an element of a certain size (we |
680 | | // always need a type). |
681 | 0 | PW_CHECK(!field->is_repeated(), |
682 | 0 | "Repeated delimited messages always require a callback"); |
683 | 0 | if (field->nested_message_fields()) { |
684 | | // Nested Message. Struct member is an embedded struct for the |
685 | | // nested field. Obtain a nested decoder and recursively call Read() |
686 | | // using the fields table pointer from this field. |
687 | 0 | auto nested_decoder = GetNestedDecoder(); |
688 | 0 | PW_TRY(nested_decoder.Read(out, *field->nested_message_fields())); |
689 | 0 | } else if (field->is_fixed_size()) { |
690 | | // Fixed-length bytes field. Struct member is a std::array<std::byte>. |
691 | | // Call ReadDelimitedField() to populate it from the stream. |
692 | 0 | PW_CHECK(field->elem_size() == sizeof(std::byte), |
693 | 0 | "Mismatched message field type and size"); |
694 | 0 | PW_TRY(ReadDelimitedField(out)); |
695 | 0 | } else { |
696 | | // bytes or string field with a maximum size. The struct member is |
697 | | // pw::Vector<std::byte> for bytes or pw::InlineString<> for string. |
698 | 0 | PW_CHECK(field->elem_size() == sizeof(std::byte), |
699 | 0 | "Mismatched message field type and size"); |
700 | 0 | if (field->is_string()) { |
701 | 0 | PW_TRY(ReadStringOrBytesField<pw::InlineString<>>(out.data())); |
702 | 0 | } else { |
703 | 0 | PW_TRY(ReadStringOrBytesField<pw::Vector<std::byte>>(out.data())); |
704 | 0 | } |
705 | 0 | } |
706 | 0 | break; |
707 | 0 | } |
708 | 0 | } |
709 | 0 | } |
710 | | |
711 | | // Reaching the end of the encoded protobuf is not an error. |
712 | 0 | if (status_ == Status::OutOfRange()) { |
713 | 0 | return OkStatus(); |
714 | 0 | } |
715 | | |
716 | 0 | return status_; |
717 | 0 | } |
718 | | |
719 | | } // namespace pw::protobuf |