mirror of
git://jb55.com/damus
synced 2024-09-30 00:40:45 +00:00
618 lines
22 KiB
C
618 lines
22 KiB
C
/*
|
|
* Runtime support for verifying flatbuffers.
|
|
*
|
|
* Depends mutually on generated verifier functions for table types that
|
|
* call into this library.
|
|
*/
|
|
#include <string.h>
|
|
|
|
#include "flatcc_rtconfig.h"
|
|
#include "flatcc_flatbuffers.h"
|
|
#include "flatcc_verifier.h"
|
|
#include "flatcc_identifier.h"
|
|
|
|
/* Customization for testing. */
|
|
#if FLATCC_DEBUG_VERIFY
|
|
#define FLATCC_VERIFIER_ASSERT_ON_ERROR 1
|
|
#include <stdio.h>
|
|
#define FLATCC_VERIFIER_ASSERT(cond, reason) \
|
|
if (!(cond)) { fprintf(stderr, "verifier assert: %s\n", \
|
|
flatcc_verify_error_string(reason)); FLATCC_ASSERT(0); return reason; }
|
|
#endif
|
|
|
|
#if FLATCC_TRACE_VERIFY
|
|
#include <stdio.h>
|
|
#define trace_verify(s, p) \
|
|
fprintf(stderr, "trace verify: %s: 0x%02x\n", (s), (unsigned)(size_t)(p));
|
|
#else
|
|
#define trace_verify(s, p) ((void)0)
|
|
#endif
|
|
|
|
/* The runtime library does not use the global config file. */
|
|
|
|
/* This is a guideline, not an exact measure. */
|
|
#ifndef FLATCC_VERIFIER_MAX_LEVELS
|
|
#define FLATCC_VERIFIER_MAX_LEVELS 100
|
|
#endif
|
|
|
|
#ifndef FLATCC_VERIFIER_ASSERT_ON_ERROR
|
|
#define FLATCC_VERIFIER_ASSERT_ON_ERROR 0
|
|
#endif
|
|
|
|
/*
|
|
* Generally a check should tell if a buffer is valid or not such
|
|
* that runtime can take appropriate actions rather than crash,
|
|
* also in debug, but assertions are helpful in debugging a problem.
|
|
*
|
|
* This must be compiled into the debug runtime library to take effect.
|
|
*/
|
|
#ifndef FLATCC_VERIFIER_ASSERT_ON_ERROR
|
|
#define FLATCC_VERIFIER_ASSERT_ON_ERROR 1
|
|
#endif
|
|
|
|
/* May be redefined for logging purposes. */
|
|
#ifndef FLATCC_VERIFIER_ASSERT
|
|
#define FLATCC_VERIFIER_ASSERT(cond, reason) FLATCC_ASSERT(cond)
|
|
#endif
|
|
|
|
#if FLATCC_VERIFIER_ASSERT_ON_ERROR
|
|
#define flatcc_verify(cond, reason) if (!(cond)) { FLATCC_VERIFIER_ASSERT(cond, reason); return reason; }
|
|
#else
|
|
#define flatcc_verify(cond, reason) if (!(cond)) { return reason; }
|
|
#endif
|
|
|
|
|
|
#define uoffset_t flatbuffers_uoffset_t
|
|
#define soffset_t flatbuffers_soffset_t
|
|
#define voffset_t flatbuffers_voffset_t
|
|
#define utype_t flatbuffers_utype_t
|
|
#define thash_t flatbuffers_thash_t
|
|
|
|
#define uoffset_size sizeof(uoffset_t)
|
|
#define soffset_size sizeof(soffset_t)
|
|
#define voffset_size sizeof(voffset_t)
|
|
#define utype_size sizeof(utype_t)
|
|
#define thash_size sizeof(thash_t)
|
|
#define offset_size uoffset_size
|
|
|
|
const char *flatcc_verify_error_string(int err)
|
|
{
|
|
switch (err) {
|
|
#define XX(no, str) \
|
|
case flatcc_verify_error_##no: \
|
|
return str;
|
|
FLATCC_VERIFY_ERROR_MAP(XX)
|
|
#undef XX
|
|
default:
|
|
return "unknown";
|
|
}
|
|
}
|
|
|
|
/* `cond` may have side effects. */
|
|
#define verify(cond, reason) do { int c = (cond); flatcc_verify(c, reason); } while(0)
|
|
|
|
/*
|
|
* Identify checks related to runtime conditions (buffer size and
|
|
* alignment) as seperate from those related to buffer content.
|
|
*/
|
|
#define verify_runtime(cond, reason) verify(cond, reason)
|
|
|
|
#define check_result(x) if (x) { return (x); }
|
|
|
|
#define check_field(td, id, required, base) do { \
|
|
int ret = get_offset_field(td, id, required, &base); \
|
|
if (ret || !base) { return ret; }} while (0)
|
|
|
|
static inline uoffset_t read_uoffset(const void *p, uoffset_t base)
|
|
{
|
|
return __flatbuffers_uoffset_read_from_pe((uint8_t *)p + base);
|
|
}
|
|
|
|
static inline thash_t read_thash_identifier(const char *identifier)
|
|
{
|
|
return flatbuffers_type_hash_from_string(identifier);
|
|
}
|
|
|
|
static inline thash_t read_thash(const void *p, uoffset_t base)
|
|
{
|
|
return __flatbuffers_thash_read_from_pe((uint8_t *)p + base);
|
|
}
|
|
|
|
static inline voffset_t read_voffset(const void *p, uoffset_t base)
|
|
{
|
|
return __flatbuffers_voffset_read_from_pe((uint8_t *)p + base);
|
|
}
|
|
|
|
static inline int check_header(uoffset_t end, uoffset_t base, uoffset_t offset)
|
|
{
|
|
uoffset_t k = base + offset;
|
|
|
|
if (uoffset_size <= voffset_size && k + offset_size < k) {
|
|
return 0;
|
|
}
|
|
|
|
/* The `k > base` rather than `k >= base` is to avoid null offsets. */
|
|
return k > base && k + offset_size <= end && !(k & (offset_size - 1));
|
|
}
|
|
|
|
static inline int check_aligned_header(uoffset_t end, uoffset_t base, uoffset_t offset, uint16_t align)
|
|
{
|
|
uoffset_t k = base + offset;
|
|
|
|
if (uoffset_size <= voffset_size && k + offset_size < k) {
|
|
return 0;
|
|
}
|
|
/* Alignment refers to element 0 and header must also be aligned. */
|
|
align = align < uoffset_size ? uoffset_size : align;
|
|
|
|
/* Note to self: the builder can also use the mask OR trick to propagate `min_align`. */
|
|
return k > base && k + offset_size <= end && !((k + offset_size) & ((offset_size - 1) | (align - 1u)));
|
|
}
|
|
|
|
static inline int verify_struct(uoffset_t end, uoffset_t base, uoffset_t offset, uoffset_t size, uint16_t align)
|
|
{
|
|
/* Structs can have zero size so `end` is a valid value. */
|
|
if (offset == 0 || base + offset > end) {
|
|
return flatcc_verify_error_offset_out_of_range;
|
|
}
|
|
base += offset;
|
|
verify(base + size >= base, flatcc_verify_error_struct_size_overflow);
|
|
verify(base + size <= end, flatcc_verify_error_struct_out_of_range);
|
|
verify (!(base & (align - 1u)), flatcc_verify_error_struct_unaligned);
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
static inline voffset_t read_vt_entry(flatcc_table_verifier_descriptor_t *td, voffset_t id)
|
|
{
|
|
voffset_t vo = (id + 2u) * sizeof(voffset_t);
|
|
|
|
/* Assumes tsize has been verified for alignment. */
|
|
if (vo >= td->vsize) {
|
|
return 0;
|
|
}
|
|
return read_voffset(td->vtable, vo);
|
|
}
|
|
|
|
static inline const void *get_field_ptr(flatcc_table_verifier_descriptor_t *td, voffset_t id)
|
|
{
|
|
voffset_t vte = read_vt_entry(td, id);
|
|
return vte ? (const uint8_t *)td->buf + td->table + vte : 0;
|
|
}
|
|
|
|
static int verify_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, uoffset_t size, uint16_t align)
|
|
{
|
|
uoffset_t k, k2;
|
|
voffset_t vte;
|
|
uoffset_t base = (uoffset_t)(size_t)td->buf;
|
|
|
|
|
|
/*
|
|
* Otherwise range check assumptions break, and normal access code likely also.
|
|
* We don't require voffset_size < uoffset_size, but some checks are faster if true.
|
|
*/
|
|
FLATCC_ASSERT(uoffset_size >= voffset_size);
|
|
FLATCC_ASSERT(soffset_size == uoffset_size);
|
|
|
|
vte = read_vt_entry(td, id);
|
|
if (!vte) {
|
|
verify(!required, flatcc_verify_error_required_field_missing);
|
|
return flatcc_verify_ok;
|
|
}
|
|
trace_verify("table buffer", td->buf);
|
|
trace_verify("table", td->table);
|
|
trace_verify("id", id);
|
|
trace_verify("vte", vte);
|
|
|
|
/*
|
|
* Note that we don't add td.table to k and we test against table
|
|
* size not table end or buffer end. Otherwise it would not be safe
|
|
* to optimized out the k <= k2 check for normal uoffset and voffset
|
|
* configurations.
|
|
*/
|
|
k = vte;
|
|
k2 = k + size;
|
|
verify(k2 <= td->tsize, flatcc_verify_error_table_field_out_of_range);
|
|
/* This normally optimizes to nop. */
|
|
verify(uoffset_size > voffset_size || k <= k2, flatcc_verify_error_table_field_size_overflow);
|
|
trace_verify("table + vte", vte + td->table);
|
|
k += td->table + base;
|
|
trace_verify("entry: buf + table + vte", k);
|
|
trace_verify("align", align);
|
|
trace_verify("align masked entry", k & (align - 1u));
|
|
verify(!(k & (align - 1u)), flatcc_verify_error_table_field_not_aligned);
|
|
/* We assume the table size has already been verified. */
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
static int get_offset_field(flatcc_table_verifier_descriptor_t *td, voffset_t id, int required, uoffset_t *out)
|
|
{
|
|
uoffset_t k, k2;
|
|
voffset_t vte;
|
|
|
|
vte = read_vt_entry(td, id);
|
|
if (!vte) {
|
|
*out = 0;
|
|
if (required) {
|
|
return flatcc_verify_error_required_field_missing;
|
|
}
|
|
/* Missing, but not invalid. */
|
|
return flatcc_verify_ok;
|
|
}
|
|
/*
|
|
* Note that we don't add td.table to k and we test against table
|
|
* size not table end or buffer end. Otherwise it would not be safe
|
|
* to optimized out the k <= k2 check for normal uoffset and voffset
|
|
* configurations.
|
|
*/
|
|
k = vte;
|
|
k2 = k + offset_size;
|
|
verify(k2 <= td->tsize, flatcc_verify_error_table_field_out_of_range);
|
|
/* This normally optimizes to nop. */
|
|
verify(uoffset_size > voffset_size || k <= k2, flatcc_verify_error_table_field_size_overflow);
|
|
k += td->table;
|
|
verify(!(k & (offset_size - 1u)), flatcc_verify_error_table_field_not_aligned);
|
|
/* We assume the table size has already been verified. */
|
|
*out = k;
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
static inline int verify_string(const void *buf, uoffset_t end, uoffset_t base, uoffset_t offset)
|
|
{
|
|
uoffset_t n;
|
|
|
|
verify(check_header(end, base, offset), flatcc_verify_error_string_header_out_of_range_or_unaligned);
|
|
base += offset;
|
|
n = read_uoffset(buf, base);
|
|
base += offset_size;
|
|
verify(end - base > n, flatcc_verify_error_string_out_of_range);
|
|
verify(((uint8_t *)buf + base)[n] == 0, flatcc_verify_error_string_not_zero_terminated);
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
/*
|
|
* Keep interface somwewhat similar ot flatcc_builder_start_vector.
|
|
* `max_count` is a precomputed division to manage overflow check on vector length.
|
|
*/
|
|
static inline int verify_vector(const void *buf, uoffset_t end, uoffset_t base, uoffset_t offset, uoffset_t elem_size, uint16_t align, uoffset_t max_count)
|
|
{
|
|
uoffset_t n;
|
|
|
|
verify(check_aligned_header(end, base, offset, align), flatcc_verify_error_vector_header_out_of_range_or_unaligned);
|
|
base += offset;
|
|
n = read_uoffset(buf, base);
|
|
base += offset_size;
|
|
/* `n * elem_size` can overflow uncontrollably otherwise. */
|
|
verify(n <= max_count, flatcc_verify_error_vector_count_exceeds_representable_vector_size);
|
|
verify(end - base >= n * elem_size, flatcc_verify_error_vector_out_of_range);
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
static inline int verify_string_vector(const void *buf, uoffset_t end, uoffset_t base, uoffset_t offset)
|
|
{
|
|
uoffset_t i, n;
|
|
|
|
check_result(verify_vector(buf, end, base, offset, offset_size, offset_size, FLATBUFFERS_COUNT_MAX(offset_size)));
|
|
base += offset;
|
|
n = read_uoffset(buf, base);
|
|
base += offset_size;
|
|
for (i = 0; i < n; ++i, base += offset_size) {
|
|
check_result(verify_string(buf, end, base, read_uoffset(buf, base)));
|
|
}
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
static inline int verify_table(const void *buf, uoffset_t end, uoffset_t base, uoffset_t offset,
|
|
int ttl, flatcc_table_verifier_f tvf)
|
|
{
|
|
uoffset_t vbase, vend;
|
|
flatcc_table_verifier_descriptor_t td;
|
|
|
|
verify((td.ttl = ttl - 1), flatcc_verify_error_max_nesting_level_reached);
|
|
verify(check_header(end, base, offset), flatcc_verify_error_table_header_out_of_range_or_unaligned);
|
|
td.table = base + offset;
|
|
/* Read vtable offset - it is signed, but we want it unsigned, assuming 2's complement works. */
|
|
vbase = td.table - read_uoffset(buf, td.table);
|
|
verify((soffset_t)vbase >= 0 && !(vbase & (voffset_size - 1)), flatcc_verify_error_vtable_offset_out_of_range_or_unaligned);
|
|
verify(vbase + voffset_size <= end, flatcc_verify_error_vtable_header_out_of_range);
|
|
/* Read vtable size. */
|
|
td.vsize = read_voffset(buf, vbase);
|
|
vend = vbase + td.vsize;
|
|
verify(vend <= end && !(td.vsize & (voffset_size - 1)), flatcc_verify_error_vtable_size_out_of_range_or_unaligned);
|
|
/* Optimizes away overflow check if uoffset_t is large enough. */
|
|
verify(uoffset_size > voffset_size || vend >= vbase, flatcc_verify_error_vtable_size_overflow);
|
|
|
|
verify(td.vsize >= 2 * voffset_size, flatcc_verify_error_vtable_header_too_small);
|
|
/* Read table size. */
|
|
td.tsize = read_voffset(buf, vbase + voffset_size);
|
|
verify(end - td.table >= td.tsize, flatcc_verify_error_table_size_out_of_range);
|
|
td.vtable = (uint8_t *)buf + vbase;
|
|
td.buf = buf;
|
|
td.end = end;
|
|
return tvf(&td);
|
|
}
|
|
|
|
static inline int verify_table_vector(const void *buf, uoffset_t end, uoffset_t base, uoffset_t offset, int ttl, flatcc_table_verifier_f tvf)
|
|
{
|
|
uoffset_t i, n;
|
|
|
|
verify(ttl-- > 0, flatcc_verify_error_max_nesting_level_reached);
|
|
check_result(verify_vector(buf, end, base, offset, offset_size, offset_size, FLATBUFFERS_COUNT_MAX(offset_size)));
|
|
base += offset;
|
|
n = read_uoffset(buf, base);
|
|
base += offset_size;
|
|
for (i = 0; i < n; ++i, base += offset_size) {
|
|
check_result(verify_table(buf, end, base, read_uoffset(buf, base), ttl, tvf));
|
|
}
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
static inline int verify_union_vector(const void *buf, uoffset_t end, uoffset_t base, uoffset_t offset,
|
|
uoffset_t count, const utype_t *types, int ttl, flatcc_union_verifier_f uvf)
|
|
{
|
|
uoffset_t i, n, elem;
|
|
flatcc_union_verifier_descriptor_t ud;
|
|
|
|
verify(ttl-- > 0, flatcc_verify_error_max_nesting_level_reached);
|
|
check_result(verify_vector(buf, end, base, offset, offset_size, offset_size, FLATBUFFERS_COUNT_MAX(offset_size)));
|
|
base += offset;
|
|
n = read_uoffset(buf, base);
|
|
verify(n == count, flatcc_verify_error_union_vector_length_mismatch);
|
|
base += offset_size;
|
|
|
|
ud.buf = buf;
|
|
ud.end = end;
|
|
ud.ttl = ttl;
|
|
|
|
for (i = 0; i < n; ++i, base += offset_size) {
|
|
/* Table vectors can never be null, but unions can when the type is NONE. */
|
|
elem = read_uoffset(buf, base);
|
|
if (elem == 0) {
|
|
verify(types[i] == 0, flatcc_verify_error_union_element_absent_without_type_NONE);
|
|
} else {
|
|
verify(types[i] != 0, flatcc_verify_error_union_element_present_with_type_NONE);
|
|
ud.type = types[i];
|
|
ud.base = base;
|
|
ud.offset = elem;
|
|
check_result(uvf(&ud));
|
|
}
|
|
}
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
int flatcc_verify_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, size_t size, uint16_t align)
|
|
{
|
|
check_result(verify_field(td, id, 0, (uoffset_t)size, align));
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
int flatcc_verify_string_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required)
|
|
{
|
|
uoffset_t base;
|
|
|
|
check_field(td, id, required, base);
|
|
return verify_string(td->buf, td->end, base, read_uoffset(td->buf, base));
|
|
}
|
|
|
|
int flatcc_verify_vector_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, size_t elem_size, uint16_t align, size_t max_count)
|
|
{
|
|
uoffset_t base;
|
|
|
|
check_field(td, id, required, base);
|
|
return verify_vector(td->buf, td->end, base, read_uoffset(td->buf, base),
|
|
(uoffset_t)elem_size, align, (uoffset_t)max_count);
|
|
}
|
|
|
|
int flatcc_verify_string_vector_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required)
|
|
{
|
|
uoffset_t base;
|
|
|
|
check_field(td, id, required, base);
|
|
return verify_string_vector(td->buf, td->end, base, read_uoffset(td->buf, base));
|
|
}
|
|
|
|
int flatcc_verify_table_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, flatcc_table_verifier_f tvf)
|
|
{
|
|
uoffset_t base;
|
|
|
|
check_field(td, id, required, base);
|
|
return verify_table(td->buf, td->end, base, read_uoffset(td->buf, base), td->ttl, tvf);
|
|
}
|
|
|
|
int flatcc_verify_table_vector_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, flatcc_table_verifier_f tvf)
|
|
{
|
|
uoffset_t base;
|
|
|
|
check_field(td, id, required, base);
|
|
return verify_table_vector(td->buf, td->end, base, read_uoffset(td->buf, base), td->ttl, tvf);
|
|
}
|
|
|
|
int flatcc_verify_union_table(flatcc_union_verifier_descriptor_t *ud, flatcc_table_verifier_f *tvf)
|
|
{
|
|
return verify_table(ud->buf, ud->end, ud->base, ud->offset, ud->ttl, tvf);
|
|
}
|
|
|
|
int flatcc_verify_union_struct(flatcc_union_verifier_descriptor_t *ud, size_t size, uint16_t align)
|
|
{
|
|
return verify_struct(ud->end, ud->base, ud->offset, (uoffset_t)size, align);
|
|
}
|
|
|
|
int flatcc_verify_union_string(flatcc_union_verifier_descriptor_t *ud)
|
|
{
|
|
return verify_string(ud->buf, ud->end, ud->base, ud->offset);
|
|
}
|
|
|
|
int flatcc_verify_buffer_header(const void *buf, size_t bufsiz, const char *fid)
|
|
{
|
|
thash_t id, id2;
|
|
|
|
verify_runtime(!(((size_t)buf) & (offset_size - 1)), flatcc_verify_error_runtime_buffer_header_not_aligned);
|
|
/* -8 ensures no scalar or offset field size can overflow. */
|
|
verify_runtime(bufsiz <= FLATBUFFERS_UOFFSET_MAX - 8, flatcc_verify_error_runtime_buffer_size_too_large);
|
|
/*
|
|
* Even if we specify no fid, the user might later. Therefore
|
|
* require space for it. Not all buffer generators will take this
|
|
* into account, so it is possible to fail an otherwise valid buffer
|
|
* - but such buffers aren't safe.
|
|
*/
|
|
verify(bufsiz >= offset_size + FLATBUFFERS_IDENTIFIER_SIZE, flatcc_verify_error_buffer_header_too_small);
|
|
if (fid != 0) {
|
|
id2 = read_thash_identifier(fid);
|
|
id = read_thash(buf, offset_size);
|
|
verify(id2 == 0 || id == id2, flatcc_verify_error_identifier_mismatch);
|
|
}
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
int flatcc_verify_typed_buffer_header(const void *buf, size_t bufsiz, flatbuffers_thash_t thash)
|
|
{
|
|
thash_t id, id2;
|
|
|
|
verify_runtime(!(((size_t)buf) & (offset_size - 1)), flatcc_verify_error_runtime_buffer_header_not_aligned);
|
|
/* -8 ensures no scalar or offset field size can overflow. */
|
|
verify_runtime(bufsiz <= FLATBUFFERS_UOFFSET_MAX - 8, flatcc_verify_error_runtime_buffer_size_too_large);
|
|
/*
|
|
* Even if we specify no fid, the user might later. Therefore
|
|
* require space for it. Not all buffer generators will take this
|
|
* into account, so it is possible to fail an otherwise valid buffer
|
|
* - but such buffers aren't safe.
|
|
*/
|
|
verify(bufsiz >= offset_size + FLATBUFFERS_IDENTIFIER_SIZE, flatcc_verify_error_buffer_header_too_small);
|
|
if (thash != 0) {
|
|
id2 = thash;
|
|
id = read_thash(buf, offset_size);
|
|
verify(id2 == 0 || id == id2, flatcc_verify_error_identifier_mismatch);
|
|
}
|
|
return flatcc_verify_ok;
|
|
}
|
|
|
|
int flatcc_verify_struct_as_root(const void *buf, size_t bufsiz, const char *fid, size_t size, uint16_t align)
|
|
{
|
|
check_result(flatcc_verify_buffer_header(buf, bufsiz, fid));
|
|
return verify_struct((uoffset_t)bufsiz, 0, read_uoffset(buf, 0), (uoffset_t)size, align);
|
|
}
|
|
|
|
int flatcc_verify_struct_as_typed_root(const void *buf, size_t bufsiz, flatbuffers_thash_t thash, size_t size, uint16_t align)
|
|
{
|
|
check_result(flatcc_verify_typed_buffer_header(buf, bufsiz, thash));
|
|
return verify_struct((uoffset_t)bufsiz, 0, read_uoffset(buf, 0), (uoffset_t)size, align);
|
|
}
|
|
|
|
int flatcc_verify_table_as_root(const void *buf, size_t bufsiz, const char *fid, flatcc_table_verifier_f *tvf)
|
|
{
|
|
check_result(flatcc_verify_buffer_header(buf, (uoffset_t)bufsiz, fid));
|
|
return verify_table(buf, (uoffset_t)bufsiz, 0, read_uoffset(buf, 0), FLATCC_VERIFIER_MAX_LEVELS, tvf);
|
|
}
|
|
|
|
int flatcc_verify_table_as_typed_root(const void *buf, size_t bufsiz, flatbuffers_thash_t thash, flatcc_table_verifier_f *tvf)
|
|
{
|
|
check_result(flatcc_verify_typed_buffer_header(buf, (uoffset_t)bufsiz, thash));
|
|
return verify_table(buf, (uoffset_t)bufsiz, 0, read_uoffset(buf, 0), FLATCC_VERIFIER_MAX_LEVELS, tvf);
|
|
}
|
|
|
|
int flatcc_verify_struct_as_nested_root(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, const char *fid, size_t size, uint16_t align)
|
|
{
|
|
const uoffset_t *buf;
|
|
uoffset_t bufsiz;
|
|
|
|
check_result(flatcc_verify_vector_field(td, id, required, align, 1, FLATBUFFERS_COUNT_MAX(1)));
|
|
if (0 == (buf = get_field_ptr(td, id))) {
|
|
return flatcc_verify_ok;
|
|
}
|
|
buf = (const uoffset_t *)((size_t)buf + read_uoffset(buf, 0));
|
|
bufsiz = read_uoffset(buf, 0);
|
|
++buf;
|
|
return flatcc_verify_struct_as_root(buf, bufsiz, fid, size, align);
|
|
}
|
|
|
|
int flatcc_verify_table_as_nested_root(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, const char *fid,
|
|
uint16_t align, flatcc_table_verifier_f tvf)
|
|
{
|
|
const uoffset_t *buf;
|
|
uoffset_t bufsiz;
|
|
|
|
check_result(flatcc_verify_vector_field(td, id, required, align, 1, FLATBUFFERS_COUNT_MAX(1)));
|
|
if (0 == (buf = get_field_ptr(td, id))) {
|
|
return flatcc_verify_ok;
|
|
}
|
|
buf = (const uoffset_t *)((size_t)buf + read_uoffset(buf, 0));
|
|
bufsiz = read_uoffset(buf, 0);
|
|
++buf;
|
|
/*
|
|
* Don't verify nested buffers identifier - information is difficult to get and
|
|
* might not be what is desired anyway. User can do it later.
|
|
*/
|
|
check_result(flatcc_verify_buffer_header(buf, bufsiz, fid));
|
|
return verify_table(buf, bufsiz, 0, read_uoffset(buf, 0), td->ttl, tvf);
|
|
}
|
|
|
|
int flatcc_verify_union_field(flatcc_table_verifier_descriptor_t *td,
|
|
voffset_t id, int required, flatcc_union_verifier_f uvf)
|
|
{
|
|
voffset_t vte_type, vte_table;
|
|
const uint8_t *type;
|
|
uoffset_t base;
|
|
flatcc_union_verifier_descriptor_t ud;
|
|
|
|
if (0 == (vte_type = read_vt_entry(td, id - 1))) {
|
|
vte_table = read_vt_entry(td, id);
|
|
verify(vte_table == 0, flatcc_verify_error_union_cannot_have_a_table_without_a_type);
|
|
verify(!required, flatcc_verify_error_type_field_absent_from_required_union_field);
|
|
return flatcc_verify_ok;
|
|
}
|
|
/* No need to check required here. */
|
|
check_result(verify_field(td, id - 1, 0, 1, 1));
|
|
/* Only now is it safe to read the type. */
|
|
vte_table = read_vt_entry(td, id);
|
|
type = (const uint8_t *)td->buf + td->table + vte_type;
|
|
verify(*type || vte_table == 0, flatcc_verify_error_union_type_NONE_cannot_have_a_value);
|
|
|
|
if (*type == 0) {
|
|
return flatcc_verify_ok;
|
|
}
|
|
check_field(td, id, required, base);
|
|
ud.buf = td->buf;
|
|
ud.end = td->end;
|
|
ud.ttl = td->ttl;
|
|
ud.base = base;
|
|
ud.offset = read_uoffset(td->buf, base);
|
|
ud.type = *type;
|
|
return uvf(&ud);
|
|
}
|
|
|
|
int flatcc_verify_union_vector_field(flatcc_table_verifier_descriptor_t *td,
|
|
flatbuffers_voffset_t id, int required, flatcc_union_verifier_f uvf)
|
|
{
|
|
voffset_t vte_type, vte_table;
|
|
const uoffset_t *buf;
|
|
const utype_t *types;
|
|
uoffset_t count, base;
|
|
|
|
if (0 == (vte_type = read_vt_entry(td, id - 1))) {
|
|
if (0 == (vte_table = read_vt_entry(td, id))) {
|
|
verify(!required, flatcc_verify_error_type_field_absent_from_required_union_vector_field);
|
|
}
|
|
}
|
|
check_result(flatcc_verify_vector_field(td, id - 1, required,
|
|
utype_size, utype_size, FLATBUFFERS_COUNT_MAX(utype_size)));
|
|
if (0 == (buf = get_field_ptr(td, id - 1))) {
|
|
return flatcc_verify_ok;
|
|
}
|
|
buf = (const uoffset_t *)((size_t)buf + read_uoffset(buf, 0));
|
|
count = read_uoffset(buf, 0);
|
|
++buf;
|
|
types = (utype_t *)buf;
|
|
|
|
check_field(td, id, required, base);
|
|
return verify_union_vector(td->buf, td->end, base, read_uoffset(td->buf, base),
|
|
count, types, td->ttl, uvf);
|
|
}
|