| /* |
| * Copyright © 2007, 2008 Ryan Lortie |
| * Copyright © 2010 Codethink Limited |
| * Copyright © 2020 William Manley |
| * |
| * SPDX-License-Identifier: LGPL-2.1-or-later |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation; either |
| * version 2.1 of the License, or (at your option) any later version. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public |
| * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
| * |
| * Author: Ryan Lortie <desrt@desrt.ca> |
| */ |
| |
| /* Prologue {{{1 */ |
| #include "config.h" |
| |
| #include "gvariant-serialiser.h" |
| |
| #include <glib/gvariant-internal.h> |
| #include <glib/gtestutils.h> |
| #include <glib/gstrfuncs.h> |
| #include <glib/gtypes.h> |
| |
| #include <string.h> |
| |
| |
| /* GVariantSerialiser |
| * |
| * After this prologue section, this file has roughly 2 parts. |
| * |
| * The first part is split up into sections according to various |
| * container types. Maybe, Array, Tuple, Variant. The Maybe and Array |
| * sections are subdivided for element types being fixed or |
| * variable-sized types. |
| * |
| * Each section documents the format of that particular type of |
| * container and implements 5 functions for dealing with it: |
| * |
| * n_children: |
| * - determines (according to serialized data) how many child values |
| * are inside a particular container value. |
| * |
| * get_child: |
| * - gets the type of and the serialized data corresponding to a |
| * given child value within the container value. |
| * |
| * needed_size: |
| * - determines how much space would be required to serialize a |
| * container of this type, containing the given children so that |
| * buffers can be preallocated before serializing. |
| * |
| * serialise: |
| * - write the serialized data for a container of this type, |
| * containing the given children, to a buffer. |
| * |
| * is_normal: |
| * - check the given data to ensure that it is in normal form. For a |
| * given set of child values, there is exactly one normal form for |
| * the serialized data of a container. Other forms are possible |
| * while maintaining the same children (for example, by inserting |
| * something other than zero bytes as padding) but only one form is |
| * the normal form. |
| * |
| * The second part contains the main entry point for each of the above 5 |
| * functions and logic to dispatch it to the handler for the appropriate |
| * container type code. |
| * |
| * The second part also contains a routine to byteswap serialized |
| * values. This code makes use of the n_children() and get_child() |
| * functions above to do its work so no extra support is needed on a |
| * per-container-type basis. |
| * |
| * There is also additional code for checking for normal form. All |
| * numeric types are always in normal form since the full range of |
| * values is permitted (eg: 0 to 255 is a valid byte). Special checks |
| * need to be performed for booleans (only 0 or 1 allowed), strings |
| * (properly nul-terminated) and object paths and signature strings |
| * (meeting the D-Bus specification requirements). Depth checks need to be |
| * performed for nested types (arrays, tuples, and variants), to avoid massive |
| * recursion which could exhaust our stack when handling untrusted input. |
| */ |
| |
| /* < private > |
| * GVariantSerialised: |
| * @type_info: the #GVariantTypeInfo of this value |
| * @data: (nullable): the serialized data of this value, or %NULL |
| * @size: the size of this value |
| * |
| * A structure representing a GVariant in serialized form. This |
| * structure is used with #GVariantSerialisedFiller functions and as the |
| * primary interface to the serializer. See #GVariantSerialisedFiller |
| * for a description of its use there. |
| * |
| * When used with the serializer API functions, the following invariants |
| * apply to all #GVariantTypeSerialised structures passed to and |
| * returned from the serializer. |
| * |
| * @type_info must be non-%NULL. |
| * |
| * @data must be properly aligned for the type described by @type_info. |
| * |
| * If @type_info describes a fixed-sized type then @size must always be |
| * equal to the fixed size of that type. |
| * |
| * For fixed-sized types (and only fixed-sized types), @data may be |
| * %NULL even if @size is non-zero. This happens when a framing error |
| * occurs while attempting to extract a fixed-sized value out of a |
| * variable-sized container. There is no data to return for the |
| * fixed-sized type, yet @size must be non-zero. The effect of this |
| * combination should be as if @data were a pointer to an |
| * appropriately-sized zero-filled region. |
| * |
| * @depth has no restrictions; the depth of a top-level serialized #GVariant is |
| * zero, and it increases for each level of nested child. |
| * |
| * @checked_offsets_up_to is always ≥ @ordered_offsets_up_to |
| */ |
| |
| /* < private > |
| * g_variant_serialised_check: |
| * @serialised: a #GVariantSerialised struct |
| * |
| * Checks @serialised for validity according to the invariants described |
| * above. |
| * |
| * Returns: %TRUE if @serialised is valid; %FALSE otherwise |
| */ |
| gboolean |
| g_variant_serialised_check (GVariantSerialised serialised) |
| { |
| gsize fixed_size; |
| guint alignment; |
| |
| if (serialised.type_info == NULL) |
| return FALSE; |
| g_variant_type_info_query (serialised.type_info, &alignment, &fixed_size); |
| |
| if (fixed_size != 0 && serialised.size != fixed_size) |
| return FALSE; |
| else if (fixed_size == 0 && |
| !(serialised.size == 0 || serialised.data != NULL)) |
| return FALSE; |
| |
| if (serialised.ordered_offsets_up_to > serialised.checked_offsets_up_to) |
| return FALSE; |
| |
| /* Depending on the native alignment requirements of the machine, the |
| * compiler will insert either 3 or 7 padding bytes after the char. |
| * This will result in the sizeof() the struct being 12 or 16. |
| * Subtract 9 to get 3 or 7 which is a nice bitmask to apply to get |
| * the alignment bits that we "care about" being zero: in the |
| * 4-aligned case, we care about 2 bits, and in the 8-aligned case, we |
| * care about 3 bits. |
| */ |
| alignment &= sizeof (struct { |
| char a; |
| union { |
| guint64 x; |
| void *y; |
| gdouble z; |
| } b; |
| } |
| ) - 9; |
| |
| /* Some OSes (FreeBSD is a known example) have a malloc() that returns |
| * unaligned memory if you request small sizes. 'malloc (1);', for |
| * example, has been seen to return pointers aligned to 6 mod 16. |
| * |
| * Check if this is a small allocation and return without enforcing |
| * the alignment assertion if this is the case. |
| */ |
| return (serialised.size <= alignment || |
| (alignment & (gsize) serialised.data) == 0); |
| } |
| |
| /* < private > |
| * GVariantSerialisedFiller: |
| * @serialised: a #GVariantSerialised instance to fill |
| * @data: data from the children array |
| * |
| * This function is called back from g_variant_serialiser_needed_size() |
| * and g_variant_serialiser_serialise(). It fills in missing details |
| * from a partially-complete #GVariantSerialised. |
| * |
| * The @data parameter passed back to the function is one of the items |
| * that was passed to the serializer in the @children array. It |
| * represents a single child item of the container that is being |
| * serialized. The information filled in to @serialised is the |
| * information for this child. |
| * |
| * If the @type_info field of @serialised is %NULL then the callback |
| * function must set it to the type information corresponding to the |
| * type of the child. No reference should be added. If it is non-%NULL |
| * then the callback should assert that it is equal to the actual type |
| * of the child. |
| * |
| * If the @size field is zero then the callback must fill it in with the |
| * required amount of space to store the serialized form of the child. |
| * If it is non-zero then the callback should assert that it is equal to |
| * the needed size of the child. |
| * |
| * If @data is non-%NULL then it points to a space that is properly |
| * aligned for and large enough to store the serialized data of the |
| * child. The callback must store the serialized form of the child at |
| * @data. |
| * |
| * If the child value is another container then the callback will likely |
| * recurse back into the serializer by calling |
| * g_variant_serialiser_needed_size() to determine @size and |
| * g_variant_serialiser_serialise() to write to @data. |
| */ |
| |
| /* PART 1: Container types {{{1 |
| * |
| * This section contains the serializer implementation functions for |
| * each container type. |
| */ |
| |
| /* Maybe {{{2 |
| * |
| * Maybe types are handled depending on if the element type of the maybe |
| * type is a fixed-sized or variable-sized type. Although all maybe |
| * types themselves are variable-sized types, herein, a maybe value with |
| * a fixed-sized element type is called a "fixed-sized maybe" for |
| * convenience and a maybe value with a variable-sized element type is |
| * called a "variable-sized maybe". |
| */ |
| |
| /* Fixed-sized Maybe {{{3 |
| * |
| * The size of a maybe value with a fixed-sized element type is either 0 |
| * or equal to the fixed size of its element type. The case where the |
| * size of the maybe value is zero corresponds to the "Nothing" case and |
| * the case where the size of the maybe value is equal to the fixed size |
| * of the element type corresponds to the "Just" case; in that case, the |
| * serialized data of the child value forms the entire serialized data |
| * of the maybe value. |
| * |
| * In the event that a fixed-sized maybe value is presented with a size |
| * that is not equal to the fixed size of the element type then the |
| * value must be taken to be "Nothing". |
| */ |
| |
| static gsize |
| gvs_fixed_sized_maybe_n_children (GVariantSerialised value) |
| { |
| gsize element_fixed_size; |
| |
| g_variant_type_info_query_element (value.type_info, NULL, |
| &element_fixed_size); |
| |
| return (element_fixed_size == value.size) ? 1 : 0; |
| } |
| |
| static GVariantSerialised |
| gvs_fixed_sized_maybe_get_child (GVariantSerialised value, |
| gsize index_) |
| { |
| /* the child has the same bounds as the |
| * container, so just update the type. |
| */ |
| value.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_ref (value.type_info); |
| value.depth++; |
| value.ordered_offsets_up_to = 0; |
| value.checked_offsets_up_to = 0; |
| |
| return value; |
| } |
| |
| static gsize |
| gvs_fixed_sized_maybe_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| if (n_children) |
| { |
| gsize element_fixed_size; |
| |
| g_variant_type_info_query_element (type_info, NULL, |
| &element_fixed_size); |
| |
| return element_fixed_size; |
| } |
| else |
| return 0; |
| } |
| |
| static void |
| gvs_fixed_sized_maybe_serialise (GVariantSerialised value, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| if (n_children) |
| { |
| GVariantSerialised child = { NULL, value.data, value.size, value.depth + 1, 0, 0 }; |
| |
| gvs_filler (&child, children[0]); |
| } |
| } |
| |
| static gboolean |
| gvs_fixed_sized_maybe_is_normal (GVariantSerialised value) |
| { |
| if (value.size > 0) |
| { |
| gsize element_fixed_size; |
| |
| g_variant_type_info_query_element (value.type_info, |
| NULL, &element_fixed_size); |
| |
| if (value.size != element_fixed_size) |
| return FALSE; |
| |
| /* proper element size: "Just". recurse to the child. */ |
| value.type_info = g_variant_type_info_element (value.type_info); |
| value.depth++; |
| value.ordered_offsets_up_to = 0; |
| value.checked_offsets_up_to = 0; |
| |
| return g_variant_serialised_is_normal (value); |
| } |
| |
| /* size of 0: "Nothing" */ |
| return TRUE; |
| } |
| |
| /* Variable-sized Maybe |
| * |
| * The size of a maybe value with a variable-sized element type is |
| * either 0 or strictly greater than 0. The case where the size of the |
| * maybe value is zero corresponds to the "Nothing" case and the case |
| * where the size of the maybe value is greater than zero corresponds to |
| * the "Just" case; in that case, the serialized data of the child value |
| * forms the first part of the serialized data of the maybe value and is |
| * followed by a single zero byte. This zero byte is always appended, |
| * regardless of any zero bytes that may already be at the end of the |
| * serialized ata of the child value. |
| */ |
| |
| static gsize |
| gvs_variable_sized_maybe_n_children (GVariantSerialised value) |
| { |
| return (value.size > 0) ? 1 : 0; |
| } |
| |
| static GVariantSerialised |
| gvs_variable_sized_maybe_get_child (GVariantSerialised value, |
| gsize index_) |
| { |
| /* remove the padding byte and update the type. */ |
| value.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_ref (value.type_info); |
| value.size--; |
| |
| /* if it's zero-sized then it may as well be NULL */ |
| if (value.size == 0) |
| value.data = NULL; |
| |
| value.depth++; |
| value.ordered_offsets_up_to = 0; |
| value.checked_offsets_up_to = 0; |
| |
| return value; |
| } |
| |
| static gsize |
| gvs_variable_sized_maybe_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| if (n_children) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| gvs_filler (&child, children[0]); |
| |
| return child.size + 1; |
| } |
| else |
| return 0; |
| } |
| |
| static void |
| gvs_variable_sized_maybe_serialise (GVariantSerialised value, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| if (n_children) |
| { |
| GVariantSerialised child = { NULL, value.data, value.size - 1, value.depth + 1, 0, 0 }; |
| |
| /* write the data for the child. */ |
| gvs_filler (&child, children[0]); |
| value.data[child.size] = '\0'; |
| } |
| } |
| |
| static gboolean |
| gvs_variable_sized_maybe_is_normal (GVariantSerialised value) |
| { |
| if (value.size == 0) |
| return TRUE; |
| |
| if (value.data[value.size - 1] != '\0') |
| return FALSE; |
| |
| value.type_info = g_variant_type_info_element (value.type_info); |
| value.size--; |
| value.depth++; |
| value.ordered_offsets_up_to = 0; |
| value.checked_offsets_up_to = 0; |
| |
| return g_variant_serialised_is_normal (value); |
| } |
| |
| /* Arrays {{{2 |
| * |
| * Just as with maybe types, array types are handled depending on if the |
| * element type of the array type is a fixed-sized or variable-sized |
| * type. Similar to maybe types, for convenience, an array value with a |
| * fixed-sized element type is called a "fixed-sized array" and an array |
| * value with a variable-sized element type is called a "variable sized |
| * array". |
| */ |
| |
| /* Fixed-sized Array {{{3 |
| * |
| * For fixed sized arrays, the serialized data is simply a concatenation |
| * of the serialized data of each element, in order. Since fixed-sized |
| * values always have a fixed size that is a multiple of their alignment |
| * requirement no extra padding is required. |
| * |
| * In the event that a fixed-sized array is presented with a size that |
| * is not an integer multiple of the element size then the value of the |
| * array must be taken as being empty. |
| */ |
| |
| static gsize |
| gvs_fixed_sized_array_n_children (GVariantSerialised value) |
| { |
| gsize element_fixed_size; |
| |
| g_variant_type_info_query_element (value.type_info, NULL, |
| &element_fixed_size); |
| |
| if (value.size % element_fixed_size == 0) |
| return value.size / element_fixed_size; |
| |
| return 0; |
| } |
| |
| static GVariantSerialised |
| gvs_fixed_sized_array_get_child (GVariantSerialised value, |
| gsize index_) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| child.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_query (child.type_info, NULL, &child.size); |
| child.data = value.data + (child.size * index_); |
| g_variant_type_info_ref (child.type_info); |
| child.depth = value.depth + 1; |
| |
| return child; |
| } |
| |
| static gsize |
| gvs_fixed_sized_array_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| gsize element_fixed_size; |
| |
| g_variant_type_info_query_element (type_info, NULL, &element_fixed_size); |
| |
| return element_fixed_size * n_children; |
| } |
| |
| static void |
| gvs_fixed_sized_array_serialise (GVariantSerialised value, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| GVariantSerialised child = { 0, }; |
| gsize i; |
| |
| child.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_query (child.type_info, NULL, &child.size); |
| child.data = value.data; |
| child.depth = value.depth + 1; |
| |
| for (i = 0; i < n_children; i++) |
| { |
| gvs_filler (&child, children[i]); |
| child.data += child.size; |
| } |
| } |
| |
| static gboolean |
| gvs_fixed_sized_array_is_normal (GVariantSerialised value) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| child.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_query (child.type_info, NULL, &child.size); |
| child.depth = value.depth + 1; |
| |
| if (value.size % child.size != 0) |
| return FALSE; |
| |
| for (child.data = value.data; |
| child.data < value.data + value.size; |
| child.data += child.size) |
| { |
| if (!g_variant_serialised_is_normal (child)) |
| return FALSE; |
| } |
| |
| return TRUE; |
| } |
| |
| /* Variable-sized Array {{{3 |
| * |
| * Variable sized arrays, containing variable-sized elements, must be |
| * able to determine the boundaries between the elements. The items |
| * cannot simply be concatenated. Additionally, we are faced with the |
| * fact that non-fixed-sized values do not necessarily have a size that |
| * is a multiple of their alignment requirement, so we may need to |
| * insert zero-filled padding. |
| * |
| * While it is possible to find the start of an item by starting from |
| * the end of the item before it and padding for alignment, it is not |
| * generally possible to do the reverse operation. For this reason, we |
| * record the end point of each element in the array. |
| * |
| * GVariant works in terms of "offsets". An offset is a pointer to a |
| * boundary between two bytes. In 4 bytes of serialized data, there |
| * would be 5 possible offsets: one at the start ('0'), one between each |
| * pair of adjacent bytes ('1', '2', '3') and one at the end ('4'). |
| * |
| * The numeric value of an offset is an unsigned integer given relative |
| * to the start of the serialized data of the array. Offsets are always |
| * stored in little endian byte order and are always only as big as they |
| * need to be. For example, in 255 bytes of serialized data, there are |
| * 256 offsets. All possibilities can be stored in an 8 bit unsigned |
| * integer. In 256 bytes of serialized data, however, there are 257 |
| * possible offsets so 16 bit integers must be used. The size of an |
| * offset is always a power of 2. |
| * |
| * The offsets are stored at the end of the serialized data of the |
| * array. They are simply concatenated on without any particular |
| * alignment. The size of the offsets is included in the size of the |
| * serialized data for purposes of determining the size of the offsets. |
| * This presents a possibly ambiguity; in certain cases, a particular |
| * value of array could have two different serialized forms. |
| * |
| * Imagine an array containing a single string of 253 bytes in length |
| * (so, 254 bytes including the nul terminator). Now the offset must be |
| * written. If an 8 bit offset is written, it will bring the size of |
| * the array's serialized data to 255 -- which means that the use of an |
| * 8 bit offset was valid. If a 16 bit offset is used then the total |
| * size of the array will be 256 -- which means that the use of a 16 bit |
| * offset was valid. Although both of these will be accepted by the |
| * deserializer, only the smaller of the two is considered to be in |
| * normal form and that is the one that the serializer must produce. |
| */ |
| |
| /* bytes may be NULL if (size == 0). */ |
| static inline gsize |
| gvs_read_unaligned_le (guchar *bytes, |
| guint size) |
| { |
| union |
| { |
| guchar bytes[GLIB_SIZEOF_SIZE_T]; |
| gsize integer; |
| } tmpvalue; |
| |
| tmpvalue.integer = 0; |
| if (bytes != NULL) |
| memcpy (&tmpvalue.bytes, bytes, size); |
| |
| return GSIZE_FROM_LE (tmpvalue.integer); |
| } |
| |
| static inline void |
| gvs_write_unaligned_le (guchar *bytes, |
| gsize value, |
| guint size) |
| { |
| union |
| { |
| guchar bytes[GLIB_SIZEOF_SIZE_T]; |
| gsize integer; |
| } tmpvalue; |
| |
| tmpvalue.integer = GSIZE_TO_LE (value); |
| memcpy (bytes, &tmpvalue.bytes, size); |
| } |
| |
| static guint |
| gvs_get_offset_size (gsize size) |
| { |
| if (size > G_MAXUINT32) |
| return 8; |
| |
| else if (size > G_MAXUINT16) |
| return 4; |
| |
| else if (size > G_MAXUINT8) |
| return 2; |
| |
| else if (size > 0) |
| return 1; |
| |
| return 0; |
| } |
| |
| static gsize |
| gvs_calculate_total_size (gsize body_size, |
| gsize offsets) |
| { |
| if (body_size + 1 * offsets <= G_MAXUINT8) |
| return body_size + 1 * offsets; |
| |
| if (body_size + 2 * offsets <= G_MAXUINT16) |
| return body_size + 2 * offsets; |
| |
| if (body_size + 4 * offsets <= G_MAXUINT32) |
| return body_size + 4 * offsets; |
| |
| return body_size + 8 * offsets; |
| } |
| |
| struct Offsets |
| { |
| gsize data_size; |
| |
| guchar *array; |
| gsize length; |
| guint offset_size; |
| |
| gboolean is_normal; |
| }; |
| |
| static gsize |
| gvs_offsets_get_offset_n (struct Offsets *offsets, |
| gsize n) |
| { |
| return gvs_read_unaligned_le ( |
| offsets->array + (offsets->offset_size * n), offsets->offset_size); |
| } |
| |
| static struct Offsets |
| gvs_variable_sized_array_get_frame_offsets (GVariantSerialised value) |
| { |
| struct Offsets out = { 0, }; |
| gsize offsets_array_size; |
| gsize last_end; |
| |
| if (value.size == 0) |
| { |
| out.is_normal = TRUE; |
| return out; |
| } |
| |
| out.offset_size = gvs_get_offset_size (value.size); |
| last_end = gvs_read_unaligned_le (value.data + value.size - out.offset_size, |
| out.offset_size); |
| |
| if (last_end > value.size) |
| return out; /* offsets not normal */ |
| |
| offsets_array_size = value.size - last_end; |
| |
| if (offsets_array_size % out.offset_size) |
| return out; /* offsets not normal */ |
| |
| out.data_size = last_end; |
| out.array = value.data + last_end; |
| out.length = offsets_array_size / out.offset_size; |
| |
| if (out.length > 0 && gvs_calculate_total_size (last_end, out.length) != value.size) |
| return out; /* offset size not minimal */ |
| |
| out.is_normal = TRUE; |
| |
| return out; |
| } |
| |
| static gsize |
| gvs_variable_sized_array_n_children (GVariantSerialised value) |
| { |
| return gvs_variable_sized_array_get_frame_offsets (value).length; |
| } |
| |
| /* Find the index of the first out-of-order element in @data, assuming that |
| * @data is an array of elements of given @type, starting at index @start and |
| * containing a further @len-@start elements. */ |
| #define DEFINE_FIND_UNORDERED(type, le_to_native) \ |
| static gsize \ |
| find_unordered_##type (const guint8 *data, gsize start, gsize len) \ |
| { \ |
| gsize off; \ |
| type current_le, previous_le, current, previous; \ |
| \ |
| memcpy (&previous_le, data + start * sizeof (current), sizeof (current)); \ |
| previous = le_to_native (previous_le); \ |
| for (off = (start + 1) * sizeof (current); off < len * sizeof (current); off += sizeof (current)) \ |
| { \ |
| memcpy (¤t_le, data + off, sizeof (current)); \ |
| current = le_to_native (current_le); \ |
| if (current < previous) \ |
| break; \ |
| previous = current; \ |
| } \ |
| return off / sizeof (current) - 1; \ |
| } |
| |
| #define NO_CONVERSION(x) (x) |
| DEFINE_FIND_UNORDERED (guint8, NO_CONVERSION); |
| DEFINE_FIND_UNORDERED (guint16, GUINT16_FROM_LE); |
| DEFINE_FIND_UNORDERED (guint32, GUINT32_FROM_LE); |
| DEFINE_FIND_UNORDERED (guint64, GUINT64_FROM_LE); |
| |
| static GVariantSerialised |
| gvs_variable_sized_array_get_child (GVariantSerialised value, |
| gsize index_) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| struct Offsets offsets = gvs_variable_sized_array_get_frame_offsets (value); |
| |
| gsize start; |
| gsize end; |
| |
| child.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_ref (child.type_info); |
| child.depth = value.depth + 1; |
| |
| /* If the requested @index_ is beyond the set of indices whose framing offsets |
| * have been checked, check the remaining offsets to see whether they’re |
| * normal (in order, no overlapping array elements). |
| * |
| * Don’t bother checking if the highest known-good offset is lower than the |
| * highest checked offset, as that means there’s an invalid element at that |
| * index, so there’s no need to check further. */ |
| if (index_ > value.checked_offsets_up_to && |
| value.ordered_offsets_up_to == value.checked_offsets_up_to) |
| { |
| switch (offsets.offset_size) |
| { |
| case 1: |
| { |
| value.ordered_offsets_up_to = find_unordered_guint8 ( |
| offsets.array, value.checked_offsets_up_to, index_ + 1); |
| break; |
| } |
| case 2: |
| { |
| value.ordered_offsets_up_to = find_unordered_guint16 ( |
| offsets.array, value.checked_offsets_up_to, index_ + 1); |
| break; |
| } |
| case 4: |
| { |
| value.ordered_offsets_up_to = find_unordered_guint32 ( |
| offsets.array, value.checked_offsets_up_to, index_ + 1); |
| break; |
| } |
| case 8: |
| { |
| value.ordered_offsets_up_to = find_unordered_guint64 ( |
| offsets.array, value.checked_offsets_up_to, index_ + 1); |
| break; |
| } |
| default: |
| /* gvs_get_offset_size() only returns maximum 8 */ |
| g_assert_not_reached (); |
| } |
| |
| value.checked_offsets_up_to = index_; |
| } |
| |
| if (index_ > value.ordered_offsets_up_to) |
| { |
| /* Offsets are invalid somewhere, so return an empty child. */ |
| return child; |
| } |
| |
| if (index_ > 0) |
| { |
| guint alignment; |
| |
| start = gvs_offsets_get_offset_n (&offsets, index_ - 1); |
| |
| g_variant_type_info_query (child.type_info, &alignment, NULL); |
| start += (-start) & alignment; |
| } |
| else |
| start = 0; |
| |
| end = gvs_offsets_get_offset_n (&offsets, index_); |
| |
| if (start < end && end <= value.size && end <= offsets.data_size) |
| { |
| child.data = value.data + start; |
| child.size = end - start; |
| } |
| |
| return child; |
| } |
| |
| static gsize |
| gvs_variable_sized_array_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| guint alignment; |
| gsize offset; |
| gsize i; |
| |
| g_variant_type_info_query (type_info, &alignment, NULL); |
| offset = 0; |
| |
| for (i = 0; i < n_children; i++) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| offset += (-offset) & alignment; |
| gvs_filler (&child, children[i]); |
| offset += child.size; |
| } |
| |
| return gvs_calculate_total_size (offset, n_children); |
| } |
| |
| static void |
| gvs_variable_sized_array_serialise (GVariantSerialised value, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| guchar *offset_ptr; |
| gsize offset_size; |
| guint alignment; |
| gsize offset; |
| gsize i; |
| |
| g_variant_type_info_query (value.type_info, &alignment, NULL); |
| offset_size = gvs_get_offset_size (value.size); |
| offset = 0; |
| |
| offset_ptr = value.data + value.size - offset_size * n_children; |
| |
| for (i = 0; i < n_children; i++) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| while (offset & alignment) |
| value.data[offset++] = '\0'; |
| |
| child.data = value.data + offset; |
| gvs_filler (&child, children[i]); |
| offset += child.size; |
| |
| gvs_write_unaligned_le (offset_ptr, offset, offset_size); |
| offset_ptr += offset_size; |
| } |
| } |
| |
| static gboolean |
| gvs_variable_sized_array_is_normal (GVariantSerialised value) |
| { |
| GVariantSerialised child = { 0, }; |
| guint alignment; |
| gsize offset; |
| gsize i; |
| |
| struct Offsets offsets = gvs_variable_sized_array_get_frame_offsets (value); |
| |
| if (!offsets.is_normal) |
| return FALSE; |
| |
| if (value.size != 0 && offsets.length == 0) |
| return FALSE; |
| |
| child.type_info = g_variant_type_info_element (value.type_info); |
| g_variant_type_info_query (child.type_info, &alignment, NULL); |
| child.depth = value.depth + 1; |
| offset = 0; |
| |
| for (i = 0; i < offsets.length; i++) |
| { |
| gsize this_end; |
| |
| this_end = gvs_read_unaligned_le (offsets.array + offsets.offset_size * i, |
| offsets.offset_size); |
| |
| if (this_end < offset || this_end > offsets.data_size) |
| return FALSE; |
| |
| while (offset & alignment) |
| { |
| if (!(offset < this_end && value.data[offset] == '\0')) |
| return FALSE; |
| offset++; |
| } |
| |
| child.data = value.data + offset; |
| child.size = this_end - offset; |
| |
| if (child.size == 0) |
| child.data = NULL; |
| |
| if (!g_variant_serialised_is_normal (child)) |
| return FALSE; |
| |
| offset = this_end; |
| } |
| |
| g_assert (offset == offsets.data_size); |
| |
| /* All offsets have now been checked. */ |
| value.ordered_offsets_up_to = G_MAXSIZE; |
| value.checked_offsets_up_to = G_MAXSIZE; |
| |
| return TRUE; |
| } |
| |
| /* Tuples {{{2 |
| * |
| * Since tuples can contain a mix of variable- and fixed-sized items, |
| * they are, in terms of serialization, a hybrid of variable-sized and |
| * fixed-sized arrays. |
| * |
| * Offsets are only stored for variable-sized items. Also, since the |
| * number of items in a tuple is known from its type, we are able to |
| * know exactly how many offsets to expect in the serialized data (and |
| * therefore how much space is taken up by the offset array). This |
| * means that we know where the end of the serialized data for the last |
| * item is -- we can just subtract the size of the offset array from the |
| * total size of the tuple. For this reason, the last item in the tuple |
| * doesn't need an offset stored. |
| * |
| * Tuple offsets are stored in reverse. This design choice allows |
| * iterator-based deserializers to be more efficient. |
| * |
| * Most of the "heavy lifting" here is handled by the GVariantTypeInfo |
| * for the tuple. See the notes in gvarianttypeinfo.h. |
| */ |
| |
| /* Note: This doesn’t guarantee that @out_member_end >= @out_member_start; that |
| * condition may not hold true for invalid serialised variants. The caller is |
| * responsible for checking the returned values and handling invalid ones |
| * appropriately. */ |
| static void |
| gvs_tuple_get_member_bounds (GVariantSerialised value, |
| gsize index_, |
| gsize offset_size, |
| gsize *out_member_start, |
| gsize *out_member_end) |
| { |
| const GVariantMemberInfo *member_info; |
| gsize member_start, member_end; |
| |
| member_info = g_variant_type_info_member_info (value.type_info, index_); |
| |
| if (member_info->i + 1 && |
| offset_size * (member_info->i + 1) <= value.size) |
| member_start = gvs_read_unaligned_le (value.data + value.size - |
| offset_size * (member_info->i + 1), |
| offset_size); |
| else |
| member_start = 0; |
| |
| member_start += member_info->a; |
| member_start &= member_info->b; |
| member_start |= member_info->c; |
| |
| if (member_info->ending_type == G_VARIANT_MEMBER_ENDING_LAST && |
| offset_size * (member_info->i + 1) <= value.size) |
| member_end = value.size - offset_size * (member_info->i + 1); |
| |
| else if (member_info->ending_type == G_VARIANT_MEMBER_ENDING_FIXED) |
| { |
| gsize fixed_size; |
| |
| g_variant_type_info_query (member_info->type_info, NULL, &fixed_size); |
| member_end = member_start + fixed_size; |
| } |
| |
| else if (member_info->ending_type == G_VARIANT_MEMBER_ENDING_OFFSET && |
| offset_size * (member_info->i + 2) <= value.size) |
| member_end = gvs_read_unaligned_le (value.data + value.size - |
| offset_size * (member_info->i + 2), |
| offset_size); |
| |
| else /* invalid */ |
| member_end = G_MAXSIZE; |
| |
| if (out_member_start != NULL) |
| *out_member_start = member_start; |
| if (out_member_end != NULL) |
| *out_member_end = member_end; |
| } |
| |
| static gsize |
| gvs_tuple_n_children (GVariantSerialised value) |
| { |
| return g_variant_type_info_n_members (value.type_info); |
| } |
| |
| static GVariantSerialised |
| gvs_tuple_get_child (GVariantSerialised value, |
| gsize index_) |
| { |
| const GVariantMemberInfo *member_info; |
| GVariantSerialised child = { 0, }; |
| gsize offset_size; |
| gsize start, end, last_end; |
| |
| member_info = g_variant_type_info_member_info (value.type_info, index_); |
| child.type_info = g_variant_type_info_ref (member_info->type_info); |
| child.depth = value.depth + 1; |
| offset_size = gvs_get_offset_size (value.size); |
| |
| /* Ensure the size is set for fixed-sized children, or |
| * g_variant_serialised_check() will fail, even if we return |
| * (child.data == NULL) to indicate an error. */ |
| if (member_info->ending_type == G_VARIANT_MEMBER_ENDING_FIXED) |
| g_variant_type_info_query (child.type_info, NULL, &child.size); |
| |
| /* tuples are the only (potentially) fixed-sized containers, so the |
| * only ones that have to deal with the possibility of having %NULL |
| * data with a non-zero %size if errors occurred elsewhere. |
| */ |
| if G_UNLIKELY (value.data == NULL && value.size != 0) |
| { |
| /* this can only happen in fixed-sized tuples, |
| * so the child must also be fixed sized. |
| */ |
| g_assert (child.size != 0); |
| child.data = NULL; |
| |
| return child; |
| } |
| |
| /* If the requested @index_ is beyond the set of indices whose framing offsets |
| * have been checked, check the remaining offsets to see whether they’re |
| * normal (in order, no overlapping tuple elements). |
| * |
| * Unlike the checks in gvs_variable_sized_array_get_child(), we have to check |
| * all the tuple *elements* here, not just all the framing offsets, since |
| * tuples contain a mix of elements which use framing offsets and ones which |
| * don’t. None of them are allowed to overlap. */ |
| if (index_ > value.checked_offsets_up_to && |
| value.ordered_offsets_up_to == value.checked_offsets_up_to) |
| { |
| gsize i, prev_i_end = 0; |
| |
| if (value.checked_offsets_up_to > 0) |
| gvs_tuple_get_member_bounds (value, value.checked_offsets_up_to - 1, offset_size, NULL, &prev_i_end); |
| |
| for (i = value.checked_offsets_up_to; i <= index_; i++) |
| { |
| gsize i_start, i_end; |
| |
| gvs_tuple_get_member_bounds (value, i, offset_size, &i_start, &i_end); |
| |
| if (i_start > i_end || i_start < prev_i_end || i_end > value.size) |
| break; |
| |
| prev_i_end = i_end; |
| } |
| |
| value.ordered_offsets_up_to = i - 1; |
| value.checked_offsets_up_to = index_; |
| } |
| |
| if (index_ > value.ordered_offsets_up_to) |
| { |
| /* Offsets are invalid somewhere, so return an empty child. */ |
| return child; |
| } |
| |
| if (member_info->ending_type == G_VARIANT_MEMBER_ENDING_OFFSET) |
| { |
| if (offset_size * (member_info->i + 2) > value.size) |
| return child; |
| } |
| else |
| { |
| if (offset_size * (member_info->i + 1) > value.size) |
| return child; |
| } |
| |
| /* The child should not extend into the offset table. */ |
| gvs_tuple_get_member_bounds (value, index_, offset_size, &start, &end); |
| gvs_tuple_get_member_bounds (value, g_variant_type_info_n_members (value.type_info) - 1, offset_size, NULL, &last_end); |
| |
| if (start < end && end <= value.size && end <= last_end) |
| { |
| child.data = value.data + start; |
| child.size = end - start; |
| } |
| |
| return child; |
| } |
| |
| static gsize |
| gvs_tuple_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| const GVariantMemberInfo *member_info = NULL; |
| gsize fixed_size; |
| gsize offset; |
| gsize i; |
| |
| g_variant_type_info_query (type_info, NULL, &fixed_size); |
| |
| if (fixed_size) |
| return fixed_size; |
| |
| offset = 0; |
| |
| /* We must go through at least one iteration below. If the tuple had no |
| * children, it would have a fixed size. */ |
| g_assert (n_children > 0); |
| |
| for (i = 0; i < n_children; i++) |
| { |
| guint alignment; |
| |
| member_info = g_variant_type_info_member_info (type_info, i); |
| g_variant_type_info_query (member_info->type_info, |
| &alignment, &fixed_size); |
| offset += (-offset) & alignment; |
| |
| if (fixed_size) |
| offset += fixed_size; |
| else |
| { |
| GVariantSerialised child = { 0, }; |
| |
| gvs_filler (&child, children[i]); |
| offset += child.size; |
| } |
| } |
| |
| return gvs_calculate_total_size (offset, member_info->i + 1); |
| } |
| |
| static void |
| gvs_tuple_serialise (GVariantSerialised value, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| gsize offset_size; |
| gsize offset; |
| gsize i; |
| |
| offset_size = gvs_get_offset_size (value.size); |
| offset = 0; |
| |
| for (i = 0; i < n_children; i++) |
| { |
| const GVariantMemberInfo *member_info; |
| GVariantSerialised child = { 0, }; |
| guint alignment; |
| |
| member_info = g_variant_type_info_member_info (value.type_info, i); |
| g_variant_type_info_query (member_info->type_info, &alignment, NULL); |
| |
| while (offset & alignment) |
| value.data[offset++] = '\0'; |
| |
| child.data = value.data + offset; |
| gvs_filler (&child, children[i]); |
| offset += child.size; |
| |
| if (member_info->ending_type == G_VARIANT_MEMBER_ENDING_OFFSET) |
| { |
| value.size -= offset_size; |
| gvs_write_unaligned_le (value.data + value.size, |
| offset, offset_size); |
| } |
| } |
| |
| while (offset < value.size) |
| value.data[offset++] = '\0'; |
| } |
| |
| static gboolean |
| gvs_tuple_is_normal (GVariantSerialised value) |
| { |
| guint offset_size; |
| gsize offset_ptr; |
| gsize length; |
| gsize offset; |
| gsize i; |
| gsize offset_table_size; |
| |
| /* as per the comment in gvs_tuple_get_child() */ |
| if G_UNLIKELY (value.data == NULL && value.size != 0) |
| return FALSE; |
| |
| offset_size = gvs_get_offset_size (value.size); |
| length = g_variant_type_info_n_members (value.type_info); |
| offset_ptr = value.size; |
| offset = 0; |
| |
| for (i = 0; i < length; i++) |
| { |
| const GVariantMemberInfo *member_info; |
| GVariantSerialised child = { 0, }; |
| gsize fixed_size; |
| guint alignment; |
| gsize end; |
| |
| member_info = g_variant_type_info_member_info (value.type_info, i); |
| child.type_info = member_info->type_info; |
| child.depth = value.depth + 1; |
| |
| g_variant_type_info_query (child.type_info, &alignment, &fixed_size); |
| |
| while (offset & alignment) |
| { |
| if (offset > value.size || value.data[offset] != '\0') |
| return FALSE; |
| offset++; |
| } |
| |
| child.data = value.data + offset; |
| |
| switch (member_info->ending_type) |
| { |
| case G_VARIANT_MEMBER_ENDING_FIXED: |
| end = offset + fixed_size; |
| break; |
| |
| case G_VARIANT_MEMBER_ENDING_LAST: |
| end = offset_ptr; |
| break; |
| |
| case G_VARIANT_MEMBER_ENDING_OFFSET: |
| if (offset_ptr < offset_size) |
| return FALSE; |
| |
| offset_ptr -= offset_size; |
| |
| if (offset_ptr < offset) |
| return FALSE; |
| |
| end = gvs_read_unaligned_le (value.data + offset_ptr, offset_size); |
| break; |
| |
| default: |
| g_assert_not_reached (); |
| } |
| |
| if (end < offset || end > offset_ptr) |
| return FALSE; |
| |
| child.size = end - offset; |
| |
| if (child.size == 0) |
| child.data = NULL; |
| |
| if (!g_variant_serialised_is_normal (child)) |
| return FALSE; |
| |
| offset = end; |
| } |
| |
| /* All element bounds have been checked above. */ |
| value.ordered_offsets_up_to = G_MAXSIZE; |
| value.checked_offsets_up_to = G_MAXSIZE; |
| |
| { |
| gsize fixed_size; |
| guint alignment; |
| |
| g_variant_type_info_query (value.type_info, &alignment, &fixed_size); |
| |
| if (fixed_size) |
| { |
| g_assert (fixed_size == value.size); |
| g_assert (offset_ptr == value.size); |
| |
| if (i == 0) |
| { |
| if (value.data[offset++] != '\0') |
| return FALSE; |
| } |
| else |
| { |
| while (offset & alignment) |
| if (value.data[offset++] != '\0') |
| return FALSE; |
| } |
| |
| g_assert (offset == value.size); |
| } |
| } |
| |
| /* @offset_ptr has been counting backwards from the end of the variant, to |
| * find the beginning of the offset table. @offset has been counting forwards |
| * from the beginning of the variant to find the end of the data. They should |
| * have met in the middle. */ |
| if (offset_ptr != offset) |
| return FALSE; |
| |
| offset_table_size = value.size - offset_ptr; |
| if (value.size > 0 && |
| gvs_calculate_total_size (offset, offset_table_size / offset_size) != value.size) |
| return FALSE; /* offset size not minimal */ |
| |
| return TRUE; |
| } |
| |
| /* Variants {{{2 |
| * |
| * Variants are stored by storing the serialized data of the child, |
| * followed by a '\0' character, followed by the type string of the |
| * child. |
| * |
| * In the case that a value is presented that contains no '\0' |
| * character, or doesn't have a single well-formed definite type string |
| * following that character, the variant must be taken as containing the |
| * unit tuple: (). |
| */ |
| |
| static inline gsize |
| gvs_variant_n_children (GVariantSerialised value) |
| { |
| return 1; |
| } |
| |
| static inline GVariantSerialised |
| gvs_variant_get_child (GVariantSerialised value, |
| gsize index_) |
| { |
| GVariantSerialised child = { 0, }; |
| |
| /* NOTE: not O(1) and impossible for it to be... */ |
| if (value.size) |
| { |
| /* find '\0' character */ |
| for (child.size = value.size - 1; child.size; child.size--) |
| if (value.data[child.size] == '\0') |
| break; |
| |
| /* ensure we didn't just hit the start of the string */ |
| if (value.data[child.size] == '\0') |
| { |
| const gchar *type_string = (gchar *) &value.data[child.size + 1]; |
| const gchar *limit = (gchar *) &value.data[value.size]; |
| const gchar *end; |
| |
| if (g_variant_type_string_scan (type_string, limit, &end) && |
| end == limit) |
| { |
| const GVariantType *type = (GVariantType *) type_string; |
| |
| if (g_variant_type_is_definite (type)) |
| { |
| gsize fixed_size; |
| gsize child_type_depth; |
| |
| child.type_info = g_variant_type_info_get (type); |
| child.depth = value.depth + 1; |
| |
| if (child.size != 0) |
| /* only set to non-%NULL if size > 0 */ |
| child.data = value.data; |
| |
| g_variant_type_info_query (child.type_info, |
| NULL, &fixed_size); |
| child_type_depth = g_variant_type_info_query_depth (child.type_info); |
| |
| if ((!fixed_size || fixed_size == child.size) && |
| value.depth < G_VARIANT_MAX_RECURSION_DEPTH - child_type_depth) |
| return child; |
| |
| g_variant_type_info_unref (child.type_info); |
| } |
| } |
| } |
| } |
| |
| child.type_info = g_variant_type_info_get (G_VARIANT_TYPE_UNIT); |
| child.data = NULL; |
| child.size = 1; |
| child.depth = value.depth + 1; |
| |
| return child; |
| } |
| |
| static inline gsize |
| gvs_variant_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| GVariantSerialised child = { 0, }; |
| const gchar *type_string; |
| |
| gvs_filler (&child, children[0]); |
| type_string = g_variant_type_info_get_type_string (child.type_info); |
| |
| return child.size + 1 + strlen (type_string); |
| } |
| |
| static inline void |
| gvs_variant_serialise (GVariantSerialised value, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| GVariantSerialised child = { 0, }; |
| const gchar *type_string; |
| |
| child.data = value.data; |
| |
| gvs_filler (&child, children[0]); |
| type_string = g_variant_type_info_get_type_string (child.type_info); |
| value.data[child.size] = '\0'; |
| memcpy (value.data + child.size + 1, type_string, strlen (type_string)); |
| } |
| |
| static inline gboolean |
| gvs_variant_is_normal (GVariantSerialised value) |
| { |
| GVariantSerialised child; |
| gboolean normal; |
| gsize child_type_depth; |
| |
| child = gvs_variant_get_child (value, 0); |
| child_type_depth = g_variant_type_info_query_depth (child.type_info); |
| |
| normal = (value.depth < G_VARIANT_MAX_RECURSION_DEPTH - child_type_depth) && |
| (child.data != NULL || child.size == 0) && |
| g_variant_serialised_is_normal (child); |
| |
| g_variant_type_info_unref (child.type_info); |
| |
| return normal; |
| } |
| |
| |
| |
| /* PART 2: Serializer API {{{1 |
| * |
| * This is the implementation of the API of the serializer as advertised |
| * in gvariant-serialiser.h. |
| */ |
| |
| /* Dispatch Utilities {{{2 |
| * |
| * These macros allow a given function (for example, |
| * g_variant_serialiser_serialise) to be dispatched to the appropriate |
| * type-specific function above (fixed/variable-sized maybe, |
| * fixed/variable-sized array, tuple or variant). |
| */ |
| #define DISPATCH_FIXED(type_info, before, after) \ |
| { \ |
| gsize fixed_size; \ |
| \ |
| g_variant_type_info_query_element (type_info, NULL, \ |
| &fixed_size); \ |
| \ |
| if (fixed_size) \ |
| { \ |
| before ## fixed_sized ## after \ |
| } \ |
| else \ |
| { \ |
| before ## variable_sized ## after \ |
| } \ |
| } |
| |
| #define DISPATCH_CASES(type_info, before, after) \ |
| switch (g_variant_type_info_get_type_char (type_info)) \ |
| { \ |
| case G_VARIANT_TYPE_INFO_CHAR_MAYBE: \ |
| DISPATCH_FIXED (type_info, before, _maybe ## after) \ |
| \ |
| case G_VARIANT_TYPE_INFO_CHAR_ARRAY: \ |
| DISPATCH_FIXED (type_info, before, _array ## after) \ |
| \ |
| case G_VARIANT_TYPE_INFO_CHAR_DICT_ENTRY: \ |
| case G_VARIANT_TYPE_INFO_CHAR_TUPLE: \ |
| { \ |
| before ## tuple ## after \ |
| } \ |
| \ |
| case G_VARIANT_TYPE_INFO_CHAR_VARIANT: \ |
| { \ |
| before ## variant ## after \ |
| } \ |
| } |
| |
| /* Serializer entry points {{{2 |
| * |
| * These are the functions that are called in order for the serializer |
| * to do its thing. |
| */ |
| |
| /* < private > |
| * g_variant_serialised_n_children: |
| * @serialised: a #GVariantSerialised |
| * |
| * For serialized data that represents a container value (maybes, |
| * tuples, arrays, variants), determine how many child items are inside |
| * that container. |
| * |
| * Returns: the number of children |
| */ |
| gsize |
| g_variant_serialised_n_children (GVariantSerialised serialised) |
| { |
| g_assert (g_variant_serialised_check (serialised)); |
| |
| DISPATCH_CASES (serialised.type_info, |
| |
| return gvs_/**/,/**/_n_children (serialised); |
| |
| ) |
| g_assert_not_reached (); |
| } |
| |
| /* < private > |
| * g_variant_serialised_get_child: |
| * @serialised: a #GVariantSerialised |
| * @index_: the index of the child to fetch |
| * |
| * Extracts a child from a serialized data representing a container |
| * value. |
| * |
| * It is an error to call this function with an index out of bounds. |
| * |
| * If the result .data == %NULL and .size > 0 then there has been an |
| * error extracting the requested fixed-sized value. This number of |
| * zero bytes needs to be allocated instead. |
| * |
| * In the case that .data == %NULL and .size == 0 then a zero-sized |
| * item of a variable-sized type is being returned. |
| * |
| * .data is never non-%NULL if size is 0. |
| * |
| * Returns: a #GVariantSerialised for the child |
| */ |
| GVariantSerialised |
| g_variant_serialised_get_child (GVariantSerialised serialised, |
| gsize index_) |
| { |
| GVariantSerialised child; |
| |
| g_assert (g_variant_serialised_check (serialised)); |
| |
| if G_LIKELY (index_ < g_variant_serialised_n_children (serialised)) |
| { |
| DISPATCH_CASES (serialised.type_info, |
| |
| child = gvs_/**/,/**/_get_child (serialised, index_); |
| g_assert (child.size || child.data == NULL); |
| g_assert (g_variant_serialised_check (child)); |
| return child; |
| |
| ) |
| g_assert_not_reached (); |
| } |
| |
| g_error ("Attempt to access item %"G_GSIZE_FORMAT |
| " in a container with only %"G_GSIZE_FORMAT" items", |
| index_, g_variant_serialised_n_children (serialised)); |
| } |
| |
| /* < private > |
| * g_variant_serialiser_serialise: |
| * @serialised: a #GVariantSerialised, properly set up |
| * @gvs_filler: the filler function |
| * @children: an array of child items |
| * @n_children: the size of @children |
| * |
| * Writes data in serialized form. |
| * |
| * The type_info field of @serialised must be filled in to type info for |
| * the type that we are serializing. |
| * |
| * The size field of @serialised must be filled in with the value |
| * returned by a previous call to g_variant_serialiser_needed_size(). |
| * |
| * The data field of @serialised must be a pointer to a properly-aligned |
| * memory region large enough to serialize into (ie: at least as big as |
| * the size field). |
| * |
| * This function is only resonsible for serializing the top-level |
| * container. @gvs_filler is called on each child of the container in |
| * order for all of the data of that child to be filled in. |
| */ |
| void |
| g_variant_serialiser_serialise (GVariantSerialised serialised, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| g_assert (g_variant_serialised_check (serialised)); |
| |
| DISPATCH_CASES (serialised.type_info, |
| |
| gvs_/**/,/**/_serialise (serialised, gvs_filler, |
| children, n_children); |
| return; |
| |
| ) |
| g_assert_not_reached (); |
| } |
| |
| /* < private > |
| * g_variant_serialiser_needed_size: |
| * @type_info: the type to serialize for |
| * @gvs_filler: the filler function |
| * @children: an array of child items |
| * @n_children: the size of @children |
| * |
| * Determines how much memory would be needed to serialize this value. |
| * |
| * This function is only responsible for performing calculations for the |
| * top-level container. @gvs_filler is called on each child of the |
| * container in order to determine its size. |
| */ |
| gsize |
| g_variant_serialiser_needed_size (GVariantTypeInfo *type_info, |
| GVariantSerialisedFiller gvs_filler, |
| const gpointer *children, |
| gsize n_children) |
| { |
| DISPATCH_CASES (type_info, |
| |
| return gvs_/**/,/**/_needed_size (type_info, gvs_filler, |
| children, n_children); |
| |
| ) |
| g_assert_not_reached (); |
| } |
| |
| /* Byteswapping {{{2 */ |
| |
| /* < private > |
| * g_variant_serialised_byteswap: |
| * @value: a #GVariantSerialised |
| * |
| * Byte-swap serialized data. The result of this function is only |
| * well-defined if the data is in normal form. |
| */ |
| void |
| g_variant_serialised_byteswap (GVariantSerialised serialised) |
| { |
| gsize fixed_size; |
| guint alignment; |
| |
| g_assert (g_variant_serialised_check (serialised)); |
| |
| if (!serialised.data) |
| return; |
| |
| /* the types we potentially need to byteswap are |
| * exactly those with alignment requirements. |
| */ |
| g_variant_type_info_query (serialised.type_info, &alignment, &fixed_size); |
| if (!alignment) |
| return; |
| |
| /* if fixed size and alignment are equal then we are down |
| * to the base integer type and we should swap it. the |
| * only exception to this is if we have a tuple with a |
| * single item, and then swapping it will be OK anyway. |
| */ |
| if (alignment + 1 == fixed_size) |
| { |
| switch (fixed_size) |
| { |
| case 2: |
| { |
| guint16 *ptr = (guint16 *) serialised.data; |
| |
| g_assert_cmpint (serialised.size, ==, 2); |
| *ptr = GUINT16_SWAP_LE_BE (*ptr); |
| } |
| return; |
| |
| case 4: |
| { |
| guint32 *ptr = (guint32 *) serialised.data; |
| |
| g_assert_cmpint (serialised.size, ==, 4); |
| *ptr = GUINT32_SWAP_LE_BE (*ptr); |
| } |
| return; |
| |
| case 8: |
| { |
| guint64 *ptr = (guint64 *) serialised.data; |
| |
| g_assert_cmpint (serialised.size, ==, 8); |
| *ptr = GUINT64_SWAP_LE_BE (*ptr); |
| } |
| return; |
| |
| default: |
| g_assert_not_reached (); |
| } |
| } |
| |
| /* else, we have a container that potentially contains |
| * some children that need to be byteswapped. |
| */ |
| else |
| { |
| gsize children, i; |
| |
| children = g_variant_serialised_n_children (serialised); |
| for (i = 0; i < children; i++) |
| { |
| GVariantSerialised child; |
| |
| child = g_variant_serialised_get_child (serialised, i); |
| g_variant_serialised_byteswap (child); |
| g_variant_type_info_unref (child.type_info); |
| } |
| } |
| } |
| |
| /* Normal form checking {{{2 */ |
| |
| /* < private > |
| * g_variant_serialised_is_normal: |
| * @serialised: a #GVariantSerialised |
| * |
| * Determines, recursively if @serialised is in normal form. There is |
| * precisely one normal form of serialized data for each possible value. |
| * |
| * It is possible that multiple byte sequences form the serialized data |
| * for a given value if, for example, the padding bytes are filled in |
| * with something other than zeros, but only one form is the normal |
| * form. |
| */ |
| gboolean |
| g_variant_serialised_is_normal (GVariantSerialised serialised) |
| { |
| if (serialised.depth >= G_VARIANT_MAX_RECURSION_DEPTH) |
| return FALSE; |
| |
| DISPATCH_CASES (serialised.type_info, |
| |
| return gvs_/**/,/**/_is_normal (serialised); |
| |
| ) |
| |
| if (serialised.data == NULL) |
| return FALSE; |
| |
| /* some hard-coded terminal cases */ |
| switch (g_variant_type_info_get_type_char (serialised.type_info)) |
| { |
| case 'b': /* boolean */ |
| return serialised.data[0] < 2; |
| |
| case 's': /* string */ |
| return g_variant_serialiser_is_string (serialised.data, |
| serialised.size); |
| |
| case 'o': |
| return g_variant_serialiser_is_object_path (serialised.data, |
| serialised.size); |
| |
| case 'g': |
| return g_variant_serialiser_is_signature (serialised.data, |
| serialised.size); |
| |
| default: |
| /* all of the other types are fixed-sized numerical types for |
| * which all possible values are valid (including various NaN |
| * representations for floating point values). |
| */ |
| return TRUE; |
| } |
| } |
| |
| /* Validity-checking functions {{{2 |
| * |
| * Checks if strings, object paths and signature strings are valid. |
| */ |
| |
| /* < private > |
| * g_variant_serialiser_is_string: |
| * @data: a possible string |
| * @size: the size of @data |
| * |
| * Ensures that @data is a valid string with a nul terminator at the end |
| * and no nul bytes embedded. |
| */ |
| gboolean |
| g_variant_serialiser_is_string (gconstpointer data, |
| gsize size) |
| { |
| const gchar *expected_end; |
| const gchar *end; |
| |
| /* Strings must end with a nul terminator. */ |
| if (size == 0) |
| return FALSE; |
| |
| expected_end = ((gchar *) data) + size - 1; |
| |
| if (*expected_end != '\0') |
| return FALSE; |
| |
| g_utf8_validate_len (data, size, &end); |
| |
| return end == expected_end; |
| } |
| |
| /* < private > |
| * g_variant_serialiser_is_object_path: |
| * @data: a possible D-Bus object path |
| * @size: the size of @data |
| * |
| * Performs the checks for being a valid string. |
| * |
| * Also, ensures that @data is a valid D-Bus object path, as per the D-Bus |
| * specification. |
| */ |
| gboolean |
| g_variant_serialiser_is_object_path (gconstpointer data, |
| gsize size) |
| { |
| const gchar *string = data; |
| gsize i; |
| |
| if (!g_variant_serialiser_is_string (data, size)) |
| return FALSE; |
| |
| /* The path must begin with an ASCII '/' (integer 47) character */ |
| if (string[0] != '/') |
| return FALSE; |
| |
| for (i = 1; string[i]; i++) |
| /* Each element must only contain the ASCII characters |
| * "[A-Z][a-z][0-9]_" |
| */ |
| if (g_ascii_isalnum (string[i]) || string[i] == '_') |
| ; |
| |
| /* must consist of elements separated by slash characters. */ |
| else if (string[i] == '/') |
| { |
| /* No element may be the empty string. */ |
| /* Multiple '/' characters cannot occur in sequence. */ |
| if (string[i - 1] == '/') |
| return FALSE; |
| } |
| |
| else |
| return FALSE; |
| |
| /* A trailing '/' character is not allowed unless the path is the |
| * root path (a single '/' character). |
| */ |
| if (i > 1 && string[i - 1] == '/') |
| return FALSE; |
| |
| return TRUE; |
| } |
| |
| /* < private > |
| * g_variant_serialiser_is_signature: |
| * @data: a possible D-Bus signature |
| * @size: the size of @data |
| * |
| * Performs the checks for being a valid string. |
| * |
| * Also, ensures that @data is a valid D-Bus type signature, as per the |
| * D-Bus specification. Note that this means the empty string is valid, as the |
| * D-Bus specification defines a signature as “zero or more single complete |
| * types”. |
| */ |
| gboolean |
| g_variant_serialiser_is_signature (gconstpointer data, |
| gsize size) |
| { |
| const gchar *string = data; |
| gsize first_invalid; |
| |
| if (!g_variant_serialiser_is_string (data, size)) |
| return FALSE; |
| |
| /* make sure no non-definite characters appear */ |
| first_invalid = strspn (string, "ybnqiuxthdvasog(){}"); |
| if (string[first_invalid]) |
| return FALSE; |
| |
| /* make sure each type string is well-formed */ |
| while (*string) |
| if (!g_variant_type_string_scan (string, NULL, &string)) |
| return FALSE; |
| |
| return TRUE; |
| } |
| |
| /* Epilogue {{{1 */ |
| /* vim:set foldmethod=marker: */ |