search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
history | raw | HEAD
Explicitly convert an enum to an int (#19537)
[google-protobuf.git] / objectivec / GPBCodedInputStream.m
blobbc4421344f6c4f44ba6a2037e9f6e7ac7ec16216
1 // Protocol Buffers - Google's data interchange format
2 // Copyright 2008 Google Inc.  All rights reserved.
3 //
4 // Use of this source code is governed by a BSD-style
5 // license that can be found in the LICENSE file or at
6 // https://developers.google.com/open-source/licenses/bsd
7
8 #import "GPBCodedInputStream.h"
9 #import "GPBCodedInputStream_PackagePrivate.h"
10
11 #import "GPBDictionary.h"
12 #import "GPBDictionary_PackagePrivate.h"
13 #import "GPBMessage.h"
14 #import "GPBMessage_PackagePrivate.h"
15 #import "GPBUtilities.h"
16 #import "GPBUtilities_PackagePrivate.h"
17 #import "GPBWireFormat.h"
18
19 // TODO: Consider using on other functions to reduce bloat when
20 // some compiler optimizations are enabled.
21 #define GPB_NOINLINE __attribute__((noinline))
22
23 NSString *const GPBCodedInputStreamException = GPBNSStringifySymbol(GPBCodedInputStreamException);
24
25 NSString *const GPBCodedInputStreamUnderlyingErrorKey =
26     GPBNSStringifySymbol(GPBCodedInputStreamUnderlyingErrorKey);
27
28 NSString *const GPBCodedInputStreamErrorDomain =
29     GPBNSStringifySymbol(GPBCodedInputStreamErrorDomain);
30
31 // Matching:
32 // https://github.com/protocolbuffers/protobuf/blob/main/java/core/src/main/java/com/google/protobuf/CodedInputStream.java#L62
33 //  private static final int DEFAULT_RECURSION_LIMIT = 100;
34 // https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/io/coded_stream.cc#L86
35 //  int CodedInputStream::default_recursion_limit_ = 100;
36 static const NSUInteger kDefaultRecursionLimit = 100;
37
38 GPB_NOINLINE
39 void GPBRaiseStreamError(NSInteger code, NSString *reason) {
40   NSDictionary *errorInfo = nil;
41   if ([reason length]) {
42     errorInfo = @{GPBErrorReasonKey : reason};
43   }
44   NSError *error = [NSError errorWithDomain:GPBCodedInputStreamErrorDomain
45                                        code:code
46                                    userInfo:errorInfo];
47
48   NSDictionary *exceptionInfo = @{GPBCodedInputStreamUnderlyingErrorKey : error};
49   [[NSException exceptionWithName:GPBCodedInputStreamException reason:reason
50                          userInfo:exceptionInfo] raise];
51 }
52
53 GPB_INLINE void CheckRecursionLimit(GPBCodedInputStreamState *state) {
54   if (state->recursionDepth >= kDefaultRecursionLimit) {
55     GPBRaiseStreamError(GPBCodedInputStreamErrorRecursionDepthExceeded, nil);
56   }
57 }
58
59 GPB_INLINE void CheckFieldSize(uint64_t size) {
60   // Bytes and Strings have a max size of 2GB. And since messages are on the wire as bytes/length
61   // delimited, they also have a 2GB size limit. The C++ does the same sort of enforcement (see
62   // parse_context, delimited_message_util, message_lite, etc.).
63   // https://protobuf.dev/programming-guides/encoding/#cheat-sheet
64   if (size > 0x7fffffff) {
65     // TODO: Maybe a different error code for this, but adding one is a breaking
66     // change so reuse an existing one.
67     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidSize, nil);
68   }
69 }
70
71 static void CheckSize(GPBCodedInputStreamState *state, size_t size) {
72   size_t newSize = state->bufferPos + size;
73   if (newSize > state->bufferSize) {
74     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidSize, nil);
75   }
76   if (newSize > state->currentLimit) {
77     // Fast forward to end of currentLimit;
78     state->bufferPos = state->currentLimit;
79     GPBRaiseStreamError(GPBCodedInputStreamErrorSubsectionLimitReached, nil);
80   }
81 }
82
83 static int8_t ReadRawByte(GPBCodedInputStreamState *state) {
84   CheckSize(state, sizeof(int8_t));
85   return ((int8_t *)state->bytes)[state->bufferPos++];
86 }
87
88 static int32_t ReadRawLittleEndian32(GPBCodedInputStreamState *state) {
89   CheckSize(state, sizeof(int32_t));
90   // Not using OSReadLittleInt32 because it has undocumented dependency
91   // on reads being aligned.
92   int32_t value;
93   memcpy(&value, state->bytes + state->bufferPos, sizeof(int32_t));
94   value = OSSwapLittleToHostInt32(value);
95   state->bufferPos += sizeof(int32_t);
96   return value;
97 }
98
99 static int64_t ReadRawLittleEndian64(GPBCodedInputStreamState *state) {
100   CheckSize(state, sizeof(int64_t));
101   // Not using OSReadLittleInt64 because it has undocumented dependency
102   // on reads being aligned.
103   int64_t value;
104   memcpy(&value, state->bytes + state->bufferPos, sizeof(int64_t));
105   value = OSSwapLittleToHostInt64(value);
106   state->bufferPos += sizeof(int64_t);
107   return value;
108 }
109
110 static int64_t ReadRawVarint64(GPBCodedInputStreamState *state) {
111   int32_t shift = 0;
112   int64_t result = 0;
113   while (shift < 64) {
114     int8_t b = ReadRawByte(state);
115     result |= (int64_t)((uint64_t)(b & 0x7F) << shift);
116     if ((b & 0x80) == 0) {
117       return result;
118     }
119     shift += 7;
120   }
121   GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidVarInt, @"Invalid VarInt64");
122   return 0;
123 }
124
125 static int32_t ReadRawVarint32(GPBCodedInputStreamState *state) {
126   return (int32_t)ReadRawVarint64(state);
127 }
128
129 static void SkipRawData(GPBCodedInputStreamState *state, size_t size) {
130   CheckSize(state, size);
131   state->bufferPos += size;
132 }
133
134 double GPBCodedInputStreamReadDouble(GPBCodedInputStreamState *state) {
135   int64_t value = ReadRawLittleEndian64(state);
136   return GPBConvertInt64ToDouble(value);
137 }
138
139 float GPBCodedInputStreamReadFloat(GPBCodedInputStreamState *state) {
140   int32_t value = ReadRawLittleEndian32(state);
141   return GPBConvertInt32ToFloat(value);
142 }
143
144 uint64_t GPBCodedInputStreamReadUInt64(GPBCodedInputStreamState *state) {
145   uint64_t value = ReadRawVarint64(state);
146   return value;
147 }
148
149 uint32_t GPBCodedInputStreamReadUInt32(GPBCodedInputStreamState *state) {
150   uint32_t value = ReadRawVarint32(state);
151   return value;
152 }
153
154 int64_t GPBCodedInputStreamReadInt64(GPBCodedInputStreamState *state) {
155   int64_t value = ReadRawVarint64(state);
156   return value;
157 }
158
159 int32_t GPBCodedInputStreamReadInt32(GPBCodedInputStreamState *state) {
160   int32_t value = ReadRawVarint32(state);
161   return value;
162 }
163
164 uint64_t GPBCodedInputStreamReadFixed64(GPBCodedInputStreamState *state) {
165   uint64_t value = ReadRawLittleEndian64(state);
166   return value;
167 }
168
169 uint32_t GPBCodedInputStreamReadFixed32(GPBCodedInputStreamState *state) {
170   uint32_t value = ReadRawLittleEndian32(state);
171   return value;
172 }
173
174 int32_t GPBCodedInputStreamReadEnum(GPBCodedInputStreamState *state) {
175   int32_t value = ReadRawVarint32(state);
176   return value;
177 }
178
179 int32_t GPBCodedInputStreamReadSFixed32(GPBCodedInputStreamState *state) {
180   int32_t value = ReadRawLittleEndian32(state);
181   return value;
182 }
183
184 int64_t GPBCodedInputStreamReadSFixed64(GPBCodedInputStreamState *state) {
185   int64_t value = ReadRawLittleEndian64(state);
186   return value;
187 }
188
189 int32_t GPBCodedInputStreamReadSInt32(GPBCodedInputStreamState *state) {
190   int32_t value = GPBDecodeZigZag32(ReadRawVarint32(state));
191   return value;
192 }
193
194 int64_t GPBCodedInputStreamReadSInt64(GPBCodedInputStreamState *state) {
195   int64_t value = GPBDecodeZigZag64(ReadRawVarint64(state));
196   return value;
197 }
198
199 BOOL GPBCodedInputStreamReadBool(GPBCodedInputStreamState *state) {
200   return ReadRawVarint64(state) != 0;
201 }
202
203 int32_t GPBCodedInputStreamReadTag(GPBCodedInputStreamState *state) {
204   if (GPBCodedInputStreamIsAtEnd(state)) {
205     state->lastTag = 0;
206     return 0;
207   }
208
209   state->lastTag = ReadRawVarint32(state);
210   // Tags have to include a valid wireformat.
211   if (!GPBWireFormatIsValidTag(state->lastTag)) {
212     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag, @"Invalid wireformat in tag.");
213   }
214   // Zero is not a valid field number.
215   if (GPBWireFormatGetTagFieldNumber(state->lastTag) == 0) {
216     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag,
217                         @"A zero field number on the wire is invalid.");
218   }
219   return state->lastTag;
220 }
221
222 NSString *GPBCodedInputStreamReadRetainedString(GPBCodedInputStreamState *state) {
223   uint64_t size = GPBCodedInputStreamReadUInt64(state);
224   CheckFieldSize(size);
225   NSUInteger ns_size = (NSUInteger)size;
226   NSString *result;
227   if (size == 0) {
228     result = @"";
229   } else {
230     size_t size2 = (size_t)size;  // Cast safe on 32bit because of CheckFieldSize() above.
231     CheckSize(state, size2);
232     result = [[NSString alloc] initWithBytes:&state->bytes[state->bufferPos]
233                                       length:ns_size
234                                     encoding:NSUTF8StringEncoding];
235     state->bufferPos += size;
236     if (!result) {
237 #ifdef DEBUG
238       // https://developers.google.com/protocol-buffers/docs/proto#scalar
239       NSLog(@"UTF-8 failure, is some field type 'string' when it should be "
240             @"'bytes'?");
241 #endif
242       GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidUTF8, nil);
243     }
244   }
245   return result;
246 }
247
248 NSData *GPBCodedInputStreamReadRetainedBytes(GPBCodedInputStreamState *state) {
249   uint64_t size = GPBCodedInputStreamReadUInt64(state);
250   CheckFieldSize(size);
251   size_t size2 = (size_t)size;  // Cast safe on 32bit because of CheckFieldSize() above.
252   CheckSize(state, size2);
253   NSUInteger ns_size = (NSUInteger)size;
254   NSData *result = [[NSData alloc] initWithBytes:state->bytes + state->bufferPos length:ns_size];
255   state->bufferPos += size;
256   return result;
257 }
258
259 NSData *GPBCodedInputStreamReadRetainedBytesNoCopy(GPBCodedInputStreamState *state) {
260   uint64_t size = GPBCodedInputStreamReadUInt64(state);
261   CheckFieldSize(size);
262   size_t size2 = (size_t)size;  // Cast safe on 32bit because of CheckFieldSize() above.
263   CheckSize(state, size2);
264   NSUInteger ns_size = (NSUInteger)size;
265   // Cast is safe because freeWhenDone is NO.
266   NSData *result = [[NSData alloc] initWithBytesNoCopy:(void *)(state->bytes + state->bufferPos)
267                                                 length:ns_size
268                                           freeWhenDone:NO];
269   state->bufferPos += size;
270   return result;
271 }
272
273 static void SkipToEndGroupInternal(GPBCodedInputStreamState *state, uint32_t endGroupTag) {
274   CheckRecursionLimit(state);
275   ++state->recursionDepth;
276   while (YES) {
277     uint32_t tag = GPBCodedInputStreamReadTag(state);
278     if (tag == endGroupTag || tag == 0) {
279       GPBCodedInputStreamCheckLastTagWas(state, endGroupTag);  // Will fail for end of input.
280       --state->recursionDepth;
281       return;
282     }
283     switch (GPBWireFormatGetTagWireType(tag)) {
284       case GPBWireFormatVarint:
285         (void)ReadRawVarint64(state);
286         break;
287       case GPBWireFormatFixed64:
288         SkipRawData(state, sizeof(uint64_t));
289         break;
290       case GPBWireFormatLengthDelimited: {
291         uint64_t size = ReadRawVarint64(state);
292         CheckFieldSize(size);
293         size_t size2 = (size_t)size;  // Cast safe on 32bit because of CheckFieldSize() above.
294         SkipRawData(state, size2);
295         break;
296       }
297       case GPBWireFormatStartGroup:
298         SkipToEndGroupInternal(state, GPBWireFormatMakeTag(GPBWireFormatGetTagFieldNumber(tag),
299                                                            GPBWireFormatEndGroup));
300         break;
301       case GPBWireFormatEndGroup:
302         GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag, @"Unmatched end group");
303         break;
304       case GPBWireFormatFixed32:
305         SkipRawData(state, sizeof(uint32_t));
306         break;
307     }
308   }
309 }
310
311 // This doesn't include the start group, but it collects all bytes until the end group including
312 // the end group tag.
313 NSData *GPBCodedInputStreamReadRetainedBytesToEndGroupNoCopy(GPBCodedInputStreamState *state,
314                                                              int32_t fieldNumber) {
315   // Better have just read the start of the group.
316   GPBCodedInputStreamCheckLastTagWas(state,
317                                      GPBWireFormatMakeTag(fieldNumber, GPBWireFormatStartGroup));
318   const uint8_t *start = state->bytes + state->bufferPos;
319   SkipToEndGroupInternal(state, GPBWireFormatMakeTag(fieldNumber, GPBWireFormatEndGroup));
320   // This will be after the end group tag.
321   const uint8_t *end = state->bytes + state->bufferPos;
322   return [[NSData alloc] initWithBytesNoCopy:(void *)start
323                                       length:(NSUInteger)(end - start)
324                                 freeWhenDone:NO];
325 }
326
327 size_t GPBCodedInputStreamPushLimit(GPBCodedInputStreamState *state, size_t byteLimit) {
328   byteLimit += state->bufferPos;
329   size_t oldLimit = state->currentLimit;
330   if (byteLimit > oldLimit) {
331     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidSubsectionLimit, nil);
332   }
333   state->currentLimit = byteLimit;
334   return oldLimit;
335 }
336
337 void GPBCodedInputStreamPopLimit(GPBCodedInputStreamState *state, size_t oldLimit) {
338   state->currentLimit = oldLimit;
339 }
340
341 size_t GPBCodedInputStreamBytesUntilLimit(GPBCodedInputStreamState *state) {
342   return state->currentLimit - state->bufferPos;
343 }
344
345 BOOL GPBCodedInputStreamIsAtEnd(GPBCodedInputStreamState *state) {
346   return (state->bufferPos == state->bufferSize) || (state->bufferPos == state->currentLimit);
347 }
348
349 void GPBCodedInputStreamCheckLastTagWas(GPBCodedInputStreamState *state, int32_t value) {
350   if (state->lastTag != value) {
351     GPBRaiseStreamError(GPBCodedInputStreamErrorInvalidTag, @"Unexpected tag read");
352   }
353 }
354
355 @implementation GPBCodedInputStream
356
357 + (instancetype)streamWithData:(NSData *)data {
358   return [[[self alloc] initWithData:data] autorelease];
359 }
360
361 - (instancetype)initWithData:(NSData *)data {
362   if ((self = [super init])) {
363 #ifdef DEBUG
364     NSCAssert([self class] == [GPBCodedInputStream class],
365               @"Subclassing of GPBCodedInputStream is not allowed.");
366 #endif
367     buffer_ = [data retain];
368     state_.bytes = (const uint8_t *)[data bytes];
369     state_.bufferSize = [data length];
370     state_.currentLimit = state_.bufferSize;
371   }
372   return self;
373 }
374
375 - (void)dealloc {
376   [buffer_ release];
377   [super dealloc];
378 }
379
380 // Direct access is use for speed, to avoid even internally declaring things
381 // read/write, etc. The warning is enabled in the project to ensure code calling
382 // protos can turn on -Wdirect-ivar-access without issues.
383 #pragma clang diagnostic push
384 #pragma clang diagnostic ignored "-Wdirect-ivar-access"
385
386 - (int32_t)readTag {
387   return GPBCodedInputStreamReadTag(&state_);
388 }
389
390 - (void)checkLastTagWas:(int32_t)value {
391   GPBCodedInputStreamCheckLastTagWas(&state_, value);
392 }
393
394 - (BOOL)skipField:(int32_t)tag {
395   NSAssert(GPBWireFormatIsValidTag(tag), @"Invalid tag");
396   switch (GPBWireFormatGetTagWireType(tag)) {
397     case GPBWireFormatVarint:
398       GPBCodedInputStreamReadInt32(&state_);
399       return YES;
400     case GPBWireFormatFixed64:
401       SkipRawData(&state_, sizeof(int64_t));
402       return YES;
403     case GPBWireFormatLengthDelimited: {
404       uint64_t size = GPBCodedInputStreamReadUInt64(&state_);
405       CheckFieldSize(size);
406       size_t size2 = (size_t)size;  // Cast safe on 32bit because of CheckFieldSize() above.
407       SkipRawData(&state_, size2);
408       return YES;
409     }
410     case GPBWireFormatStartGroup:
411       [self skipMessage];
412       GPBCodedInputStreamCheckLastTagWas(
413           &state_,
414           GPBWireFormatMakeTag(GPBWireFormatGetTagFieldNumber(tag), GPBWireFormatEndGroup));
415       return YES;
416     case GPBWireFormatEndGroup:
417       return NO;
418     case GPBWireFormatFixed32:
419       SkipRawData(&state_, sizeof(int32_t));
420       return YES;
421   }
422 }
423
424 - (void)skipMessage {
425   while (YES) {
426     int32_t tag = GPBCodedInputStreamReadTag(&state_);
427     if (tag == 0 || ![self skipField:tag]) {
428       return;
429     }
430   }
431 }
432
433 - (BOOL)isAtEnd {
434   return GPBCodedInputStreamIsAtEnd(&state_);
435 }
436
437 - (size_t)position {
438   return state_.bufferPos;
439 }
440
441 - (size_t)pushLimit:(size_t)byteLimit {
442   return GPBCodedInputStreamPushLimit(&state_, byteLimit);
443 }
444
445 - (void)popLimit:(size_t)oldLimit {
446   GPBCodedInputStreamPopLimit(&state_, oldLimit);
447 }
448
449 - (size_t)bytesUntilLimit {
450   return GPBCodedInputStreamBytesUntilLimit(&state_);
451 }
452
453 - (double)readDouble {
454   return GPBCodedInputStreamReadDouble(&state_);
455 }
456
457 - (float)readFloat {
458   return GPBCodedInputStreamReadFloat(&state_);
459 }
460
461 - (uint64_t)readUInt64 {
462   return GPBCodedInputStreamReadUInt64(&state_);
463 }
464
465 - (int64_t)readInt64 {
466   return GPBCodedInputStreamReadInt64(&state_);
467 }
468
469 - (int32_t)readInt32 {
470   return GPBCodedInputStreamReadInt32(&state_);
471 }
472
473 - (uint64_t)readFixed64 {
474   return GPBCodedInputStreamReadFixed64(&state_);
475 }
476
477 - (uint32_t)readFixed32 {
478   return GPBCodedInputStreamReadFixed32(&state_);
479 }
480
481 - (BOOL)readBool {
482   return GPBCodedInputStreamReadBool(&state_);
483 }
484
485 - (NSString *)readString {
486   return [GPBCodedInputStreamReadRetainedString(&state_) autorelease];
487 }
488
489 - (void)readGroup:(int32_t)fieldNumber
490               message:(GPBMessage *)message
491     extensionRegistry:(id<GPBExtensionRegistry>)extensionRegistry {
492   CheckRecursionLimit(&state_);
493   ++state_.recursionDepth;
494   [message mergeFromCodedInputStream:self
495                    extensionRegistry:extensionRegistry
496                            endingTag:GPBWireFormatMakeTag(fieldNumber, GPBWireFormatEndGroup)];
497   --state_.recursionDepth;
498 }
499
500 - (void)readMessage:(GPBMessage *)message
501     extensionRegistry:(id<GPBExtensionRegistry>)extensionRegistry {
502   CheckRecursionLimit(&state_);
503   uint64_t length = GPBCodedInputStreamReadUInt64(&state_);
504   CheckFieldSize(length);
505   size_t length2 = (size_t)length;  // Cast safe on 32bit because of CheckFieldSize() above.
506   size_t oldLimit = GPBCodedInputStreamPushLimit(&state_, length2);
507   ++state_.recursionDepth;
508   [message mergeFromCodedInputStream:self extensionRegistry:extensionRegistry endingTag:0];
509   --state_.recursionDepth;
510   GPBCodedInputStreamPopLimit(&state_, oldLimit);
511 }
512
513 - (void)readMapEntry:(id)mapDictionary
514     extensionRegistry:(id<GPBExtensionRegistry>)extensionRegistry
515                 field:(GPBFieldDescriptor *)field
516         parentMessage:(GPBMessage *)parentMessage {
517   CheckRecursionLimit(&state_);
518   uint64_t length = GPBCodedInputStreamReadUInt64(&state_);
519   CheckFieldSize(length);
520   size_t length2 = (size_t)length;  // Cast safe on 32bit because of CheckFieldSize() above.
521   size_t oldLimit = GPBCodedInputStreamPushLimit(&state_, length2);
522   ++state_.recursionDepth;
523   GPBDictionaryReadEntry(mapDictionary, self, extensionRegistry, field, parentMessage);
524   GPBCodedInputStreamCheckLastTagWas(&state_, 0);
525   --state_.recursionDepth;
526   GPBCodedInputStreamPopLimit(&state_, oldLimit);
527 }
528
529 - (NSData *)readBytes {
530   return [GPBCodedInputStreamReadRetainedBytes(&state_) autorelease];
531 }
532
533 - (uint32_t)readUInt32 {
534   return GPBCodedInputStreamReadUInt32(&state_);
535 }
536
537 - (int32_t)readEnum {
538   return GPBCodedInputStreamReadEnum(&state_);
539 }
540
541 - (int32_t)readSFixed32 {
542   return GPBCodedInputStreamReadSFixed32(&state_);
543 }
544
545 - (int64_t)readSFixed64 {
546   return GPBCodedInputStreamReadSFixed64(&state_);
547 }
548
549 - (int32_t)readSInt32 {
550   return GPBCodedInputStreamReadSInt32(&state_);
551 }
552
553 - (int64_t)readSInt64 {
554   return GPBCodedInputStreamReadSInt64(&state_);
555 }
556
557 #pragma clang diagnostic pop
558
559 @end