QCBOR: Quiet static analyzers; add bigfloat support; documentation improvements
Refined use of types, particular integer types and their signedness so there
are fewer warnings from static analyzers. Added casts to make implicit
type conversions explicit and more clear for code reader. No actual bugs
or vulnerabilities where found by the static analyzer but a lot of lines
were changed.
Cleaner handling of too-long bstr and tstr error condition when decoding.
Add support for bigfloats and decimal fractions -- all of RFC 7049 is now
supported except duplicate detection when decoding maps and some of
strict mode. Dead-stripping and/or linking through a .a file will
automatically leave out the added code on the encoder side.
bytes or so of code on the decode side
Documentation corrections and improved code formatting, fewer
long lines, spelling... A lot of lines where change for this.
Repair a few tests that weren't testing what they were supposed
to be testing.
Change-Id: I4c9c56c1ee16812eac7a5c2f2ba0d896f3f1b5ae
Signed-off-by: Laurence Lundblade <lgl@securitytheory.com>
diff --git a/lib/ext/qcbor/src/UsefulBuf.c b/lib/ext/qcbor/src/UsefulBuf.c
index 0c336b8..a96f74e 100644
--- a/lib/ext/qcbor/src/UsefulBuf.c
+++ b/lib/ext/qcbor/src/UsefulBuf.c
@@ -1,6 +1,6 @@
/*==============================================================================
Copyright (c) 2016-2018, The Linux Foundation.
- Copyright (c) 2018-2019, Laurence Lundblade.
+ Copyright (c) 2018-2020, Laurence Lundblade.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -27,9 +27,9 @@
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- ==============================================================================*/
+ =============================================================================*/
-/*===================================================================================
+/*=============================================================================
FILE: UsefulBuf.c
DESCRIPTION: General purpose input and output buffers
@@ -39,24 +39,27 @@
This section contains comments describing changes made to the module.
Notice that changes are listed in reverse chronological order.
- when who what, where, why
- -------- ---- ---------------------------------------------------
- 11/08/2019 llundblade Re check pointer math and update comments
- 3/6/2019 llundblade Add UsefulBuf_IsValue()
- 09/07/17 llundbla Fix critical bug in UsefulBuf_Find() -- a read off
- the end of memory when the bytes to find is longer
- than the bytes to search.
- 06/27/17 llundbla Fix UsefulBuf_Compare() bug. Only affected comparison
- for < or > for unequal length buffers. Added
- UsefulBuf_Set() function.
- 05/30/17 llundbla Functions for NULL UsefulBufs and const / unconst
- 11/13/16 llundbla Initial Version.
+ when who what, where, why
+ -------- ---- ---------------------------------------------------
+ 01/28/2020 llundblade Refine integer signedness to quiet static analysis.
+ 01/08/2020 llundblade Documentation corrections & improved code formatting.
+ 11/08/2019 llundblade Re check pointer math and update comments
+ 3/6/2019 llundblade Add UsefulBuf_IsValue()
+ 09/07/17 llundbla Fix critical bug in UsefulBuf_Find() -- a read off
+ the end of memory when the bytes to find is longer
+ than the bytes to search.
+ 06/27/17 llundbla Fix UsefulBuf_Compare() bug. Only affected comparison
+ for < or > for unequal length buffers. Added
+ UsefulBuf_Set() function.
+ 05/30/17 llundbla Functions for NULL UsefulBufs and const / unconst
+ 11/13/16 llundbla Initial Version.
- =====================================================================================*/
+ ============================================================================*/
#include "UsefulBuf.h"
-#define USEFUL_OUT_BUF_MAGIC (0x0B0F) // used to catch use of uninitialized or corrupted UOBs
+// used to catch use of uninitialized or corrupted UsefulOutBuf
+#define USEFUL_OUT_BUF_MAGIC (0x0B0F)
/*
@@ -64,7 +67,8 @@
*/
UsefulBufC UsefulBuf_CopyOffset(UsefulBuf Dest, size_t uOffset, const UsefulBufC Src)
{
- // Do this with subtraction so it doesn't give erroneous result if uOffset + Src.len overflows
+ // Do this with subtraction so it doesn't give erroneous
+ // result if uOffset + Src.len overflows
if(uOffset > Dest.len || Src.len > Dest.len - uOffset) { // uOffset + Src.len > Dest.len
return NULLUsefulBufC;
}
@@ -106,7 +110,8 @@
for(const uint8_t *p = UB.ptr; p < pEnd; p++) {
if(*p != uValue) {
/* Byte didn't match */
- return p - (uint8_t *)UB.ptr;
+ /* Cast from signed to unsigned . Safe because the loop increments.*/
+ return (size_t)(p - (uint8_t *)UB.ptr);
}
}
@@ -166,11 +171,13 @@
/*
Public function -- see UsefulBuf.h
- The core of UsefulOutBuf -- put some bytes in the buffer without writing off the end of it.
+ The core of UsefulOutBuf -- put some bytes in the buffer without writing off
+ the end of it.
Code Reviewers: THIS FUNCTION DOES POINTER MATH
- This function inserts the source buffer, NewData, into the destination buffer, me->UB.ptr.
+ This function inserts the source buffer, NewData, into the destination
+ buffer, me->UB.ptr.
Destination is represented as:
me->UB.ptr -- start of the buffer
@@ -192,7 +199,8 @@
2. Is insertion position in the range of valid data?
- 3. If insertion point is not at the end, slide data to the right of the insertion point to the right
+ 3. If insertion point is not at the end, slide data to the right of the
+ insertion point to the right
4. Put the new data in at the insertion position.
@@ -219,7 +227,9 @@
// be sure there is no pointer arithmatic under/overflow.
if(pMe->data_len > pMe->UB.len) { // Check #1
pMe->err = 1;
- return; // Offset of valid data is off the end of the UsefulOutBuf due to uninitialization or corruption
+ // Offset of valid data is off the end of the UsefulOutBuf due to
+ // uninitialization or corruption
+ return;
}
/* 1. Will it fit? */
@@ -330,7 +340,7 @@
/*
Public function -- see UsefulBuf.h
- The core of UsefulInputBuf -- consume some bytes without going off the end of the buffer.
+ The core of UsefulInputBuf -- consume bytes without going off end of buffer.
Code Reviewers: THIS FUNCTION DOES POINTER MATH
*/
@@ -342,14 +352,15 @@
}
if(!UsefulInputBuf_BytesAvailable(pMe, uAmount)) {
- // The number of bytes asked for at current position are more than available
+ // Number of bytes asked for at current position are more than available
pMe->err = 1;
return NULL;
}
// This is going to succeed
const void * const result = ((uint8_t *)pMe->UB.ptr) + pMe->cursor;
- pMe->cursor += uAmount; // this will not overflow because of check using UsefulInputBuf_BytesAvailable()
+ // Will not overflow because of check using UsefulInputBuf_BytesAvailable()
+ pMe->cursor += uAmount;
return result;
}
diff --git a/lib/ext/qcbor/src/ieee754.c b/lib/ext/qcbor/src/ieee754.c
index 6fdfda8..41f60cf 100644
--- a/lib/ext/qcbor/src/ieee754.c
+++ b/lib/ext/qcbor/src/ieee754.c
@@ -1,35 +1,44 @@
/*==============================================================================
- ieee754.c -- floating point conversion between half, double and single precision
+ ieee754.c -- floating-point conversion between half, double & single-precision
- Copyright (c) 2018-2019, Laurence Lundblade. All rights reserved.
+ Copyright (c) 2018-2020, Laurence Lundblade. All rights reserved.
SPDX-License-Identifier: BSD-3-Clause
See BSD-3-Clause license in README.md
Created on 7/23/18
- ==============================================================================*/
+ =============================================================================*/
#include "ieee754.h"
#include <string.h> // For memcpy()
/*
- This code is written for clarity and verifiability, not for size, on the assumption
- that the optimizer will do a good job. The LLVM optimizer, -Os, does seem to do the
- job and the resulting object code is smaller from combining code for the many different
- cases (normal, subnormal, infinity, zero...) for the conversions.
+ This code is written for clarity and verifiability, not for size, on
+ the assumption that the optimizer will do a good job. The LLVM
+ optimizer, -Os, does seem to do the job and the resulting object code
+ is smaller from combining code for the many different cases (normal,
+ subnormal, infinity, zero...) for the conversions. GCC is no where near
+ as good.
- Dead stripping is also really helpful to get code size down when floating point
- encoding is not needed.
+ This code has really long lines and is much easier to read because of
+ them. Some coding guidelines prefer 80 column lines (can they not afford
+ big displays?). It would make this code much worse even to wrap at 120
+ columns.
- This code works solely using shifts and masks and thus has no dependency on
- any math libraries. It can even work if the CPU doesn't have any floating
- point support, though that isn't the most useful thing to do.
+ Dead stripping is also really helpful to get code size down when
+ floating-point encoding is not needed. (If this is put in a library
+ and linking is against the library, then dead stripping is automatic).
- The memcpy() dependency is only for CopyFloatToUint32() and friends which only
- is needed to avoid type punning when converting the actual float bits to
- an unsigned value so the bit shifts and masks can work.
+ This code works solely using shifts and masks and thus has no
+ dependency on any math libraries. It can even work if the CPU doesn't
+ have any floating-point support, though that isn't the most useful
+ thing to do.
+
+ The memcpy() dependency is only for CopyFloatToUint32() and friends
+ which only is needed to avoid type punning when converting the actual
+ float bits to an unsigned value so the bit shifts and masks can work.
*/
/*
@@ -40,6 +49,10 @@
- https://en.wikipedia.org/wiki/IEEE_754 and subordinate pages
- https://stackoverflow.com/questions/19800415/why-does-ieee-754-reserve-so-many-nan-values
+
+ - https://stackoverflow.com/questions/46073295/implicit-type-promotion-rules
+
+ - https://stackoverflow.com/questions/589575/what-does-the-c-standard-state-the-size-of-int-long-type-to-be
*/
@@ -52,10 +65,10 @@
#define HALF_EXPONENT_SHIFT (HALF_NUM_SIGNIFICAND_BITS)
#define HALF_SIGN_SHIFT (HALF_NUM_SIGNIFICAND_BITS + HALF_NUM_EXPONENT_BITS)
-#define HALF_SIGNIFICAND_MASK (0x3ff) // The lower 10 bits // 0x03ff
-#define HALF_EXPONENT_MASK (0x1f << HALF_EXPONENT_SHIFT) // 0x7c00 5 bits of exponent
-#define HALF_SIGN_MASK (0x01 << HALF_SIGN_SHIFT) // // 0x80001 bit of sign
-#define HALF_QUIET_NAN_BIT (0x01 << (HALF_NUM_SIGNIFICAND_BITS-1)) // 0x0200
+#define HALF_SIGNIFICAND_MASK (0x3ffU) // The lower 10 bits // 0x03ff
+#define HALF_EXPONENT_MASK (0x1fU << HALF_EXPONENT_SHIFT) // 0x7c00 5 bits of exponent
+#define HALF_SIGN_MASK (0x01U << HALF_SIGN_SHIFT) // // 0x8000 1 bit of sign
+#define HALF_QUIET_NAN_BIT (0x01U << (HALF_NUM_SIGNIFICAND_BITS-1)) // 0x0200
/* Biased Biased Unbiased Use
0x00 0 -15 0 and subnormal
@@ -69,7 +82,7 @@
#define HALF_EXPONENT_INF_OR_NAN (HALF_EXPONENT_BIAS+1) // 16 Unbiased
-// ------ Single Precision --------
+// ------ Single-Precision --------
#define SINGLE_NUM_SIGNIFICAND_BITS (23)
#define SINGLE_NUM_EXPONENT_BITS (8)
#define SINGLE_NUM_SIGN_BITS (1)
@@ -78,10 +91,10 @@
#define SINGLE_EXPONENT_SHIFT (SINGLE_NUM_SIGNIFICAND_BITS)
#define SINGLE_SIGN_SHIFT (SINGLE_NUM_SIGNIFICAND_BITS + SINGLE_NUM_EXPONENT_BITS)
-#define SINGLE_SIGNIFICAND_MASK (0x7fffffUL) // The lower 23 bits
-#define SINGLE_EXPONENT_MASK (0xffUL << SINGLE_EXPONENT_SHIFT) // 8 bits of exponent
-#define SINGLE_SIGN_MASK (0x01UL << SINGLE_SIGN_SHIFT) // 1 bit of sign
-#define SINGLE_QUIET_NAN_BIT (0x01UL << (SINGLE_NUM_SIGNIFICAND_BITS-1))
+#define SINGLE_SIGNIFICAND_MASK (0x7fffffU) // The lower 23 bits
+#define SINGLE_EXPONENT_MASK (0xffU << SINGLE_EXPONENT_SHIFT) // 8 bits of exponent
+#define SINGLE_SIGN_MASK (0x01U << SINGLE_SIGN_SHIFT) // 1 bit of sign
+#define SINGLE_QUIET_NAN_BIT (0x01U << (SINGLE_NUM_SIGNIFICAND_BITS-1))
/* Biased Biased Unbiased Use
0x0000 0 -127 0 and subnormal
@@ -90,13 +103,13 @@
0xfe 254 127 Largest normal exponent
0xff 255 128 NaN and Infinity */
#define SINGLE_EXPONENT_BIAS (127)
-#define SINGLE_EXPONENT_MAX (SINGLE_EXPONENT_BIAS) // 127 unbiased
+#define SINGLE_EXPONENT_MAX (SINGLE_EXPONENT_BIAS) // 127 unbiased
#define SINGLE_EXPONENT_MIN (-SINGLE_EXPONENT_BIAS+1) // -126 unbiased
#define SINGLE_EXPONENT_ZERO (-SINGLE_EXPONENT_BIAS) // -127 unbiased
-#define SINGLE_EXPONENT_INF_OR_NAN (SINGLE_EXPONENT_BIAS+1) // 128 unbiased
+#define SINGLE_EXPONENT_INF_OR_NAN (SINGLE_EXPONENT_BIAS+1) // 128 unbiased
-// --------- Double Precision ----------
+// --------- Double-Precision ----------
#define DOUBLE_NUM_SIGNIFICAND_BITS (52)
#define DOUBLE_NUM_EXPONENT_BITS (11)
#define DOUBLE_NUM_SIGN_BITS (1)
@@ -125,14 +138,13 @@
/*
- Convenient functions to avoid type punning, compiler warnings and such
- The optimizer reduces them to a simple assignment.
- This is a crusty corner of C. It shouldn't be this hard.
+ Convenient functions to avoid type punning, compiler warnings and
+ such. The optimizer reduces them to a simple assignment. This is a
+ crusty corner of C. It shouldn't be this hard.
These are also in UsefulBuf.h under a different name. They are copied
- here to avoid a dependency on UsefulBuf.h. There is no
- object code size impact because these always optimze down to a
- simple assignment.
+ here to avoid a dependency on UsefulBuf.h. There is no object code
+ size impact because these always optimze down to a simple assignment.
*/
static inline uint32_t CopyFloatToUint32(float f)
{
@@ -168,13 +180,18 @@
{
// Pull the three parts out of the single-precision float
const uint32_t uSingle = CopyFloatToUint32(f);
- const int32_t nSingleUnbiasedExponent = ((uSingle & SINGLE_EXPONENT_MASK) >> SINGLE_EXPONENT_SHIFT) - SINGLE_EXPONENT_BIAS;
- const uint32_t uSingleSign = (uSingle & SINGLE_SIGN_MASK) >> SINGLE_SIGN_SHIFT;
- const uint32_t uSingleSignificand = uSingle & SINGLE_SIGNIFICAND_MASK;
+ const int32_t nSingleUnbiasedExponent = (int32_t)((uSingle & SINGLE_EXPONENT_MASK) >> SINGLE_EXPONENT_SHIFT) - SINGLE_EXPONENT_BIAS;
+ const uint32_t uSingleSign = (uSingle & SINGLE_SIGN_MASK) >> SINGLE_SIGN_SHIFT;
+ const uint32_t uSingleSignificand = uSingle & SINGLE_SIGNIFICAND_MASK;
// Now convert the three parts to half-precision.
- uint16_t uHalfSign, uHalfSignificand, uHalfBiasedExponent;
+
+ // All works is done on uint32_t with conversion to uint16_t at the end.
+ // This avoids integer promotions that static analyzers complain about and
+ // reduces code size.
+ uint32_t uHalfSign, uHalfSignificand, uHalfBiasedExponent;
+
if(nSingleUnbiasedExponent == SINGLE_EXPONENT_INF_OR_NAN) {
// +/- Infinity and NaNs -- single biased exponent is 0xff
uHalfBiasedExponent = HALF_EXPONENT_INF_OR_NAN + HALF_EXPONENT_BIAS;
@@ -182,13 +199,13 @@
// Infinity
uHalfSignificand = 0;
} else {
- // Copy the LBSs of the NaN payload that will fit from the single to the half
+ // Copy the LSBs of the NaN payload that will fit from the single to the half
uHalfSignificand = uSingleSignificand & (HALF_SIGNIFICAND_MASK & ~HALF_QUIET_NAN_BIT);
if(uSingleSignificand & SINGLE_QUIET_NAN_BIT) {
// It's a qNaN; copy the qNaN bit
uHalfSignificand |= HALF_QUIET_NAN_BIT;
} else {
- // It's a sNaN; make sure the significand is not zero so it stays a NaN
+ // It's an sNaN; make sure the significand is not zero so it stays a NaN
// This is needed because not all significand bits are copied from single
if(!uHalfSignificand) {
// Set the LSB. This is what wikipedia shows for sNAN.
@@ -206,26 +223,28 @@
uHalfSignificand = 0;
} else if(nSingleUnbiasedExponent < HALF_EXPONENT_MIN) {
// Exponent is too small to express in half-precision normal; make it a half-precision subnormal
- uHalfBiasedExponent = (uint16_t)(HALF_EXPONENT_ZERO + HALF_EXPONENT_BIAS);
+ uHalfBiasedExponent = HALF_EXPONENT_ZERO + HALF_EXPONENT_BIAS;
// Difference between single normal exponent and the base exponent of a half subnormal
- const uint32_t nExpDiff = -(nSingleUnbiasedExponent - HALF_EXPONENT_MIN);
+ const uint32_t uExpDiff = (uint32_t)-(nSingleUnbiasedExponent - HALF_EXPONENT_MIN);
// Also have to shift the significand by the difference in number of bits between a single and a half significand
- const int32_t nSignificandBitsDiff = SINGLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS;
+ const uint32_t uSignificandBitsDiff = SINGLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS;
// Add in the 1 that is implied in the significand of a normal number; it needs to be present in a subnormal
- const uint32_t uSingleSignificandSubnormal = uSingleSignificand + (0x01L << SINGLE_NUM_SIGNIFICAND_BITS);
- uHalfSignificand = uSingleSignificandSubnormal >> (nExpDiff + nSignificandBitsDiff);
+ const uint32_t uSingleSignificandSubnormal = uSingleSignificand + (0x01U << SINGLE_NUM_SIGNIFICAND_BITS);
+ uHalfSignificand = uSingleSignificandSubnormal >> (uExpDiff + uSignificandBitsDiff);
} else {
- // The normal case
- uHalfBiasedExponent = nSingleUnbiasedExponent + HALF_EXPONENT_BIAS;
+ // The normal case, exponent is in range for half-precision
+ uHalfBiasedExponent = (uint32_t)(nSingleUnbiasedExponent + HALF_EXPONENT_BIAS);
uHalfSignificand = uSingleSignificand >> (SINGLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS);
}
uHalfSign = uSingleSign;
// Put the 3 values in the right place for a half precision
- const uint16_t uHalfPrecision = uHalfSignificand |
+ const uint32_t uHalfPrecision = uHalfSignificand |
(uHalfBiasedExponent << HALF_EXPONENT_SHIFT) |
(uHalfSign << HALF_SIGN_SHIFT);
- return uHalfPrecision;
+ // Cast is safe because all the masks and shifts above work to make
+ // a half precision value which is only 16 bits.
+ return (uint16_t)uHalfPrecision;
}
@@ -234,13 +253,19 @@
{
// Pull the three parts out of the double-precision float
const uint64_t uDouble = CopyDoubleToUint64(d);
- const int64_t nDoubleUnbiasedExponent = ((uDouble & DOUBLE_EXPONENT_MASK) >> DOUBLE_EXPONENT_SHIFT) - DOUBLE_EXPONENT_BIAS;
- const uint64_t uDoubleSign = (uDouble & DOUBLE_SIGN_MASK) >> DOUBLE_SIGN_SHIFT;
- const uint64_t uDoubleSignificand = uDouble & DOUBLE_SIGNIFICAND_MASK;
-
+ const int64_t nDoubleUnbiasedExponent = (int64_t)((uDouble & DOUBLE_EXPONENT_MASK) >> DOUBLE_EXPONENT_SHIFT) - DOUBLE_EXPONENT_BIAS;
+ const uint64_t uDoubleSign = (uDouble & DOUBLE_SIGN_MASK) >> DOUBLE_SIGN_SHIFT;
+ const uint64_t uDoubleSignificand = uDouble & DOUBLE_SIGNIFICAND_MASK;
// Now convert the three parts to half-precision.
- uint16_t uHalfSign, uHalfSignificand, uHalfBiasedExponent;
+
+ // All works is done on uint64_t with conversion to uint16_t at the end.
+ // This avoids integer promotions that static analyzers complain about.
+ // Other options are for these to be unsigned int or fast_int16_t. Code
+ // size doesn't vary much between all these options for 64-bit LLVM,
+ // 64-bit GCC and 32-bit Armv7 LLVM.
+ uint64_t uHalfSign, uHalfSignificand, uHalfBiasedExponent;
+
if(nDoubleUnbiasedExponent == DOUBLE_EXPONENT_INF_OR_NAN) {
// +/- Infinity and NaNs -- single biased exponent is 0xff
uHalfBiasedExponent = HALF_EXPONENT_INF_OR_NAN + HALF_EXPONENT_BIAS;
@@ -248,7 +273,7 @@
// Infinity
uHalfSignificand = 0;
} else {
- // Copy the LBSs of the NaN payload that will fit from the double to the half
+ // Copy the LSBs of the NaN payload that will fit from the double to the half
uHalfSignificand = uDoubleSignificand & (HALF_SIGNIFICAND_MASK & ~HALF_QUIET_NAN_BIT);
if(uDoubleSignificand & DOUBLE_QUIET_NAN_BIT) {
// It's a qNaN; copy the qNaN bit
@@ -272,37 +297,42 @@
uHalfSignificand = 0;
} else if(nDoubleUnbiasedExponent < HALF_EXPONENT_MIN) {
// Exponent is too small to express in half-precision; round down to zero
- uHalfBiasedExponent = (uint16_t)(HALF_EXPONENT_ZERO + HALF_EXPONENT_BIAS);
+ uHalfBiasedExponent = HALF_EXPONENT_ZERO + HALF_EXPONENT_BIAS;
// Difference between double normal exponent and the base exponent of a half subnormal
- const uint64_t nExpDiff = -(nDoubleUnbiasedExponent - HALF_EXPONENT_MIN);
+ const uint64_t uExpDiff = (uint64_t)-(nDoubleUnbiasedExponent - HALF_EXPONENT_MIN);
// Also have to shift the significand by the difference in number of bits between a double and a half significand
- const int64_t nSignificandBitsDiff = DOUBLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS;
+ const uint64_t uSignificandBitsDiff = DOUBLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS;
// Add in the 1 that is implied in the significand of a normal number; it needs to be present in a subnormal
const uint64_t uDoubleSignificandSubnormal = uDoubleSignificand + (0x01ULL << DOUBLE_NUM_SIGNIFICAND_BITS);
- uHalfSignificand = uDoubleSignificandSubnormal >> (nExpDiff + nSignificandBitsDiff);
+ uHalfSignificand = uDoubleSignificandSubnormal >> (uExpDiff + uSignificandBitsDiff);
} else {
- // The normal case
- uHalfBiasedExponent = nDoubleUnbiasedExponent + HALF_EXPONENT_BIAS;
+ // The normal case, exponent is in range for half-precision
+ uHalfBiasedExponent = (uint32_t)(nDoubleUnbiasedExponent + HALF_EXPONENT_BIAS);
uHalfSignificand = uDoubleSignificand >> (DOUBLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS);
}
uHalfSign = uDoubleSign;
// Put the 3 values in the right place for a half precision
- const uint16_t uHalfPrecision = uHalfSignificand |
+ const uint64_t uHalfPrecision = uHalfSignificand |
(uHalfBiasedExponent << HALF_EXPONENT_SHIFT) |
(uHalfSign << HALF_SIGN_SHIFT);
- return uHalfPrecision;
+ // Cast is safe because all the masks and shifts above work to make
+ // a half precision value which is only 16 bits.
+ return (uint16_t)uHalfPrecision;
}
+
// Public function; see ieee754.h
float IEEE754_HalfToFloat(uint16_t uHalfPrecision)
{
// Pull out the three parts of the half-precision float
- const uint16_t uHalfSignificand = uHalfPrecision & HALF_SIGNIFICAND_MASK;
- const int16_t nHalfUnBiasedExponent = ((uHalfPrecision & HALF_EXPONENT_MASK) >> HALF_EXPONENT_SHIFT) - HALF_EXPONENT_BIAS;
- const uint16_t uHalfSign = (uHalfPrecision & HALF_SIGN_MASK) >> HALF_SIGN_SHIFT;
+ // Do all the work in 32 bits because that is what the end result is
+ // may give smaller code size and will keep static analyzers happier.
+ const uint32_t uHalfSignificand = uHalfPrecision & HALF_SIGNIFICAND_MASK;
+ const int32_t nHalfUnBiasedExponent = (int32_t)((uHalfPrecision & HALF_EXPONENT_MASK) >> HALF_EXPONENT_SHIFT) - HALF_EXPONENT_BIAS;
+ const uint32_t uHalfSign = (uHalfPrecision & HALF_SIGN_MASK) >> HALF_SIGN_SHIFT;
// Make the three parts of the single-precision number
@@ -343,13 +373,12 @@
}
} else {
// Normal number
- uSingleBiasedExponent = nHalfUnBiasedExponent + SINGLE_EXPONENT_BIAS;
+ uSingleBiasedExponent = (uint32_t)(nHalfUnBiasedExponent + SINGLE_EXPONENT_BIAS);
uSingleSignificand = uHalfSignificand << (SINGLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS);
}
uSingleSign = uHalfSign;
-
- // Shift the three parts of the single precision into place
+ // Shift the three parts of the single-precision into place
const uint32_t uSinglePrecision = uSingleSignificand |
(uSingleBiasedExponent << SINGLE_EXPONENT_SHIFT) |
(uSingleSign << SINGLE_SIGN_SHIFT);
@@ -362,9 +391,11 @@
double IEEE754_HalfToDouble(uint16_t uHalfPrecision)
{
// Pull out the three parts of the half-precision float
- const uint16_t uHalfSignificand = uHalfPrecision & HALF_SIGNIFICAND_MASK;
- const int16_t nHalfUnBiasedExponent = ((uHalfPrecision & HALF_EXPONENT_MASK) >> HALF_EXPONENT_SHIFT) - HALF_EXPONENT_BIAS;
- const uint16_t uHalfSign = (uHalfPrecision & HALF_SIGN_MASK) >> HALF_SIGN_SHIFT;
+ // Do all the work in 64 bits because that is what the end result is
+ // may give smaller code size and will keep static analyzers happier.
+ const uint64_t uHalfSignificand = uHalfPrecision & HALF_SIGNIFICAND_MASK;
+ const int64_t nHalfUnBiasedExponent = (int64_t)((uHalfPrecision & HALF_EXPONENT_MASK) >> HALF_EXPONENT_SHIFT) - HALF_EXPONENT_BIAS;
+ const uint64_t uHalfSign = (uHalfPrecision & HALF_SIGN_MASK) >> HALF_SIGN_SHIFT;
// Make the three parts of hte single-precision number
@@ -405,8 +436,8 @@
}
} else {
// Normal number
- uDoubleBiasedExponent = nHalfUnBiasedExponent + DOUBLE_EXPONENT_BIAS;
- uDoubleSignificand = (uint64_t)uHalfSignificand << (DOUBLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS);
+ uDoubleBiasedExponent = (uint64_t)(nHalfUnBiasedExponent + DOUBLE_EXPONENT_BIAS);
+ uDoubleSignificand = uHalfSignificand << (DOUBLE_NUM_SIGNIFICAND_BITS - HALF_NUM_SIGNIFICAND_BITS);
}
uDoubleSign = uHalfSign;
@@ -426,7 +457,7 @@
// Pull the neeed two parts out of the single-precision float
const uint32_t uSingle = CopyFloatToUint32(f);
- const int32_t nSingleExponent = ((uSingle & SINGLE_EXPONENT_MASK) >> SINGLE_EXPONENT_SHIFT) - SINGLE_EXPONENT_BIAS;
+ const int32_t nSingleExponent = (int32_t)((uSingle & SINGLE_EXPONENT_MASK) >> SINGLE_EXPONENT_SHIFT) - SINGLE_EXPONENT_BIAS;
const uint32_t uSingleSignificand = uSingle & SINGLE_SIGNIFICAND_MASK;
// Bit mask that is the significand bits that would be lost when converting
@@ -462,7 +493,7 @@
// Pull the needed two parts out of the double-precision float
const uint64_t uDouble = CopyDoubleToUint64(d);
- const int64_t nDoubleExponent = ((uDouble & DOUBLE_EXPONENT_MASK) >> DOUBLE_EXPONENT_SHIFT) - DOUBLE_EXPONENT_BIAS;
+ const int64_t nDoubleExponent = (int64_t)((uDouble & DOUBLE_EXPONENT_MASK) >> DOUBLE_EXPONENT_SHIFT) - DOUBLE_EXPONENT_BIAS;
const uint64_t uDoubleSignificand = uDouble & DOUBLE_SIGNIFICAND_MASK;
// Masks to check whether dropped significand bits are zero or not
diff --git a/lib/ext/qcbor/src/ieee754.h b/lib/ext/qcbor/src/ieee754.h
index 2530f98..705ef62 100644
--- a/lib/ext/qcbor/src/ieee754.h
+++ b/lib/ext/qcbor/src/ieee754.h
@@ -1,14 +1,14 @@
/*==============================================================================
- ieee754.c -- floating point conversion between half, double and single precision
+ ieee754.c -- floating-point conversion between half, double & single-precision
- Copyright (c) 2018-2019, Laurence Lundblade. All rights reserved.
+ Copyright (c) 2018-2020, Laurence Lundblade. All rights reserved.
SPDX-License-Identifier: BSD-3-Clause
See BSD-3-Clause license in README.md
Created on 7/23/18
- ==============================================================================*/
+ =============================================================================*/
#ifndef ieee754_h
#define ieee754_h
@@ -20,94 +20,77 @@
/*
General comments
- This is a complete in that it handles all conversion cases
- including +/- infinity, +/- zero, subnormal numbers, qNaN, sNaN
- and NaN payloads.
+ This is a complete in that it handles all conversion cases including
+ +/- infinity, +/- zero, subnormal numbers, qNaN, sNaN and NaN
+ payloads.
- This confirms to IEEE 754-2008, but note that this doesn't
- specify conversions, just the encodings.
+ This conforms to IEEE 754-2008, but note that this doesn't specify
+ conversions, just the encodings.
- NaN payloads are preserved with alignment on the LSB. The
- qNaN bit is handled differently and explicity copied. It
- is always the MSB of the significand. The NaN payload MSBs
- (except the qNaN bit) are truncated when going from
- double or single to half.
+ NaN payloads are preserved with alignment on the LSB. The qNaN bit is
+ handled differently and explicity copied. It is always the MSB of the
+ significand. The NaN payload MSBs (except the qNaN bit) are truncated
+ when going from double or single to half.
TODO: what does the C cast do with NaN payloads from
- double to single?
-
-
+ double to single? It probably depends entirely on the
+ CPU.
*/
/*
- Most simply just explicilty encode the type you want, single or double.
- This works easily everywhere since standard C supports both
- these types and so does qcbor. This encoder also supports
- half precision and there's a few ways to use it to encode
- floating point numbers in less space.
+ Most simply just explicilty encode the type you want, single or
+ double. This works easily everywhere since standard C supports both
+ these types and so does qcbor. This encoder also supports half
+ precision and there's a few ways to use it to encode floating-point
+ numbers in less space.
- Without losing precision, you can encode a single or double
- such that the special values of 0, NaN and Infinity encode
- as half-precision. This CBOR decodoer and most others
- should handle this properly.
+ Without losing precision, you can encode a single or double such that
+ the special values of 0, NaN and Infinity encode as half-precision.
+ This CBOR decodoer and most others should handle this properly.
If you don't mind losing precision, then you can use half-precision.
One way to do this is to set up your environment to use
___fp_16. Some compilers and CPUs support it even though it is not
- standard C. What is nice about this is that your program
- will use less memory and floating point operations like
- multiplying, adding and such will be faster.
+ standard C. What is nice about this is that your program will use
+ less memory and floating-point operations like multiplying, adding
+ and such will be faster.
- Another way to make use of half-precision is to represent
- the values in your program as single or double, but encode
- them in CBOR as half-precision. This cuts the size
- of the encoded messages by 2 or 4, but doesn't reduce
- memory needs or speed because you are still using
+ Another way to make use of half-precision is to represent the values
+ in your program as single or double, but encode them in CBOR as
+ half-precision. This cuts the size of the encoded messages by 2 or 4,
+ but doesn't reduce memory needs or speed because you are still using
single or double in your code.
-
- encode:
- - float as float
- - double as double
- - half as half
- - float as half_precision, for environments that don't support a half-precision type
- - double as half_precision, for environments that don't support a half-precision type
- - float with NaN, Infinity and 0 as half
- - double with NaN, Infinity and 0 as half
-
-
-
-
*/
/*
- Convert single precision float to half-precision float.
- Precision and NaN payload bits will be lost. Too large
- values will round up to infinity and too small to zero.
+ Convert single-precision float to half-precision float. Precision
+ and NaN payload bits will be lost. Too-large values will round up to
+ infinity and too small to zero.
*/
uint16_t IEEE754_FloatToHalf(float f);
/*
- Convert half precision float to single precision float.
- This is a loss-less conversion.
+ Convert half-precision float to single-precision float. This is a
+ loss-less conversion.
*/
float IEEE754_HalfToFloat(uint16_t uHalfPrecision);
/*
- Convert double precision float to half-precision float.
- Precision and NaN payload bits will be lost. Too large
- values will round up to infinity and too small to zero.
+ Convert double-precision float to half-precision float. Precision
+ and NaN payload bits will be lost. Too-large values will round up to
+ infinity and too small to zero.
*/
uint16_t IEEE754_DoubleToHalf(double d);
/*
- Convert half precision float to double precision float.
+ Convert half-precision float to double-precision float.
This is a loss-less conversion.
*/
double IEEE754_HalfToDouble(uint16_t uHalfPrecision);
@@ -126,9 +109,10 @@
/*
- Converts double-precision to single-precision or half-precision if possible without
- loss of precisions. If not, leaves it as a double. Only converts to single-precision
- unless bAllowHalfPrecision is set.
+ Converts double-precision to single-precision or half-precision if
+ possible without loss of precisions. If not, leaves it as a
+ double. Only converts to single-precision unless bAllowHalfPrecision
+ is set.
*/
IEEE754_union IEEE754_DoubleToSmallestInternal(double d, int bAllowHalfPrecision);
@@ -143,17 +127,18 @@
/*
- Converts double-precision to single-precision or half-precision if possible without
- loss of precisions. If not, leaves it as a double.
+ Converts double-precision to single-precision or half-precision if
+ possible without loss of precisions. If not, leaves it as a double.
*/
static inline IEEE754_union IEEE754_DoubleToSmallest(double d)
{
return IEEE754_DoubleToSmallestInternal(d, 1);
}
+
/*
- Converts single-precision to half-precision if possible without
- loss of precision. If not leaves as single-precision.
+ Converts single-precision to half-precision if possible without loss
+ of precision. If not leaves as single-precision.
*/
IEEE754_union IEEE754_FloatToSmallest(float f);
diff --git a/lib/ext/qcbor/src/qcbor_decode.c b/lib/ext/qcbor/src/qcbor_decode.c
index 36a9d11..1b6ff3e 100644
--- a/lib/ext/qcbor/src/qcbor_decode.c
+++ b/lib/ext/qcbor/src/qcbor_decode.c
@@ -1,6 +1,6 @@
/*==============================================================================
Copyright (c) 2016-2018, The Linux Foundation.
- Copyright (c) 2018-2019, Laurence Lundblade.
+ Copyright (c) 2018-2020, Laurence Lundblade.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -28,9 +28,9 @@
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- ==============================================================================*/
+ =============================================================================*/
-/*===================================================================================
+/*==============================================================================
FILE: qcbor_decode.c
DESCRIPTION: This file contains the implementation of QCBOR.
@@ -40,30 +40,36 @@
This section contains comments describing changes made to the module.
Notice that changes are listed in reverse chronological order.
- when who what, where, why
- -------- ---- ---------------------------------------------------
- 11/07/19 llundblade Fix long long conversion to double compiler warning
- 09/07/19 llundblade Fix bug decoding empty arrays and maps
- 07/31/19 llundblade Decode error fixes for some not-well-formed CBOR
- 07/31/19 llundblade New error code for better end of data handling
- 02/17/19 llundblade Fixed: QCBORItem.u{Data|Label}Alloc when bAllStrings set
- 02/16/19 llundblade Redesign MemPool to fix memory access alignment bug
- 01/10/19 llundblade Clever type and argument decoder is 250 bytes smaller
- 11/9/18 llundblade Error codes are now enums.
- 11/2/18 llundblade Simplify float decoding and align with preferred
- float encoding
- 10/31/18 llundblade Switch to one license that is almost BSD-3.
- 10/28/18 llundblade Reworked tag decoding
- 10/15/18 llundblade Indefinite length maps and arrays supported
- 10/8/18 llundblade Indefinite length strings supported
- 02/04/17 llundbla Work on CPUs that don's require pointer alignment
- by making use of changes in UsefulBuf
- 03/01/17 llundbla More data types; decoding improvements and fixes
- 11/13/16 llundbla Integrate most TZ changes back into github version.
- 09/30/16 gkanike Porting to TZ.
- 03/15/16 llundbla Initial Version.
+ when who what, where, why
+ -------- ---- ---------------------------------------------------
+ 01/28/2020 llundblade Refine integer signedness to quiet static analysis.
+ 01/25/2020 llundblade Cleaner handling of too-long encoded string input.
+ 01/25/2020 llundblade Refine use of integer types to quiet static analysis
+ 01/08/2020 llundblade Documentation corrections & improved code formatting
+ 12/30/19 llundblade Add support for decimal fractions and bigfloats.
+ 11/07/19 llundblade Fix long long conversion to double compiler warning
+ 09/07/19 llundblade Fix bug decoding empty arrays and maps
+ 07/31/19 llundblade Decode error fixes for some not-well-formed CBOR
+ 07/31/19 llundblade New error code for better end of data handling
+ 02/17/19 llundblade Fixed: QCBORItem.u{Data|Label}Alloc when
+ bAllStrings set
+ 02/16/19 llundblade Redesign MemPool to fix memory access alignment bug
+ 01/10/19 llundblade Clever type and argument decoder; 250 bytes smaller
+ 11/9/18 llundblade Error codes are now enums.
+ 11/2/18 llundblade Simplify float decoding and align with preferred
+ float encoding
+ 10/31/18 llundblade Switch to one license that is almost BSD-3.
+ 10/28/18 llundblade Reworked tag decoding
+ 10/15/18 llundblade Indefinite length maps and arrays supported
+ 10/8/18 llundblade Indefinite length strings supported
+ 02/04/17 llundbla Work on CPUs that don's require pointer alignment
+ by making use of changes in UsefulBuf
+ 03/01/17 llundbla More data types; decoding improvements and fixes
+ 11/13/16 llundbla Integrate most TZ changes back into github version.
+ 09/30/16 gkanike Porting to TZ.
+ 03/15/16 llundbla Initial Version.
- =====================================================================================*/
+ =============================================================================*/
#include "qcbor.h"
#include "ieee754.h"
@@ -76,31 +82,41 @@
#define UNCONST_POINTER(ptr) ((void *)(ptr))
-/*
- Collection of functions to track the map/array nesting for decoding
- */
-inline static int IsMapOrArray(uint8_t uDataType)
+/*===========================================================================
+ DecodeNesting -- Functions for tracking array/map nesting when decoding
+
+ See qcbor.h for definition of the object used here: QCBORDecodeNesting
+ ===========================================================================*/
+
+inline static int
+IsMapOrArray(uint8_t uDataType)
{
return uDataType == QCBOR_TYPE_MAP || uDataType == QCBOR_TYPE_ARRAY;
}
-inline static int DecodeNesting_IsNested(const QCBORDecodeNesting *pNesting)
+inline static int
+DecodeNesting_IsNested(const QCBORDecodeNesting *pNesting)
{
return pNesting->pCurrent != &(pNesting->pMapsAndArrays[0]);
}
-inline static int DecodeNesting_IsIndefiniteLength(const QCBORDecodeNesting *pNesting)
+inline static int
+DecodeNesting_IsIndefiniteLength(const QCBORDecodeNesting *pNesting)
{
return pNesting->pCurrent->uCount == UINT16_MAX;
}
-inline static uint8_t DecodeNesting_GetLevel(QCBORDecodeNesting *pNesting)
+inline static uint8_t
+DecodeNesting_GetLevel(QCBORDecodeNesting *pNesting)
{
- return pNesting->pCurrent - &(pNesting->pMapsAndArrays[0]);
+ // Check in DecodeNesting_Descend and never having
+ // QCBOR_MAX_ARRAY_NESTING > 255 gaurantee cast is safe
+ return (uint8_t)(pNesting->pCurrent - &(pNesting->pMapsAndArrays[0]));
}
-inline static int DecodeNesting_TypeIsMap(const QCBORDecodeNesting *pNesting)
+inline static int
+DecodeNesting_TypeIsMap(const QCBORDecodeNesting *pNesting)
{
if(!DecodeNesting_IsNested(pNesting)) {
return 0;
@@ -110,7 +126,8 @@
}
// Process a break. This will either ascend the nesting or error out
-inline static QCBORError DecodeNesting_BreakAscend(QCBORDecodeNesting *pNesting)
+inline static QCBORError
+DecodeNesting_BreakAscend(QCBORDecodeNesting *pNesting)
{
// breaks must always occur when there is nesting
if(!DecodeNesting_IsNested(pNesting)) {
@@ -128,8 +145,9 @@
return QCBOR_SUCCESS;
}
-// Called on every single item except breaks including the opening of a map/array
-inline static void DecodeNesting_DecrementCount(QCBORDecodeNesting *pNesting)
+// Called on every single item except breaks including open of a map/array
+inline static void
+DecodeNesting_DecrementCount(QCBORDecodeNesting *pNesting)
{
while(DecodeNesting_IsNested(pNesting)) {
// Not at the top level, so there is decrementing to be done.
@@ -151,9 +169,9 @@
}
}
-
// Called on every map/array
-inline static QCBORError DecodeNesting_Descend(QCBORDecodeNesting *pNesting, QCBORItem *pItem)
+inline static QCBORError
+DecodeNesting_Descend(QCBORDecodeNesting *pNesting, QCBORItem *pItem)
{
QCBORError nReturn = QCBOR_SUCCESS;
@@ -187,7 +205,8 @@
return nReturn;;
}
-inline static void DecodeNesting_Init(QCBORDecodeNesting *pNesting)
+inline static void
+DecodeNesting_Init(QCBORDecodeNesting *pNesting)
{
pNesting->pCurrent = &(pNesting->pMapsAndArrays[0]);
}
@@ -201,12 +220,12 @@
There are only 48 slots available forever.
*/
static const uint16_t spBuiltInTagMap[] = {
- CBOR_TAG_DATE_STRING, // See TAG_MAPPER_FIRST_FOUR
- CBOR_TAG_DATE_EPOCH, // See TAG_MAPPER_FIRST_FOUR
- CBOR_TAG_POS_BIGNUM, // See TAG_MAPPER_FIRST_FOUR
- CBOR_TAG_NEG_BIGNUM, // See TAG_MAPPER_FIRST_FOUR
- CBOR_TAG_FRACTION,
- CBOR_TAG_BIGFLOAT,
+ CBOR_TAG_DATE_STRING, // See TAG_MAPPER_FIRST_SIX
+ CBOR_TAG_DATE_EPOCH, // See TAG_MAPPER_FIRST_SIX
+ CBOR_TAG_POS_BIGNUM, // See TAG_MAPPER_FIRST_SIX
+ CBOR_TAG_NEG_BIGNUM, // See TAG_MAPPER_FIRST_SIX
+ CBOR_TAG_DECIMAL_FRACTION, // See TAG_MAPPER_FIRST_SIX
+ CBOR_TAG_BIGFLOAT, // See TAG_MAPPER_FIRST_SIX
CBOR_TAG_COSE_ENCRYPTO,
CBOR_TAG_COSE_MAC0,
CBOR_TAG_COSE_SIGN1,
@@ -230,17 +249,26 @@
// This is used in a bit of cleverness in GetNext_TaggedItem() to
// keep code size down and switch for the internal processing of
-// these types. This will break if the first four items in
-// spBuiltInTagMap don't have values 0,1,2,3. That is the
-// mapping is 0 to 0, 1 to 1, 2 to 2 and 3 to 3.
-#define QCBOR_TAGFLAG_DATE_STRING (0x01LL << CBOR_TAG_DATE_STRING)
-#define QCBOR_TAGFLAG_DATE_EPOCH (0x01LL << CBOR_TAG_DATE_EPOCH)
-#define QCBOR_TAGFLAG_POS_BIGNUM (0x01LL << CBOR_TAG_POS_BIGNUM)
-#define QCBOR_TAGFLAG_NEG_BIGNUM (0x01LL << CBOR_TAG_NEG_BIGNUM)
+// these types. This will break if the first six items in
+// spBuiltInTagMap don't have values 0,1,2,3,4,5. That is the
+// mapping is 0 to 0, 1 to 1, 2 to 2 and 3 to 3....
+#define QCBOR_TAGFLAG_DATE_STRING (0x01LL << CBOR_TAG_DATE_STRING)
+#define QCBOR_TAGFLAG_DATE_EPOCH (0x01LL << CBOR_TAG_DATE_EPOCH)
+#define QCBOR_TAGFLAG_POS_BIGNUM (0x01LL << CBOR_TAG_POS_BIGNUM)
+#define QCBOR_TAGFLAG_NEG_BIGNUM (0x01LL << CBOR_TAG_NEG_BIGNUM)
+#define QCBOR_TAGFLAG_DECIMAL_FRACTION (0x01LL << CBOR_TAG_DECIMAL_FRACTION)
+#define QCBOR_TAGFLAG_BIGFLOAT (0x01LL << CBOR_TAG_BIGFLOAT)
-#define TAG_MAPPER_FIRST_FOUR (QCBOR_TAGFLAG_DATE_STRING |\
- QCBOR_TAGFLAG_DATE_EPOCH |\
- QCBOR_TAGFLAG_POS_BIGNUM |\
+#define TAG_MAPPER_FIRST_SIX (QCBOR_TAGFLAG_DATE_STRING |\
+ QCBOR_TAGFLAG_DATE_EPOCH |\
+ QCBOR_TAGFLAG_POS_BIGNUM |\
+ QCBOR_TAGFLAG_NEG_BIGNUM |\
+ QCBOR_TAGFLAG_DECIMAL_FRACTION |\
+ QCBOR_TAGFLAG_BIGFLOAT)
+
+#define TAG_MAPPER_FIRST_FOUR (QCBOR_TAGFLAG_DATE_STRING |\
+ QCBOR_TAGFLAG_DATE_EPOCH |\
+ QCBOR_TAGFLAG_POS_BIGNUM |\
QCBOR_TAGFLAG_NEG_BIGNUM)
#define TAG_MAPPER_TOTAL_TAG_BITS 64 // Number of bits in a uint64_t
@@ -250,10 +278,12 @@
static inline int TagMapper_LookupBuiltIn(uint64_t uTag)
{
if(sizeof(spBuiltInTagMap)/sizeof(uint16_t) > TAG_MAPPER_MAX_SIZE_BUILT_IN_TAGS) {
- // This is a cross-check to make sure the above array doesn't
- // accidentally get made too big.
- // In normal conditions the above test should optimize out
- // as all the values are known at compile time.
+ /*
+ This is a cross-check to make sure the above array doesn't
+ accidentally get made too big. In normal conditions the above
+ test should optimize out as all the values are known at compile
+ time.
+ */
return -1;
}
@@ -287,7 +317,10 @@
This and the above functions could probably be optimized and made
clearer and neater.
*/
-static QCBORError TagMapper_Lookup(const QCBORTagListIn *pCallerConfiguredTagMap, uint64_t uTag, uint8_t *puTagBitIndex)
+static QCBORError
+TagMapper_Lookup(const QCBORTagListIn *pCallerConfiguredTagMap,
+ uint64_t uTag,
+ uint8_t *puTagBitIndex)
{
int nTagBitIndex = TagMapper_LookupBuiltIn(uTag);
if(nTagBitIndex >= 0) {
@@ -314,31 +347,38 @@
-/* ===========================================================================
+/*===========================================================================
QCBORStringAllocate -- STRING ALLOCATOR INVOCATION
The following four functions are pretty wrappers for invocation of
the string allocator supplied by the caller.
- ==============================================================================*/
+ ===========================================================================*/
-static inline void StringAllocator_Free(const QCORInternalAllocator *pMe, void *pMem)
+static inline void
+StringAllocator_Free(const QCORInternalAllocator *pMe, void *pMem)
{
(pMe->pfAllocator)(pMe->pAllocateCxt, pMem, 0);
}
-// StringAllocator_Reallocate called with pMem NULL is equal to StringAllocator_Allocate()
-static inline UsefulBuf StringAllocator_Reallocate(const QCORInternalAllocator *pMe, void *pMem, size_t uSize)
+// StringAllocator_Reallocate called with pMem NULL is
+// equal to StringAllocator_Allocate()
+static inline UsefulBuf
+StringAllocator_Reallocate(const QCORInternalAllocator *pMe,
+ void *pMem,
+ size_t uSize)
{
return (pMe->pfAllocator)(pMe->pAllocateCxt, pMem, uSize);
}
-static inline UsefulBuf StringAllocator_Allocate(const QCORInternalAllocator *pMe, size_t uSize)
+static inline UsefulBuf
+StringAllocator_Allocate(const QCORInternalAllocator *pMe, size_t uSize)
{
return (pMe->pfAllocator)(pMe->pAllocateCxt, NULL, uSize);
}
-static inline void StringAllocator_Destruct(const QCORInternalAllocator *pMe)
+static inline void
+StringAllocator_Destruct(const QCORInternalAllocator *pMe)
{
if(pMe->pfAllocator) {
(pMe->pfAllocator)(pMe->pAllocateCxt, NULL, 0);
@@ -347,16 +387,22 @@
+/*===========================================================================
+ QCBORDecode -- The main implementation of CBOR decoding
+ See qcbor.h for definition of the object used here: QCBORDecodeContext
+ ===========================================================================*/
/*
Public function, see header file
*/
-void QCBORDecode_Init(QCBORDecodeContext *me, UsefulBufC EncodedCBOR, QCBORDecodeMode nDecodeMode)
+void QCBORDecode_Init(QCBORDecodeContext *me,
+ UsefulBufC EncodedCBOR,
+ QCBORDecodeMode nDecodeMode)
{
memset(me, 0, sizeof(QCBORDecodeContext));
UsefulInputBuf_Init(&(me->InBuf), EncodedCBOR);
- // Don't bother with error check on decode mode. If a bad value is passed it will just act as
- // if the default normal mode of 0 was set.
+ // Don't bother with error check on decode mode. If a bad value is
+ // passed it will just act as if the default normal mode of 0 was set.
me->uDecodeMode = nDecodeMode;
DecodeNesting_Init(&(me->nesting));
}
@@ -379,63 +425,72 @@
/*
Public function, see header file
*/
-void QCBORDecode_SetCallerConfiguredTagList(QCBORDecodeContext *me, const QCBORTagListIn *pTagList)
+void QCBORDecode_SetCallerConfiguredTagList(QCBORDecodeContext *me,
+ const QCBORTagListIn *pTagList)
{
me->pCallerConfiguredTagList = pTagList;
}
/*
- This decodes the fundamental part of a CBOR data item, the type and number
+ This decodes the fundamental part of a CBOR data item, the type and
+ number
This is the Counterpart to InsertEncodedTypeAndNumber().
- This does the network->host byte order conversion. The conversion here
- also results in the conversion for floats in addition to that for
- lengths, tags and integer values.
+ This does the network->host byte order conversion. The conversion
+ here also results in the conversion for floats in addition to that
+ for lengths, tags and integer values.
This returns:
pnMajorType -- the major type for the item
- puNumber -- the "number" which is used a the value for integers, tags and floats and length for strings and arrays
- puAdditionalInfo -- Pass this along to know what kind of float or if length is indefinite
+ puArgument -- the "number" which is used a the value for integers,
+ tags and floats and length for strings and arrays
+
+ pnAdditionalInfo -- Pass this along to know what kind of float or
+ if length is indefinite
+
+ The int type is preferred to uint8_t for some variables as this
+ avoids integer promotions, can reduce code size and makes
+ static analyzers happier.
*/
inline static QCBORError DecodeTypeAndNumber(UsefulInputBuf *pUInBuf,
int *pnMajorType,
uint64_t *puArgument,
- uint8_t *puAdditionalInfo)
+ int *pnAdditionalInfo)
{
QCBORError nReturn;
// Get the initial byte that every CBOR data item has
- const uint8_t uInitialByte = UsefulInputBuf_GetByte(pUInBuf);
+ const int nInitialByte = (int)UsefulInputBuf_GetByte(pUInBuf);
// Break down the initial byte
- const uint8_t uTmpMajorType = uInitialByte >> 5;
- const uint8_t uAdditionalInfo = uInitialByte & 0x1f;
+ const int nTmpMajorType = nInitialByte >> 5;
+ const int nAdditionalInfo = nInitialByte & 0x1f;
// Where the number or argument accumulates
uint64_t uArgument;
- if(uAdditionalInfo >= LEN_IS_ONE_BYTE && uAdditionalInfo <= LEN_IS_EIGHT_BYTES) {
- // Need to get 1,2,4 or 8 additional argument bytes
- // Map LEN_IS_ONE_BYTE.. LEN_IS_EIGHT_BYTES to actual length
+ if(nAdditionalInfo >= LEN_IS_ONE_BYTE && nAdditionalInfo <= LEN_IS_EIGHT_BYTES) {
+ // Need to get 1,2,4 or 8 additional argument bytes Map
+ // LEN_IS_ONE_BYTE.. LEN_IS_EIGHT_BYTES to actual length
static const uint8_t aIterate[] = {1,2,4,8};
// Loop getting all the bytes in the argument
uArgument = 0;
- for(int i = aIterate[uAdditionalInfo - LEN_IS_ONE_BYTE]; i; i--) {
+ for(int i = aIterate[nAdditionalInfo - LEN_IS_ONE_BYTE]; i; i--) {
// This shift and add gives the endian conversion
uArgument = (uArgument << 8) + UsefulInputBuf_GetByte(pUInBuf);
}
- } else if(uAdditionalInfo >= ADDINFO_RESERVED1 && uAdditionalInfo <= ADDINFO_RESERVED3) {
+ } else if(nAdditionalInfo >= ADDINFO_RESERVED1 && nAdditionalInfo <= ADDINFO_RESERVED3) {
// The reserved and thus-far unused additional info values
nReturn = QCBOR_ERR_UNSUPPORTED;
goto Done;
} else {
// Less than 24, additional info is argument or 31, an indefinite length
// No more bytes to get
- uArgument = uAdditionalInfo;
+ uArgument = (uint64_t)nAdditionalInfo;
}
if(UsefulInputBuf_GetError(pUInBuf)) {
@@ -445,30 +500,36 @@
// All successful if we got here.
nReturn = QCBOR_SUCCESS;
- *pnMajorType = uTmpMajorType;
+ *pnMajorType = nTmpMajorType;
*puArgument = uArgument;
- *puAdditionalInfo = uAdditionalInfo;
+ *pnAdditionalInfo = nAdditionalInfo;
Done:
return nReturn;
}
+
/*
- CBOR doesn't explicitly specify two's compliment for integers but all CPUs
- use it these days and the test vectors in the RFC are so. All integers in the CBOR
- structure are positive and the major type indicates positive or negative.
- CBOR can express positive integers up to 2^x - 1 where x is the number of bits
- and negative integers down to 2^x. Note that negative numbers can be one
- more away from zero than positive.
- Stdint, as far as I can tell, uses two's compliment to represent
- negative integers.
+ CBOR doesn't explicitly specify two's compliment for integers but all
+ CPUs use it these days and the test vectors in the RFC are so. All
+ integers in the CBOR structure are positive and the major type
+ indicates positive or negative. CBOR can express positive integers
+ up to 2^x - 1 where x is the number of bits and negative integers
+ down to 2^x. Note that negative numbers can be one more away from
+ zero than positive. Stdint, as far as I can tell, uses two's
+ compliment to represent negative integers.
See http://www.unix.org/whitepapers/64bit.html for reasons int isn't
- used here in any way including in the interface
+ used carefully here, and in particular why it isn't used in the interface.
+ Also see
+ https://stackoverflow.com/questions/17489857/why-is-int-typically-32-bit-on-64-bit-compilers
+
+ Int is used for values that need less than 16-bits and would be subject
+ to integer promotion and complaining by static analyzers.
*/
-inline static QCBORError DecodeInteger(int nMajorType, uint64_t uNumber, QCBORItem *pDecodedItem)
+inline static QCBORError
+DecodeInteger(int nMajorType, uint64_t uNumber, QCBORItem *pDecodedItem)
{
- // Stack usage: int/ptr 1 -- 8
QCBORError nReturn = QCBOR_SUCCESS;
if(nMajorType == CBOR_MAJOR_TYPE_POSITIVE_INT) {
@@ -483,7 +544,11 @@
}
} else {
if(uNumber <= INT64_MAX) {
- pDecodedItem->val.int64 = -uNumber-1;
+ // CBOR's representation of negative numbers lines up with the
+ // two-compliment representation. A negative integer has one
+ // more in range than a positive integer. INT64_MIN is
+ // equal to (-INT64_MAX) - 1.
+ pDecodedItem->val.int64 = (-(int64_t)uNumber) - 1;
pDecodedItem->uDataType = QCBOR_TYPE_INT64;
} else {
@@ -528,18 +593,19 @@
/*
Decode true, false, floats, break...
*/
-
-inline static QCBORError DecodeSimple(uint8_t uAdditionalInfo, uint64_t uNumber, QCBORItem *pDecodedItem)
+inline static QCBORError
+DecodeSimple(int nAdditionalInfo, uint64_t uNumber, QCBORItem *pDecodedItem)
{
- // Stack usage: 0
QCBORError nReturn = QCBOR_SUCCESS;
- // uAdditionalInfo is 5 bits from the initial byte
- // compile time checks above make sure uAdditionalInfo values line up with uDataType values
- pDecodedItem->uDataType = uAdditionalInfo;
+ // uAdditionalInfo is 5 bits from the initial byte compile time checks
+ // above make sure uAdditionalInfo values line up with uDataType values.
+ // DecodeTypeAndNumber never returns a major type > 1f so cast is safe
+ pDecodedItem->uDataType = (uint8_t)nAdditionalInfo;
- switch(uAdditionalInfo) {
- // No check for ADDINFO_RESERVED1 - ADDINFO_RESERVED3 as it is caught before this is called.
+ switch(nAdditionalInfo) {
+ // No check for ADDINFO_RESERVED1 - ADDINFO_RESERVED3 as they are
+ // caught before this is called.
case HALF_PREC_FLOAT:
pDecodedItem->val.dfnum = IEEE754_HalfToDouble((uint16_t)uNumber);
@@ -572,8 +638,12 @@
default: // 0-19
pDecodedItem->uDataType = QCBOR_TYPE_UKNOWN_SIMPLE;
- // DecodeTypeAndNumber will make uNumber equal to uAdditionalInfo when uAdditionalInfo is < 24
- // This cast is safe because the 2, 4 and 8 byte lengths of uNumber are in the double/float cases above
+ /*
+ DecodeTypeAndNumber will make uNumber equal to
+ uAdditionalInfo when uAdditionalInfo is < 24 This cast is
+ safe because the 2, 4 and 8 byte lengths of uNumber are in
+ the double/float cases above
+ */
pDecodedItem->val.uSimple = (uint8_t)uNumber;
break;
}
@@ -583,7 +653,6 @@
}
-
/*
Decode text and byte strings. Call the string allocator if asked to.
*/
@@ -593,10 +662,20 @@
UsefulInputBuf *pUInBuf,
QCBORItem *pDecodedItem)
{
- // Stack usage: UsefulBuf 2, int/ptr 1 40
QCBORError nReturn = QCBOR_SUCCESS;
- const UsefulBufC Bytes = UsefulInputBuf_GetUsefulBuf(pUInBuf, uStrLen);
+ // CBOR lengths can be 64 bits, but size_t is not 64 bits on all CPUs.
+ // This check makes the casts to size_t below safe.
+
+ // 4 bytes less than the largest sizeof() so this can be tested by
+ // putting a SIZE_MAX length in the CBOR test input (no one will
+ // care the limit on strings is 4 bytes shorter).
+ if(uStrLen > SIZE_MAX-4) {
+ nReturn = QCBOR_ERR_STRING_TOO_LONG;
+ goto Done;
+ }
+
+ const UsefulBufC Bytes = UsefulInputBuf_GetUsefulBuf(pUInBuf, (size_t)uStrLen);
if(UsefulBuf_IsNULLC(Bytes)) {
// Failed to get the bytes for this string item
nReturn = QCBOR_ERR_HIT_END;
@@ -605,7 +684,7 @@
if(pAllocator) {
// We are asked to use string allocator to make a copy
- UsefulBuf NewMem = StringAllocator_Allocate(pAllocator, uStrLen);
+ UsefulBuf NewMem = StringAllocator_Allocate(pAllocator, (size_t)uStrLen);
if(UsefulBuf_IsNULL(NewMem)) {
nReturn = QCBOR_ERR_STRING_ALLOCATE;
goto Done;
@@ -616,107 +695,10 @@
// Normal case with no string allocator
pDecodedItem->val.string = Bytes;
}
- pDecodedItem->uDataType = (nMajorType == CBOR_MAJOR_TYPE_BYTE_STRING) ? QCBOR_TYPE_BYTE_STRING : QCBOR_TYPE_TEXT_STRING;
-
-Done:
- return nReturn;
-}
-
-
-/*
- Mostly just assign the right data type for the date string.
- */
-inline static QCBORError DecodeDateString(QCBORItem *pDecodedItem)
-{
- // Stack Use: UsefulBuf 1 16
- if(pDecodedItem->uDataType != QCBOR_TYPE_TEXT_STRING) {
- return QCBOR_ERR_BAD_OPT_TAG;
- }
-
- const UsefulBufC Temp = pDecodedItem->val.string;
- pDecodedItem->val.dateString = Temp;
- pDecodedItem->uDataType = QCBOR_TYPE_DATE_STRING;
- return QCBOR_SUCCESS;
-}
-
-
-/*
- Mostly just assign the right data type for the bignum.
- */
-inline static QCBORError DecodeBigNum(QCBORItem *pDecodedItem)
-{
- // Stack Use: UsefulBuf 1 -- 16
- if(pDecodedItem->uDataType != QCBOR_TYPE_BYTE_STRING) {
- return QCBOR_ERR_BAD_OPT_TAG;
- }
- const UsefulBufC Temp = pDecodedItem->val.string;
- pDecodedItem->val.bigNum = Temp;
- pDecodedItem->uDataType = pDecodedItem->uTagBits & QCBOR_TAGFLAG_POS_BIGNUM ? QCBOR_TYPE_POSBIGNUM : QCBOR_TYPE_NEGBIGNUM;
- return QCBOR_SUCCESS;
-}
-
-
-/*
- The epoch formatted date. Turns lots of different forms of encoding date into uniform one
- */
-static int DecodeDateEpoch(QCBORItem *pDecodedItem)
-{
- // Stack usage: 1
- QCBORError nReturn = QCBOR_SUCCESS;
-
- pDecodedItem->val.epochDate.fSecondsFraction = 0;
-
- switch (pDecodedItem->uDataType) {
-
- case QCBOR_TYPE_INT64:
- pDecodedItem->val.epochDate.nSeconds = pDecodedItem->val.int64;
- break;
-
- case QCBOR_TYPE_UINT64:
- if(pDecodedItem->val.uint64 > INT64_MAX) {
- nReturn = QCBOR_ERR_DATE_OVERFLOW;
- goto Done;
- }
- pDecodedItem->val.epochDate.nSeconds = pDecodedItem->val.uint64;
- break;
-
- case QCBOR_TYPE_DOUBLE:
- {
- // This comparison needs to be done as a float before
- // conversion to an int64_t to be able to detect doubles
- // that are too large to fit into an int64_t. A double
- // has 52 bits of preceision. An int64_t has 63. Casting
- // INT64_MAX to a double actually causes a round up which
- // is bad and wrong for the comparison because it will
- // allow conversion of doubles that can't fit into a
- // uint64_t. To remedy this INT64_MAX - 0x7ff is used as
- // the cutoff point as if that rounds up in conversion to
- // double it will still be less than INT64_MAX. 0x7ff is
- // picked because it has 11 bits set.
- //
- // INT64_MAX seconds is on the order of 10 billion years,
- // and the earth is less than 5 billion years old, so for
- // most uses this conversion error won't occur even though
- // doubles can go much larger.
- //
- // Without the 0x7ff there is a ~30 minute range of time
- // values 10 billion years in the past and in the future
- // where this this code would go wrong.
- const double d = pDecodedItem->val.dfnum;
- if(d > (double)(INT64_MAX - 0x7ff)) {
- nReturn = QCBOR_ERR_DATE_OVERFLOW;
- goto Done;
- }
- pDecodedItem->val.epochDate.nSeconds = (int64_t)d;
- pDecodedItem->val.epochDate.fSecondsFraction = d - (double)pDecodedItem->val.epochDate.nSeconds;
- }
- break;
-
- default:
- nReturn = QCBOR_ERR_BAD_OPT_TAG;
- goto Done;
- }
- pDecodedItem->uDataType = QCBOR_TYPE_DATE_EPOCH;
+ const bool bIsBstr = (nMajorType == CBOR_MAJOR_TYPE_BYTE_STRING);
+ // Cast because ternary operator causes promotion to integer
+ pDecodedItem->uDataType = (uint8_t)(bIsBstr ? QCBOR_TYPE_BYTE_STRING
+ : QCBOR_TYPE_TEXT_STRING);
Done:
return nReturn;
@@ -725,7 +707,11 @@
-// Make sure the constants align as this is assumed by the GetAnItem() implementation
+
+
+
+// Make sure the constants align as this is assumed by
+// the GetAnItem() implementation
#if QCBOR_TYPE_ARRAY != CBOR_MAJOR_TYPE_ARRAY
#error QCBOR_TYPE_ARRAY value not lined up with major type
#endif
@@ -734,55 +720,61 @@
#endif
/*
- This gets a single data item and decodes it including preceding optional tagging. This does not
- deal with arrays and maps and nesting except to decode the data item introducing them. Arrays and
- maps are handled at the next level up in GetNext().
+ This gets a single data item and decodes it including preceding
+ optional tagging. This does not deal with arrays and maps and nesting
+ except to decode the data item introducing them. Arrays and maps are
+ handled at the next level up in GetNext().
- Errors detected here include: an array that is too long to decode, hit end of buffer unexpectedly,
- a few forms of invalid encoded CBOR
+ Errors detected here include: an array that is too long to decode,
+ hit end of buffer unexpectedly, a few forms of invalid encoded CBOR
*/
static QCBORError GetNext_Item(UsefulInputBuf *pUInBuf,
QCBORItem *pDecodedItem,
const QCORInternalAllocator *pAllocator)
{
- // Stack usage: int/ptr 3 -- 24
QCBORError nReturn;
- // Get the major type and the number. Number could be length of more bytes or the value depending on the major type
- // nAdditionalInfo is an encoding of the length of the uNumber and is needed to decode floats and doubles
- int uMajorType;
+ /*
+ Get the major type and the number. Number could be length of more
+ bytes or the value depending on the major type nAdditionalInfo is
+ an encoding of the length of the uNumber and is needed to decode
+ floats and doubles
+ */
+ int nMajorType;
uint64_t uNumber;
- uint8_t uAdditionalInfo;
+ int nAdditionalInfo;
memset(pDecodedItem, 0, sizeof(QCBORItem));
- nReturn = DecodeTypeAndNumber(pUInBuf, &uMajorType, &uNumber, &uAdditionalInfo);
+ nReturn = DecodeTypeAndNumber(pUInBuf, &nMajorType, &uNumber, &nAdditionalInfo);
- // Error out here if we got into trouble on the type and number.
- // The code after this will not work if the type and number is not good.
+ // Error out here if we got into trouble on the type and number. The
+ // code after this will not work if the type and number is not good.
if(nReturn) {
goto Done;
}
- // At this point the major type and the value are valid. We've got the type and the number that
- // starts every CBOR data item.
- switch (uMajorType) {
+ // At this point the major type and the value are valid. We've got
+ // the type and the number that starts every CBOR data item.
+ switch (nMajorType) {
case CBOR_MAJOR_TYPE_POSITIVE_INT: // Major type 0
case CBOR_MAJOR_TYPE_NEGATIVE_INT: // Major type 1
- if(uAdditionalInfo == LEN_IS_INDEFINITE) {
+ if(nAdditionalInfo == LEN_IS_INDEFINITE) {
nReturn = QCBOR_ERR_BAD_INT;
} else {
- nReturn = DecodeInteger(uMajorType, uNumber, pDecodedItem);
+ nReturn = DecodeInteger(nMajorType, uNumber, pDecodedItem);
}
break;
case CBOR_MAJOR_TYPE_BYTE_STRING: // Major type 2
case CBOR_MAJOR_TYPE_TEXT_STRING: // Major type 3
- if(uAdditionalInfo == LEN_IS_INDEFINITE) {
- pDecodedItem->uDataType = (uMajorType == CBOR_MAJOR_TYPE_BYTE_STRING) ? QCBOR_TYPE_BYTE_STRING : QCBOR_TYPE_TEXT_STRING;
+ if(nAdditionalInfo == LEN_IS_INDEFINITE) {
+ const bool bIsBstr = (nMajorType == CBOR_MAJOR_TYPE_BYTE_STRING);
+ pDecodedItem->uDataType = (uint8_t)(bIsBstr ? QCBOR_TYPE_BYTE_STRING
+ : QCBOR_TYPE_TEXT_STRING);
pDecodedItem->val.string = (UsefulBufC){NULL, SIZE_MAX};
} else {
- nReturn = DecodeBytes(pAllocator, uMajorType, uNumber, pUInBuf, pDecodedItem);
+ nReturn = DecodeBytes(pAllocator, nMajorType, uNumber, pUInBuf, pDecodedItem);
}
break;
@@ -793,16 +785,19 @@
nReturn = QCBOR_ERR_ARRAY_TOO_LONG;
goto Done;
}
- if(uAdditionalInfo == LEN_IS_INDEFINITE) {
+ if(nAdditionalInfo == LEN_IS_INDEFINITE) {
pDecodedItem->val.uCount = UINT16_MAX; // Indicate indefinite length
} else {
- pDecodedItem->val.uCount = (uint16_t)uNumber; // type conversion OK because of check above
+ // type conversion OK because of check above
+ pDecodedItem->val.uCount = (uint16_t)uNumber;
}
- pDecodedItem->uDataType = uMajorType; // C preproc #if above makes sure constants align
+ // C preproc #if above makes sure constants for major types align
+ // DecodeTypeAndNumber never returns a major type > 7 so cast is safe
+ pDecodedItem->uDataType = (uint8_t)nMajorType;
break;
case CBOR_MAJOR_TYPE_OPTIONAL: // Major type 6, optional prepended tags
- if(uAdditionalInfo == LEN_IS_INDEFINITE) {
+ if(nAdditionalInfo == LEN_IS_INDEFINITE) {
nReturn = QCBOR_ERR_BAD_INT;
} else {
pDecodedItem->val.uTagV = uNumber;
@@ -810,11 +805,13 @@
}
break;
- case CBOR_MAJOR_TYPE_SIMPLE: // Major type 7, float, double, true, false, null...
- nReturn = DecodeSimple(uAdditionalInfo, uNumber, pDecodedItem);
+ case CBOR_MAJOR_TYPE_SIMPLE:
+ // Major type 7, float, double, true, false, null...
+ nReturn = DecodeSimple(nAdditionalInfo, uNumber, pDecodedItem);
break;
- default: // Should never happen because DecodeTypeAndNumber() should never return > 7
+ default:
+ // Never happens because DecodeTypeAndNumber() should never return > 7
nReturn = QCBOR_ERR_UNSUPPORTED;
break;
}
@@ -827,12 +824,13 @@
/*
This layer deals with indefinite length strings. It pulls all the
- individual chunk items together into one QCBORItem using the
- string allocator.
+ individual chunk items together into one QCBORItem using the string
+ allocator.
Code Reviewers: THIS FUNCTION DOES A LITTLE POINTER MATH
*/
-static inline QCBORError GetNext_FullItem(QCBORDecodeContext *me, QCBORItem *pDecodedItem)
+static inline QCBORError
+GetNext_FullItem(QCBORDecodeContext *me, QCBORItem *pDecodedItem)
{
// Stack usage; int/ptr 2 UsefulBuf 2 QCBORItem -- 96
QCBORError nReturn;
@@ -853,7 +851,8 @@
// indefinite length string tests, to be sure all is OK if this is removed.
// Only do indefinite length processing on strings
- if(pDecodedItem->uDataType != QCBOR_TYPE_BYTE_STRING && pDecodedItem->uDataType != QCBOR_TYPE_TEXT_STRING) {
+ if(pDecodedItem->uDataType != QCBOR_TYPE_BYTE_STRING &&
+ pDecodedItem->uDataType != QCBOR_TYPE_TEXT_STRING) {
goto Done; // no need to do any work here on non-string types
}
@@ -893,7 +892,8 @@
// Match data type of chunk to type at beginning.
// Also catches error of other non-string types that don't belong.
// Also catches indefinite length strings inside indefinite length strings
- if(StringChunkItem.uDataType != uStringType || StringChunkItem.val.string.len == SIZE_MAX) {
+ if(StringChunkItem.uDataType != uStringType ||
+ StringChunkItem.val.string.len == SIZE_MAX) {
nReturn = QCBOR_ERR_INDEFINITE_STRING_CHUNK;
break;
}
@@ -926,10 +926,13 @@
/*
- Returns an error if there was something wrong with the optional item or it couldn't
- be handled.
+ Gets all optional tag data items preceding a data item that is not an
+ optional tag and records them as bits in the tag map.
*/
-static QCBORError GetNext_TaggedItem(QCBORDecodeContext *me, QCBORItem *pDecodedItem, QCBORTagListOut *pTags)
+static QCBORError
+GetNext_TaggedItem(QCBORDecodeContext *me,
+ QCBORItem *pDecodedItem,
+ QCBORTagListOut *pTags)
{
// Stack usage: int/ptr: 3 -- 24
QCBORError nReturn;
@@ -938,6 +941,7 @@
pTags->uNumUsed = 0;
}
+ // Loop fetching items until the item fetched is not a tag
for(;;) {
nReturn = GetNext_FullItem(me, pDecodedItem);
if(nReturn) {
@@ -979,41 +983,19 @@
}
}
- switch(pDecodedItem->uTagBits & TAG_MAPPER_FIRST_FOUR) {
- case 0:
- // No tags at all or none we know about. Nothing to do.
- // This is part of the pass-through path of this function
- // that will mostly be taken when decoding any item.
- break;
-
- case QCBOR_TAGFLAG_DATE_STRING:
- nReturn = DecodeDateString(pDecodedItem);
- break;
-
- case QCBOR_TAGFLAG_DATE_EPOCH:
- nReturn = DecodeDateEpoch(pDecodedItem);
- break;
-
- case QCBOR_TAGFLAG_POS_BIGNUM:
- case QCBOR_TAGFLAG_NEG_BIGNUM:
- nReturn = DecodeBigNum(pDecodedItem);
- break;
-
- default:
- // Encountering some mixed up CBOR like something that
- // is tagged as both a string and integer date.
- nReturn = QCBOR_ERR_BAD_OPT_TAG;
- }
-
Done:
return nReturn;
}
/*
- This layer takes care of map entries. It combines the label and data items into one QCBORItem.
+ This layer takes care of map entries. It combines the label and data
+ items into one QCBORItem.
*/
-static inline QCBORError GetNext_MapEntry(QCBORDecodeContext *me, QCBORItem *pDecodedItem, QCBORTagListOut *pTags)
+static inline QCBORError
+GetNext_MapEntry(QCBORDecodeContext *me,
+ QCBORItem *pDecodedItem,
+ QCBORTagListOut *pTags)
{
// Stack use: int/ptr 1, QCBORItem -- 56
QCBORError nReturn = GetNext_TaggedItem(me, pDecodedItem, pTags);
@@ -1031,7 +1013,8 @@
if(DecodeNesting_TypeIsMap(&(me->nesting))) {
// If in a map and the right decoding mode, get the label
- // Get the next item which will be the real data; Item will be the label
+ // Save label in pDecodedItem and get the next which will
+ // be the real data
QCBORItem LabelItem = *pDecodedItem;
nReturn = GetNext_TaggedItem(me, pDecodedItem, pTags);
if(nReturn)
@@ -1044,7 +1027,7 @@
pDecodedItem->label.string = LabelItem.val.string;
pDecodedItem->uLabelType = QCBOR_TYPE_TEXT_STRING;
} else if (QCBOR_DECODE_MODE_MAP_STRINGS_ONLY == me->uDecodeMode) {
- // It's not a string and we only want strings, probably for easy translation to JSON
+ // It's not a string and we only want strings
nReturn = QCBOR_ERR_MAP_LABEL_TYPE;
goto Done;
} else if(LabelItem.uDataType == QCBOR_TYPE_INT64) {
@@ -1081,7 +1064,9 @@
/*
Public function, see header qcbor.h file
*/
-QCBORError QCBORDecode_GetNextWithTags(QCBORDecodeContext *me, QCBORItem *pDecodedItem, QCBORTagListOut *pTags)
+QCBORError QCBORDecode_GetNextMapOrArray(QCBORDecodeContext *me,
+ QCBORItem *pDecodedItem,
+ QCBORTagListOut *pTags)
{
// Stack ptr/int: 2, QCBORItem : 64
@@ -1176,6 +1161,281 @@
}
+/*
+ Mostly just assign the right data type for the date string.
+ */
+inline static QCBORError DecodeDateString(QCBORItem *pDecodedItem)
+{
+ // Stack Use: UsefulBuf 1 16
+ if(pDecodedItem->uDataType != QCBOR_TYPE_TEXT_STRING) {
+ return QCBOR_ERR_BAD_OPT_TAG;
+ }
+
+ const UsefulBufC Temp = pDecodedItem->val.string;
+ pDecodedItem->val.dateString = Temp;
+ pDecodedItem->uDataType = QCBOR_TYPE_DATE_STRING;
+ return QCBOR_SUCCESS;
+}
+
+
+/*
+ Mostly just assign the right data type for the bignum.
+ */
+inline static QCBORError DecodeBigNum(QCBORItem *pDecodedItem)
+{
+ // Stack Use: UsefulBuf 1 -- 16
+ if(pDecodedItem->uDataType != QCBOR_TYPE_BYTE_STRING) {
+ return QCBOR_ERR_BAD_OPT_TAG;
+ }
+ const UsefulBufC Temp = pDecodedItem->val.string;
+ pDecodedItem->val.bigNum = Temp;
+ const bool bIsPosBigNum = (bool)(pDecodedItem->uTagBits & QCBOR_TAGFLAG_POS_BIGNUM);
+ pDecodedItem->uDataType = (uint8_t)(bIsPosBigNum ? QCBOR_TYPE_POSBIGNUM
+ : QCBOR_TYPE_NEGBIGNUM);
+ return QCBOR_SUCCESS;
+}
+
+
+/*
+ The epoch formatted date. Turns lots of different forms of encoding
+ date into uniform one
+ */
+static QCBORError DecodeDateEpoch(QCBORItem *pDecodedItem)
+{
+ // Stack usage: 1
+ QCBORError nReturn = QCBOR_SUCCESS;
+
+ pDecodedItem->val.epochDate.fSecondsFraction = 0;
+
+ switch (pDecodedItem->uDataType) {
+
+ case QCBOR_TYPE_INT64:
+ pDecodedItem->val.epochDate.nSeconds = pDecodedItem->val.int64;
+ break;
+
+ case QCBOR_TYPE_UINT64:
+ if(pDecodedItem->val.uint64 > INT64_MAX) {
+ nReturn = QCBOR_ERR_DATE_OVERFLOW;
+ goto Done;
+ }
+ pDecodedItem->val.epochDate.nSeconds = (int64_t)pDecodedItem->val.uint64;
+ break;
+
+ case QCBOR_TYPE_DOUBLE:
+ {
+ // This comparison needs to be done as a float before
+ // conversion to an int64_t to be able to detect doubles
+ // that are too large to fit into an int64_t. A double
+ // has 52 bits of preceision. An int64_t has 63. Casting
+ // INT64_MAX to a double actually causes a round up which
+ // is bad and wrong for the comparison because it will
+ // allow conversion of doubles that can't fit into a
+ // uint64_t. To remedy this INT64_MAX - 0x7ff is used as
+ // the cutoff point as if that rounds up in conversion to
+ // double it will still be less than INT64_MAX. 0x7ff is
+ // picked because it has 11 bits set.
+ //
+ // INT64_MAX seconds is on the order of 10 billion years,
+ // and the earth is less than 5 billion years old, so for
+ // most uses this conversion error won't occur even though
+ // doubles can go much larger.
+ //
+ // Without the 0x7ff there is a ~30 minute range of time
+ // values 10 billion years in the past and in the future
+ // where this this code would go wrong.
+ const double d = pDecodedItem->val.dfnum;
+ if(d > (double)(INT64_MAX - 0x7ff)) {
+ nReturn = QCBOR_ERR_DATE_OVERFLOW;
+ goto Done;
+ }
+ pDecodedItem->val.epochDate.nSeconds = (int64_t)d;
+ pDecodedItem->val.epochDate.fSecondsFraction = d - (double)pDecodedItem->val.epochDate.nSeconds;
+ }
+ break;
+
+ default:
+ nReturn = QCBOR_ERR_BAD_OPT_TAG;
+ goto Done;
+ }
+ pDecodedItem->uDataType = QCBOR_TYPE_DATE_EPOCH;
+
+Done:
+ return nReturn;
+}
+
+
+#ifndef QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA
+/*
+ Decode decimal fractions and big floats.
+
+ When called pDecodedItem must be the array that is tagged as a big
+ float or decimal fraction, the array that has the two members, the
+ exponent and mantissa.
+
+ This will fetch and decode the exponent and mantissa and put the
+ result back into pDecodedItem.
+ */
+inline static QCBORError
+QCBORDecode_MantissaAndExponent(QCBORDecodeContext *me, QCBORItem *pDecodedItem)
+{
+ QCBORError nReturn;
+
+ // --- Make sure it is an array; track nesting level of members ---
+ if(pDecodedItem->uDataType != QCBOR_TYPE_ARRAY) {
+ nReturn = QCBOR_ERR_BAD_EXP_AND_MANTISSA;
+ goto Done;
+ }
+
+ // A check for pDecodedItem->val.uCount == 2 would work for
+ // definite length arrays, but not for indefnite. Instead remember
+ // the nesting level the two integers must be at, which is one
+ // deeper than that of the array.
+ const int nNestLevel = pDecodedItem->uNestingLevel + 1;
+
+ // --- Is it a decimal fraction or a bigfloat? ---
+ const bool bIsTaggedDecimalFraction = QCBORDecode_IsTagged(me, pDecodedItem, CBOR_TAG_DECIMAL_FRACTION);
+ pDecodedItem->uDataType = bIsTaggedDecimalFraction ? QCBOR_TYPE_DECIMAL_FRACTION : QCBOR_TYPE_BIGFLOAT;
+
+ // --- Get the exponent ---
+ QCBORItem exponentItem;
+ nReturn = QCBORDecode_GetNextMapOrArray(me, &exponentItem, NULL);
+ if(nReturn != QCBOR_SUCCESS) {
+ goto Done;
+ }
+ if(exponentItem.uNestingLevel != nNestLevel) {
+ // Array is empty or a map/array encountered when expecting an int
+ nReturn = QCBOR_ERR_BAD_EXP_AND_MANTISSA;
+ goto Done;
+ }
+ if(exponentItem.uDataType == QCBOR_TYPE_INT64) {
+ // Data arriving as an unsigned int < INT64_MAX has been converted
+ // to QCBOR_TYPE_INT64 and thus handled here. This is also means
+ // that the only data arriving here of type QCBOR_TYPE_UINT64 data
+ // will be too large for this to handle and thus an error that will
+ // get handled in the next else.
+ pDecodedItem->val.expAndMantissa.nExponent = exponentItem.val.int64;
+ } else {
+ // Wrong type of exponent or a QCBOR_TYPE_UINT64 > INT64_MAX
+ nReturn = QCBOR_ERR_BAD_EXP_AND_MANTISSA;
+ goto Done;
+ }
+
+ // --- Get the mantissa ---
+ QCBORItem mantissaItem;
+ nReturn = QCBORDecode_GetNextWithTags(me, &mantissaItem, NULL);
+ if(nReturn != QCBOR_SUCCESS) {
+ goto Done;
+ }
+ if(mantissaItem.uNestingLevel != nNestLevel) {
+ // Mantissa missing or map/array encountered when expecting number
+ nReturn = QCBOR_ERR_BAD_EXP_AND_MANTISSA;
+ goto Done;
+ }
+ if(mantissaItem.uDataType == QCBOR_TYPE_INT64) {
+ // Data arriving as an unsigned int < INT64_MAX has been converted
+ // to QCBOR_TYPE_INT64 and thus handled here. This is also means
+ // that the only data arriving here of type QCBOR_TYPE_UINT64 data
+ // will be too large for this to handle and thus an error that
+ // will get handled in an else below.
+ pDecodedItem->val.expAndMantissa.Mantissa.nInt = mantissaItem.val.int64;
+ } else if(mantissaItem.uDataType == QCBOR_TYPE_POSBIGNUM || mantissaItem.uDataType == QCBOR_TYPE_NEGBIGNUM) {
+ // Got a good big num mantissa
+ pDecodedItem->val.expAndMantissa.Mantissa.bigNum = mantissaItem.val.bigNum;
+ // Depends on numbering of QCBOR_TYPE_XXX
+ pDecodedItem->uDataType = (uint8_t)(pDecodedItem->uDataType +
+ mantissaItem.uDataType - QCBOR_TYPE_POSBIGNUM +
+ 1);
+ } else {
+ // Wrong type of mantissa or a QCBOR_TYPE_UINT64 > INT64_MAX
+ nReturn = QCBOR_ERR_BAD_EXP_AND_MANTISSA;
+ goto Done;
+ }
+
+ // --- Check that array only has the two numbers ---
+ if(mantissaItem.uNextNestLevel == nNestLevel) {
+ // Extra items in the decimal fraction / big num
+ nReturn = QCBOR_ERR_BAD_EXP_AND_MANTISSA;
+ goto Done;
+ }
+
+Done:
+
+ return nReturn;
+}
+#endif /* QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA */
+
+
+/*
+ Public function, see header qcbor.h file
+ */
+QCBORError
+QCBORDecode_GetNextWithTags(QCBORDecodeContext *me,
+ QCBORItem *pDecodedItem,
+ QCBORTagListOut *pTags)
+{
+ QCBORError nReturn;
+
+ nReturn = QCBORDecode_GetNextMapOrArray(me, pDecodedItem, pTags);
+ if(nReturn != QCBOR_SUCCESS) {
+ goto Done;
+ }
+
+#ifndef QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA
+#define TAG_MAPPER_FIRST_XXX TAG_MAPPER_FIRST_SIX
+#else
+#define TAG_MAPPER_FIRST_XXX TAG_MAPPER_FIRST_FOUR
+#endif
+
+ // Only pay attention to tags this code knows how to decode.
+ switch(pDecodedItem->uTagBits & TAG_MAPPER_FIRST_XXX) {
+ case 0:
+ // No tags at all or none we know about. Nothing to do.
+ // This is the pass-through path of this function
+ // that will mostly be taken when decoding any item.
+ break;
+
+ case QCBOR_TAGFLAG_DATE_STRING:
+ nReturn = DecodeDateString(pDecodedItem);
+ break;
+
+ case QCBOR_TAGFLAG_DATE_EPOCH:
+ nReturn = DecodeDateEpoch(pDecodedItem);
+ break;
+
+ case QCBOR_TAGFLAG_POS_BIGNUM:
+ case QCBOR_TAGFLAG_NEG_BIGNUM:
+ nReturn = DecodeBigNum(pDecodedItem);
+ break;
+
+#ifndef QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA
+ case QCBOR_TAGFLAG_DECIMAL_FRACTION:
+ case QCBOR_TAGFLAG_BIGFLOAT:
+ // For aggregate tagged types, what goes into pTags is only collected
+ // from the surrounding data item, not the contents, so pTags is not
+ // passed on here.
+
+ nReturn = QCBORDecode_MantissaAndExponent(me, pDecodedItem);
+ break;
+#endif /* QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA */
+
+ default:
+ // Encountering some mixed-up CBOR like something that
+ // is tagged as both a string and integer date.
+ nReturn = QCBOR_ERR_BAD_OPT_TAG;
+ }
+
+Done:
+ if(nReturn != QCBOR_SUCCESS) {
+ pDecodedItem->uDataType = QCBOR_TYPE_NONE;
+ pDecodedItem->uLabelType = QCBOR_TYPE_NONE;
+ }
+ return nReturn;
+}
+
+
+/*
+ Public function, see header qcbor.h file
+ */
QCBORError QCBORDecode_GetNext(QCBORDecodeContext *me, QCBORItem *pDecodedItem)
{
return QCBORDecode_GetNextWithTags(me, pDecodedItem, NULL);
@@ -1187,7 +1447,13 @@
next one down. If a layer has no work to do for a particular item
it returns quickly.
- - QCBORDecode_GetNext -- The top layer manages the beginnings and
+ - QCBORDecode_GetNext, GetNextWithTags -- The top layer processes
+ tagged data items, turning them into the local C representation.
+ For the most simple it is just associating a QCBOR_TYPE with the data. For
+ the complex ones that an aggregate of data items, there is some further
+ decoding and a little bit of recursion.
+
+ - QCBORDecode_GetNextMapOrArray - This manages the beginnings and
ends of maps and arrays. It tracks descending into and ascending
out of maps/arrays. It processes all breaks that terminate
maps and arrays.
@@ -1197,19 +1463,21 @@
It only does work on maps. It combines the label and data
items into one labeled item.
- - GetNext_TaggedItem -- This handles the type 6 tagged items.
- It accumulates all the tags and combines them with the following
- non-tagged item. If the tagged item is something that is understood
- like a date, the decoding of that item is invoked.
+ - GetNext_TaggedItem -- This decodes type 6 tagging. It turns the
+ tags into bit flags associated with the data item. No actual decoding
+ of the contents of the tagged item is performed here.
- - GetNext_FullItem -- This assembles the sub items that make up
+ - GetNext_FullItem -- This assembles the sub-items that make up
an indefinte length string into one string item. It uses the
string allocater to create contiguous space for the item. It
processes all breaks that are part of indefinite length strings.
- - GetNext_Item -- This gets and decodes the most atomic
- item in CBOR, the thing with an initial byte containing
- the major type.
+ - GetNext_Item -- This decodes the atomic data items in CBOR. Each
+ atomic data item has a "major type", an integer "argument" and optionally
+ some content. For text and byte strings, the content is the bytes
+ that make up the string. These are the smallest data items that are
+ considered to be well-formed. The content may also be other data items in
+ the case of aggregate types. They are not handled in this layer.
Roughly this takes 300 bytes of stack for vars. Need to
evaluate this more carefully and correctly.
@@ -1220,7 +1488,9 @@
/*
Public function, see header qcbor.h file
*/
-int QCBORDecode_IsTagged(QCBORDecodeContext *me, const QCBORItem *pItem, uint64_t uTag)
+int QCBORDecode_IsTagged(QCBORDecodeContext *me,
+ const QCBORItem *pItem,
+ uint64_t uTag)
{
const QCBORTagListIn *pCallerConfiguredTagMap = me->pCallerConfiguredTagList;
@@ -1241,7 +1511,7 @@
*/
QCBORError QCBORDecode_Finish(QCBORDecodeContext *me)
{
- int nReturn = QCBOR_SUCCESS;
+ QCBORError nReturn = QCBOR_SUCCESS;
// Error out if all the maps/arrays are not closed out
if(DecodeNesting_IsNested(&(me->nesting))) {
@@ -1268,21 +1538,28 @@
Decoder errors handled in this file
- - Hit end of input before it was expected while decoding type and number QCBOR_ERR_HIT_END
+ - Hit end of input before it was expected while decoding type and
+ number QCBOR_ERR_HIT_END
- negative integer that is too large for C QCBOR_ERR_INT_OVERFLOW
- - Hit end of input while decoding a text or byte string QCBOR_ERR_HIT_END
+ - Hit end of input while decoding a text or byte string
+ QCBOR_ERR_HIT_END
- - Encountered conflicting tags -- e.g., an item is tagged both a date string and an epoch date QCBOR_ERR_UNSUPPORTED
+ - Encountered conflicting tags -- e.g., an item is tagged both a date
+ string and an epoch date QCBOR_ERR_UNSUPPORTED
- - Encontered an array or mapp that has too many items QCBOR_ERR_ARRAY_TOO_LONG
+ - Encontered an array or mapp that has too many items
+ QCBOR_ERR_ARRAY_TOO_LONG
- - Encountered array/map nesting that is too deep QCBOR_ERR_ARRAY_NESTING_TOO_DEEP
+ - Encountered array/map nesting that is too deep
+ QCBOR_ERR_ARRAY_NESTING_TOO_DEEP
- - An epoch date > INT64_MAX or < INT64_MIN was encountered QCBOR_ERR_DATE_OVERFLOW
+ - An epoch date > INT64_MAX or < INT64_MIN was encountered
+ QCBOR_ERR_DATE_OVERFLOW
- - The type of a map label is not a string or int QCBOR_ERR_MAP_LABEL_TYPE
+ - The type of a map label is not a string or int
+ QCBOR_ERR_MAP_LABEL_TYPE
- Hit end with arrays or maps still open -- QCBOR_ERR_EXTRA_BYTES
@@ -1315,15 +1592,17 @@
The sizes packed in are uint32_t to be the same on all CPU types
and simplify the code.
- =========================================================================== */
+ ========================================================================== */
-static inline int MemPool_Unpack(const void *pMem, uint32_t *puPoolSize, uint32_t *puFreeOffset)
+static inline int
+MemPool_Unpack(const void *pMem, uint32_t *puPoolSize, uint32_t *puFreeOffset)
{
// Use of UsefulInputBuf is overkill, but it is convenient.
UsefulInputBuf UIB;
- // Just assume the size here. It was checked during SetUp so the assumption is safe.
+ // Just assume the size here. It was checked during SetUp so
+ // the assumption is safe.
UsefulInputBuf_Init(&UIB, (UsefulBufC){pMem, QCBOR_DECODE_MIN_MEM_POOL_SIZE});
*puPoolSize = UsefulInputBuf_GetUint32(&UIB);
*puFreeOffset = UsefulInputBuf_GetUint32(&UIB);
@@ -1331,7 +1610,8 @@
}
-static inline int MemPool_Pack(UsefulBuf Pool, uint32_t uFreeOffset)
+static inline int
+MemPool_Pack(UsefulBuf Pool, uint32_t uFreeOffset)
{
// Use of UsefulOutBuf is overkill, but convenient. The
// length check performed here is useful.
@@ -1352,7 +1632,8 @@
Code Reviewers: THIS FUNCTION DOES POINTER MATH
*/
-static UsefulBuf MemPool_Function(void *pPool, void *pMem, size_t uNewSize)
+static UsefulBuf
+MemPool_Function(void *pPool, void *pMem, size_t uNewSize)
{
UsefulBuf ReturnValue = NULLUsefulBuf;
@@ -1410,7 +1691,7 @@
if(uNewSize <= uPoolSize - uFreeOffset) {
ReturnValue.len = uNewSize;
ReturnValue.ptr = (uint8_t *)pPool + uFreeOffset;
- uFreeOffset += uNewSize;
+ uFreeOffset += (uint32_t)uNewSize;
}
}
} else {
@@ -1436,7 +1717,9 @@
/*
Public function, see header qcbor.h file
*/
-QCBORError QCBORDecode_SetMemPool(QCBORDecodeContext *pMe, UsefulBuf Pool, bool bAllStrings)
+QCBORError QCBORDecode_SetMemPool(QCBORDecodeContext *pMe,
+ UsefulBuf Pool,
+ bool bAllStrings)
{
// The pool size and free mem offset are packed into the beginning
// of the pool memory. This compile time check make sure the
diff --git a/lib/ext/qcbor/src/qcbor_encode.c b/lib/ext/qcbor/src/qcbor_encode.c
index 28fb225..ce14e41 100644
--- a/lib/ext/qcbor/src/qcbor_encode.c
+++ b/lib/ext/qcbor/src/qcbor_encode.c
@@ -1,6 +1,6 @@
/*==============================================================================
Copyright (c) 2016-2018, The Linux Foundation.
- Copyright (c) 2018-2019, Laurence Lundblade.
+ Copyright (c) 2018-2020, Laurence Lundblade.
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -28,9 +28,9 @@
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- ==============================================================================*/
+ =============================================================================*/
-/*===================================================================================
+/*=============================================================================
FILE: qcbor_encode.c
DESCRIPTION: This file contains the implementation of QCBOR.
@@ -40,53 +40,65 @@
This section contains comments describing changes made to the module.
Notice that changes are listed in reverse chronological order.
- when who what, where, why
- -------- ---- ---------------------------------------------------
- 8/7/19 llundblade Prevent encoding simple type reserved values 24..31
- 7/25/19 janjongboom Add indefinite length encoding for maps and arrays
- 4/6/19 llundblade Wrapped bstr returned now includes the wrapping bstr
- 12/30/18 llundblade Small efficient clever encode of type & argument.
- 11/29/18 llundblade Rework to simpler handling of tags and labels.
- 11/9/18 llundblade Error codes are now enums.
- 11/1/18 llundblade Floating support.
- 10/31/18 llundblade Switch to one license that is almost BSD-3.
- 09/28/18 llundblade Added bstr wrapping feature for COSE implementation.
- 02/05/18 llundbla Works on CPUs which require integer alignment.
- Requires new version of UsefulBuf.
- 07/05/17 llundbla Add bstr wrapping of maps/arrays for COSE
- 03/01/17 llundbla More data types
- 11/13/16 llundbla Integrate most TZ changes back into github version.
- 09/30/16 gkanike Porting to TZ.
- 03/15/16 llundbla Initial Version.
+ when who what, where, why
+ -------- ---- ---------------------------------------------------
+ 01/25/2020 llundblade Refine use of integer types to quiet static analysis.
+ 01/08/2020 llundblade Documentation corrections & improved code formatting.
+ 12/30/19 llundblade Add support for decimal fractions and bigfloats.
+ 8/7/19 llundblade Prevent encoding simple type reserved values 24..31
+ 7/25/19 janjongboom Add indefinite length encoding for maps and arrays
+ 4/6/19 llundblade Wrapped bstr returned now includes the wrapping bstr
+ 12/30/18 llundblade Small efficient clever encode of type & argument.
+ 11/29/18 llundblade Rework to simpler handling of tags and labels.
+ 11/9/18 llundblade Error codes are now enums.
+ 11/1/18 llundblade Floating support.
+ 10/31/18 llundblade Switch to one license that is almost BSD-3.
+ 09/28/18 llundblade Added bstr wrapping feature for COSE implementation.
+ 02/05/18 llundbla Works on CPUs which require integer alignment.
+ Requires new version of UsefulBuf.
+ 07/05/17 llundbla Add bstr wrapping of maps/arrays for COSE
+ 03/01/17 llundbla More data types
+ 11/13/16 llundbla Integrate most TZ changes back into github version.
+ 09/30/16 gkanike Porting to TZ.
+ 03/15/16 llundbla Initial Version.
- =====================================================================================*/
+ =============================================================================*/
#include "qcbor.h"
#include "ieee754.h"
-/*...... This is a ruler that is 80 characters long...........................*/
-
/*
- CBOR's two nesting types, arrays and maps, are tracked here. There is a
- limit of QCBOR_MAX_ARRAY_NESTING to the number of arrays and maps
+ Nesting -- This tracks the nesting of maps and arrays.
+
+ The following functions and data type QCBORTrackNesting implement the
+ nesting management for encoding.
+
+ CBOR's two nesting types, arrays and maps, are tracked here. There is
+ a limit of QCBOR_MAX_ARRAY_NESTING to the number of arrays and maps
that can be nested in one encoding so the encoding context stays
small enough to fit on the stack.
When an array / map is opened, pCurrentNesting points to the element
- in pArrays that records the type, start position and accumluates a
+ in pArrays that records the type, start position and accumulates a
count of the number of items added. When closed the start position is
used to go back and fill in the type and number of items in the array
/ map.
- Encoded output be just items like ints and strings that are
- not part of any array / map. That is, the first thing encoded
- does not have to be an array or a map.
+ Encoded output can be just items like ints and strings that are not
+ part of any array / map. That is, the first thing encoded does not
+ have to be an array or a map.
+
+ QCBOR has a special feature to allow constructing bstr-wrapped CBOR
+ directly into the output buffer, so an extra buffer for it is not
+ needed. This is implemented as nesting with type
+ CBOR_MAJOR_TYPE_BYTE_STRING and uses this code. Bstr-wrapped CBOR is
+ used by COSE for data that is to be hashed.
*/
inline static void Nesting_Init(QCBORTrackNesting *pNesting)
{
- // assumes pNesting has been zeroed
+ // Assumes pNesting has been zeroed
pNesting->pCurrentNesting = &pNesting->pArrays[0];
// Implied CBOR array at the top nesting level. This is never returned,
// but makes the item count work correctly.
@@ -100,7 +112,7 @@
QCBORError nReturn = QCBOR_SUCCESS;
if(pNesting->pCurrentNesting == &pNesting->pArrays[QCBOR_MAX_ARRAY_NESTING]) {
- // trying to open one too many
+ // Trying to open one too many
nReturn = QCBOR_ERR_ARRAY_NESTING_TOO_DEEP;
} else {
pNesting->pCurrentNesting++;
@@ -136,9 +148,13 @@
// items by two for maps to get the number of pairs. This implementation
// takes advantage of the map major type being one larger the array major
// type, hence uDivisor is either 1 or 2.
- const uint16_t uDivisor = pNesting->pCurrentNesting->uMajorType - CBOR_MAJOR_TYPE_ARRAY+1;
- return pNesting->pCurrentNesting->uCount / uDivisor;
+ if(pNesting->pCurrentNesting->uMajorType == CBOR_MAJOR_TYPE_MAP) {
+ // Cast back to uint16_t after integer promotion for bit shift
+ return (uint16_t)(pNesting->pCurrentNesting->uCount >> 1);
+ } else {
+ return pNesting->pCurrentNesting->uCount;
+ }
}
inline static uint32_t Nesting_GetStartPos(QCBORTrackNesting *pNesting)
@@ -151,17 +167,35 @@
return pNesting->pCurrentNesting->uMajorType;
}
-inline static int Nesting_IsInNest(QCBORTrackNesting *pNesting)
+inline static bool Nesting_IsInNest(QCBORTrackNesting *pNesting)
{
- return pNesting->pCurrentNesting == &pNesting->pArrays[0] ? 0 : 1;
+ return pNesting->pCurrentNesting == &pNesting->pArrays[0] ? false : true;
}
/*
+ Encoding of the major CBOR types is by these functions:
+
+ CBOR Major Type Public Function
+ 0 QCBOREncode_AddUInt64()
+ 0, 1 QCBOREncode_AddUInt64(), QCBOREncode_AddInt64()
+ 2, 3 QCBOREncode_AddBuffer(), Also QCBOREncode_OpenMapOrArray(),
+ QCBOREncode_CloseMapOrArray()
+ 4, 5 QCBOREncode_OpenMapOrArray(), QCBOREncode_CloseMapOrArray(),
+ QCBOREncode_OpenMapOrArrayIndefiniteLength(),
+ QCBOREncode_CloseMapOrArrayIndefiniteLength()
+ 6 QCBOREncode_AddTag()
+ 7 QCBOREncode_AddDouble(), QCBOREncode_AddType7()
+
+ Additionally, encoding of decimal fractions and bigfloats is by
+ QCBOREncode_AddExponentAndMantissa()
+*/
+
+/*
Error tracking plan -- Errors are tracked internally and not returned
- until Finish is called. The CBOR errors are in me->uError.
+ until QCBOREncode_Finish is called. The CBOR errors are in me->uError.
UsefulOutBuf also tracks whether the buffer is full or not in its
context. Once either of these errors is set they are never
cleared. Only QCBOREncode_Init() resets them. Or said another way, they must
@@ -190,27 +224,24 @@
structures like array/map nesting resulting in some stack memory
savings.
- Errors returned here fall into three categories:
+ The 8 errors returned here fall into three categories:
Sizes
- QCBOR_ERR_BUFFER_TOO_LARGE -- Encoded output exceeded UINT32_MAX
- QCBOR_ERR_BUFFER_TOO_SMALL -- output buffer too small
-
- QCBOR_ERR_ARRAY_NESTING_TOO_DEEP -- Array/map nesting > QCBOR_MAX_ARRAY_NESTING1
- QCBOR_ERR_ARRAY_TOO_LONG -- Too many things added to an array/map
+ QCBOR_ERR_BUFFER_TOO_LARGE -- Encoded output exceeded UINT32_MAX
+ QCBOR_ERR_BUFFER_TOO_SMALL -- Output buffer too small
+ QCBOR_ERR_ARRAY_NESTING_TOO_DEEP -- Nesting > QCBOR_MAX_ARRAY_NESTING1
+ QCBOR_ERR_ARRAY_TOO_LONG -- Too many things added to an array/map
Nesting constructed incorrectly
- QCBOR_ERR_TOO_MANY_CLOSES -- more close calls than opens
- QCBOR_ERR_CLOSE_MISMATCH -- Type of close does not match open
+ QCBOR_ERR_TOO_MANY_CLOSES -- More close calls than opens
+ QCBOR_ERR_CLOSE_MISMATCH -- Type of close does not match open
QCBOR_ERR_ARRAY_OR_MAP_STILL_OPEN -- Finish called without enough closes
Would generate not-well-formed CBOR
- QCBOR_ERR_UNSUPPORTED -- Simple type between 24 and 31
+ QCBOR_ERR_UNSUPPORTED -- Simple type between 24 and 31
*/
-
-
/*
Public function for initialization. See header qcbor.h
*/
@@ -222,9 +253,18 @@
}
+/**
+ @brief Encode a data item, the most atomic part of CBOR
+ @param[in,out] me Encoding context including output buffer
+ @param[in] uMajorType One of CBOR_MAJOR_TYPE_XX
+ @param[in] nMinLen Include zero bytes up to this length. If 0 include
+ no zero bytes. Non-zero to encode floats and doubles.
+ @param[in] uNumber The number to encode, the argument.
+ @param[in] uPos The position in the output buffer (which is inside
+ the encoding context) to insert the result. This is
+ usually at the end, an append.
-/*
All CBOR data items have a type and an "argument". The argument is
either the value of the item for integer types, the length of the
content for string, byte, array and map types, a tag for major type
@@ -263,17 +303,15 @@
This function is also used to insert floats and doubles. Before this
function is called the float or double must be copied into a
uint64_t. That is how they are passed in. They are then converted to
- network byte order correctly. The uMinLen param makes sure that even
-
- if all the digits of a half, float or double are 0 it is still
+ network byte order correctly. The uMinLen parameter makes sure that
+ even if all the digits of a half, float or double are 0 it is still
correctly encoded in 2, 4 or 8 bytes.
*/
-
static void InsertEncodedTypeAndNumber(QCBOREncodeContext *me,
- uint8_t uMajorType,
- int nMinLen,
- uint64_t uNumber,
- size_t uPos)
+ uint8_t uMajorType,
+ int nMinLen,
+ uint64_t uNumber,
+ size_t uPos)
{
/*
This code does endian conversion without hton or knowing the
@@ -296,64 +334,97 @@
Code Reviewers: THIS FUNCTION DOES POINTER MATH
*/
- // Holds up to 9 bytes of type and argument
- // plus one extra so pointer always points to
- // valid bytes.
+ /*
+ The type int is used here for several variables because of the way
+ integer promotion works in C for integer variables that are
+ uint8_t or uint16_t. The basic rule is that they will always be
+ promoted to int if they will fit. All of these integer variables
+ need only hold values less than 255 or are promoted from uint8_t,
+ so they will always fit into an int. Note that promotion is only
+ to unsigned int if the value won't fit into an int even if the
+ promotion is for an unsigned like uint8_t.
+
+ By declaring them int, there are few implicit conversions and fewer
+ casts needed. Code size is reduced a little. It also makes static
+ analyzers happier.
+
+ Note also that declaring them uint8_t won't stop integer wrap
+ around if the code is wrong. It won't make the code more correct.
+
+ https://stackoverflow.com/questions/46073295/implicit-type-promotion-rules
+ https://stackoverflow.com/questions/589575/what-does-the-c-standard-state-the-size-of-int-long-type-to-be
+ */
+
+ // Holds up to 9 bytes of type and argument plus one extra so pointer
+ // always points to valid bytes.
uint8_t bytes[sizeof(uint64_t)+2];
// Point to the last bytes and work backwards
uint8_t *pByte = &bytes[sizeof(bytes)-1];
// This is the 5 bits in the initial byte that is not the major type
- uint8_t uAdditionalInfo;
+ int nAdditionalInfo;
if (uMajorType == CBOR_MAJOR_NONE_TYPE_ARRAY_INDEFINITE_LEN) {
uMajorType = CBOR_MAJOR_TYPE_ARRAY;
- uAdditionalInfo = LEN_IS_INDEFINITE;
+ nAdditionalInfo = LEN_IS_INDEFINITE;
} else if (uMajorType == CBOR_MAJOR_NONE_TYPE_MAP_INDEFINITE_LEN) {
uMajorType = CBOR_MAJOR_TYPE_MAP;
- uAdditionalInfo = LEN_IS_INDEFINITE;
+ nAdditionalInfo = LEN_IS_INDEFINITE;
} else if (uNumber < CBOR_TWENTY_FOUR && nMinLen == 0) {
// Simple case where argument is < 24
- uAdditionalInfo = uNumber;
+ nAdditionalInfo = (int)uNumber;
} else if (uMajorType == CBOR_MAJOR_TYPE_SIMPLE && uNumber == CBOR_SIMPLE_BREAK) {
// Break statement can be encoded in single byte too (0xff)
- uAdditionalInfo = uNumber;
+ nAdditionalInfo = (int)uNumber;
} else {
/*
- Encode argument in 1,2,4 or 8 bytes. Outer loop
- runs once for 1 byte and 4 times for 8 bytes.
- Inner loop runs 1, 2 or 4 times depending on
- outer loop counter. This works backwards taking
- 8 bits off the argument being encoded at a time
- until all bits from uNumber have been encoded
- and the minimum encoding size is reached.
- Minimum encoding size is for floating point
- numbers with zero bytes.
+ Encode argument in 1,2,4 or 8 bytes. Outer loop runs once for 1
+ byte and 4 times for 8 bytes. Inner loop runs 1, 2 or 4 times
+ depending on outer loop counter. This works backwards taking 8
+ bits off the argument being encoded at a time until all bits
+ from uNumber have been encoded and the minimum encoding size is
+ reached. Minimum encoding size is for floating-point numbers
+ with zero bytes.
*/
static const uint8_t aIterate[] = {1,1,2,4};
- uint8_t i;
+ int i;
for(i = 0; uNumber || nMinLen > 0; i++) {
- const uint8_t uIterations = aIterate[i];
- for(int j = 0; j < uIterations; j++) {
- *--pByte = uNumber & 0xff;
+ const int nIterations = aIterate[i];
+ for(int j = 0; j < nIterations; j++) {
+ *--pByte = (uint8_t)(uNumber & 0xff);
uNumber = uNumber >> 8;
}
- nMinLen -= uIterations;
+ nMinLen -= nIterations;
}
- // Additional info is the encoding of the
- // number of additional bytes to encode
- // argument.
- uAdditionalInfo = LEN_IS_ONE_BYTE-1 + i;
+ // Additional info is the encoding of the number of additional
+ // bytes to encode argument.
+ nAdditionalInfo = LEN_IS_ONE_BYTE-1 + i;
}
- *--pByte = (uMajorType << 5) + uAdditionalInfo;
- UsefulOutBuf_InsertData(&(me->OutBuf), pByte, &bytes[sizeof(bytes)-1] - pByte, uPos);
+ /*
+ Expression integer-promotes to type int. The code above in
+ function gaurantees that uAdditionalInfo will never be larger than
+ 0x1f. The caller may pass in a too-large uMajor type. The
+ conversion to unint8_t will cause an integer wrap around and
+ incorrect CBOR will be generated, but no security issue will
+ incur.
+ */
+ *--pByte = (uint8_t)((uMajorType << 5) + nAdditionalInfo);
+
+ /*
+ Will not go negative because the loops run for at most 8
+ decrements of pByte, only one other decrement is made and the
+ array is sized for this.
+ */
+ const size_t uHeadLen = (size_t)(&bytes[sizeof(bytes)-1] - pByte);
+
+ UsefulOutBuf_InsertData(&(me->OutBuf), pByte, uHeadLen, uPos);
}
/*
Append the type and number info to the end of the buffer.
- See InsertEncodedTypeAndNumber() function above for details
+ See InsertEncodedTypeAndNumber() function above for details.
*/
inline static void AppendEncodedTypeAndNumber(QCBOREncodeContext *me,
uint8_t uMajorType,
@@ -371,7 +442,7 @@
/*
- Public functions for closing arrays and maps. See header qcbor.h
+ Public functions for closing arrays and maps. See qcbor.h
*/
void QCBOREncode_AddUInt64(QCBOREncodeContext *me, uint64_t uValue)
{
@@ -383,7 +454,7 @@
/*
- Public functions for closing arrays and maps. See header qcbor.h
+ Public functions for closing arrays and maps. See qcbor.h
*/
void QCBOREncode_AddInt64(QCBOREncodeContext *me, int64_t nNum)
{
@@ -410,7 +481,7 @@
Semi-private function. It is exposed to user of the interface, but
they will usually call one of the inline wrappers rather than this.
- See header qcbor.h
+ See qcbor.h
Does the work of adding actual strings bytes to the CBOR output (as
opposed to numbers and opening / closing aggregate types).
@@ -450,7 +521,7 @@
/*
- Public functions for closing arrays and maps. See header qcbor.h
+ Public functions for closing arrays and maps. See qcbor.h
*/
void QCBOREncode_AddTag(QCBOREncodeContext *me, uint64_t uTag)
{
@@ -470,13 +541,14 @@
if(uNum >= CBOR_SIMPLEV_RESERVED_START && uNum <= CBOR_SIMPLEV_RESERVED_END) {
me->uError = QCBOR_ERR_UNSUPPORTED;
} else {
- // This function call takes care of endian swapping for the float / double
+ // This call takes care of endian swapping for the float / double
InsertEncodedTypeAndNumber(me,
// The major type for floats and doubles
CBOR_MAJOR_TYPE_SIMPLE,
- // size makes sure floats with zeros encode correctly
+ // Must pass size to ensure floats
+ // with zero bytes encode correctly
(int)uSize,
- // Bytes of the floating point number as a uint
+ // The floating-point number as a uint
uNum,
// end position because this is append
UsefulOutBuf_GetEndPosition(&(me->OutBuf)));
@@ -488,7 +560,7 @@
/*
- Public functions for closing arrays and maps. See header qcbor.h
+ Public functions for closing arrays and maps. See qcbor.h
*/
void QCBOREncode_AddDouble(QCBOREncodeContext *me, double dNum)
{
@@ -498,6 +570,44 @@
}
+#ifndef QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA
+/*
+ Semi-public function. It is exposed to the user of the interface, but
+ one of the inline wrappers will usually be called rather than this.
+
+ See qcbor.h
+ */
+void QCBOREncode_AddExponentAndMantissa(QCBOREncodeContext *pMe,
+ uint64_t uTag,
+ UsefulBufC BigNumMantissa,
+ bool bBigNumIsNegative,
+ int64_t nMantissa,
+ int64_t nExponent)
+{
+ /*
+ This is for encoding either a big float or a decimal fraction,
+ both of which are an array of two items, an exponent and a
+ mantissa. The difference between the two is that the exponent is
+ base-2 for big floats and base-10 for decimal fractions, but that
+ has no effect on the code here.
+ */
+ QCBOREncode_AddTag(pMe, uTag);
+ QCBOREncode_OpenArray(pMe);
+ QCBOREncode_AddInt64(pMe, nExponent);
+ if(!UsefulBuf_IsNULLC(BigNumMantissa)) {
+ if(bBigNumIsNegative) {
+ QCBOREncode_AddNegativeBignum(pMe, BigNumMantissa);
+ } else {
+ QCBOREncode_AddPositiveBignum(pMe, BigNumMantissa);
+ }
+ } else {
+ QCBOREncode_AddInt64(pMe, nMantissa);
+ }
+ QCBOREncode_CloseArray(pMe);
+}
+#endif /* QCBOR_CONFIG_DISABLE_EXP_AND_MANTISSA */
+
+
/*
Semi-public function. It is exposed to user of the interface,
but they will usually call one of the inline wrappers rather than this.
@@ -509,35 +619,41 @@
// Add one item to the nesting level we are in for the new map or array
me->uError = Nesting_Increment(&(me->nesting));
if(me->uError == QCBOR_SUCCESS) {
- // The offset where the length of an array or map will get written
- // is stored in a uint32_t, not a size_t to keep stack usage smaller. This
- // checks to be sure there is no wrap around when recording the offset.
- // Note that on 64-bit machines CBOR larger than 4GB can be encoded as long as no
- // array / map offsets occur past the 4GB mark, but the public interface
- // says that the maximum is 4GB to keep the discussion simpler.
+ /*
+ The offset where the length of an array or map will get written
+ is stored in a uint32_t, not a size_t to keep stack usage
+ smaller. This checks to be sure there is no wrap around when
+ recording the offset. Note that on 64-bit machines CBOR larger
+ than 4GB can be encoded as long as no array / map offsets occur
+ past the 4GB mark, but the public interface says that the
+ maximum is 4GB to keep the discussion simpler.
+ */
size_t uEndPosition = UsefulOutBuf_GetEndPosition(&(me->OutBuf));
- // QCBOR_MAX_ARRAY_OFFSET is slightly less than UINT32_MAX so this
- // code can run on a 32-bit machine and tests can pass on a 32-bit
- // machine. If it was exactly UINT32_MAX, then this code would
- // not compile or run on a 32-bit machine and an #ifdef or some
- // machine size detection would be needed reducing portability.
+ /*
+ QCBOR_MAX_ARRAY_OFFSET is slightly less than UINT32_MAX so this
+ code can run on a 32-bit machine and tests can pass on a 32-bit
+ machine. If it was exactly UINT32_MAX, then this code would not
+ compile or run on a 32-bit machine and an #ifdef or some
+ machine size detection would be needed reducing portability.
+ */
if(uEndPosition >= QCBOR_MAX_ARRAY_OFFSET) {
me->uError = QCBOR_ERR_BUFFER_TOO_LARGE;
} else {
- // Increase nesting level because this is a map or array.
- // Cast from size_t to uin32_t is safe because of check above
+ // Increase nesting level because this is a map or array. Cast
+ // from size_t to uin32_t is safe because of check above
me->uError = Nesting_Increase(&(me->nesting), uMajorType, (uint32_t)uEndPosition);
}
}
}
+
/*
Semi-public function. It is exposed to user of the interface,
but they will usually call one of the inline wrappers rather than this.
- See header qcbor.h
+ See qcbor.h
*/
void QCBOREncode_OpenMapOrArrayIndefiniteLength(QCBOREncodeContext *me, uint8_t uMajorType)
{
@@ -547,8 +663,9 @@
QCBOREncode_OpenMapOrArray(me, uMajorType);
}
+
/*
- Public functions for closing arrays and maps. See header qcbor.h
+ Public functions for closing arrays and maps. See qcbor.h
*/
void QCBOREncode_CloseMapOrArray(QCBOREncodeContext *me,
uint8_t uMajorType,
@@ -560,36 +677,46 @@
} else if(Nesting_GetMajorType(&(me->nesting)) != uMajorType) {
me->uError = QCBOR_ERR_CLOSE_MISMATCH;
} else {
- // When the array, map or bstr wrap was started, nothing was done
- // except note the position of the start of it. This code goes back
- // and inserts the actual CBOR array, map or bstr and its length.
- // That means all the data that is in the array, map or wrapped
- // needs to be slid to the right. This is done by UsefulOutBuf's
- // insert function that is called from inside
- // InsertEncodedTypeAndNumber()
- const size_t uInsertPosition = Nesting_GetStartPos(&(me->nesting));
- const size_t uEndPosition = UsefulOutBuf_GetEndPosition(&(me->OutBuf));
- // This can't go negative because the UsefulOutBuf always only grows
- // and never shrinks. UsefulOutBut itself also has defenses such that
- // it won't write were it should not even if given hostile input lengths
+ /*
+ When the array, map or bstr wrap was started, nothing was
+ gone except note the position of the start of it. This code
+ goes back and inserts the actual CBOR array, map or bstr and
+ its length. That means all the data that is in the array,
+ map or wrapped needs to be slid to the right. This is done
+ by UsefulOutBuf's insert function that is called from inside
+ InsertEncodedTypeAndNumber()
+ */
+ const size_t uInsertPosition = Nesting_GetStartPos(&(me->nesting));
+ const size_t uEndPosition = UsefulOutBuf_GetEndPosition(&(me->OutBuf));
+ /*
+ This can't go negative because the UsefulOutBuf always only
+ grows and never shrinks. UsefulOutBut itself also has
+ defenses such that it won't write were it should not even if
+ given hostile input lengths
+ */
const size_t uLenOfEncodedMapOrArray = uEndPosition - uInsertPosition;
- // Length is number of bytes for a bstr and number of items a for map & array
- const size_t uLength = uMajorType == CBOR_MAJOR_TYPE_BYTE_STRING ?
- uLenOfEncodedMapOrArray : Nesting_GetCount(&(me->nesting));
+ // Number of bytes for a bstr or number of items a for map & array
+ const bool bIsBstr = uMajorType == CBOR_MAJOR_TYPE_BYTE_STRING;
+ const size_t uLength = bIsBstr ? uLenOfEncodedMapOrArray
+ : Nesting_GetCount(&(me->nesting));
// Actually insert
InsertEncodedTypeAndNumber(me,
- uMajorType, // major type bstr, array or map
- 0, // no minimum length for encoding
- uLength, // either len of bstr or num map / array items
+ uMajorType, // bstr, array or map
+ 0, // no minimum length
+ uLength, // either len of bstr or
+ // num map / array items
uInsertPosition); // position in out buffer
- // Return pointer and length to the enclosed encoded CBOR. The intended
- // use is for it to be hashed (e.g., SHA-256) in a COSE implementation.
- // This must be used right away, as the pointer and length go invalid
- // on any subsequent calls to this function because there might be calls to
- // InsertEncodedTypeAndNumber() that slides data to the right.
+ /*
+ Return pointer and length to the enclosed encoded CBOR. The
+ intended use is for it to be hashed (e.g., SHA-256) in a
+ COSE implementation. This must be used right away, as the
+ pointer and length go invalid on any subsequent calls to
+ this function because there might be calls to
+ InsertEncodedTypeAndNumber() that slides data to the right.
+ */
if(pWrappedCBOR) {
const UsefulBufC PartialResult = UsefulOutBuf_OutUBuf(&(me->OutBuf));
*pWrappedCBOR = UsefulBuf_Tail(PartialResult, uInsertPosition);
@@ -599,10 +726,13 @@
}
}
+
/*
- Public functions for closing arrays and maps. See header qcbor.h
+ Public functions for closing arrays and maps. See qcbor.h
*/
-void QCBOREncode_CloseMapOrArrayIndefiniteLength(QCBOREncodeContext *me, uint8_t uMajorType, UsefulBufC *pWrappedCBOR)
+void QCBOREncode_CloseMapOrArrayIndefiniteLength(QCBOREncodeContext *me,
+ uint8_t uMajorType,
+ UsefulBufC *pWrappedCBOR)
{
if(me->uError == QCBOR_SUCCESS) {
if(!Nesting_IsInNest(&(me->nesting))) {
@@ -611,13 +741,20 @@
me->uError = QCBOR_ERR_CLOSE_MISMATCH;
} else {
// insert the break marker (0xff for both arrays and maps)
- InsertEncodedTypeAndNumber(me, CBOR_MAJOR_TYPE_SIMPLE, 0, CBOR_SIMPLE_BREAK, UsefulOutBuf_GetEndPosition(&(me->OutBuf)));
+ InsertEncodedTypeAndNumber(me,
+ CBOR_MAJOR_TYPE_SIMPLE,
+ 0,
+ CBOR_SIMPLE_BREAK,
+ UsefulOutBuf_GetEndPosition(&(me->OutBuf)));
- // Return pointer and length to the enclosed encoded CBOR. The intended
- // use is for it to be hashed (e.g., SHA-256) in a COSE implementation.
- // This must be used right away, as the pointer and length go invalid
- // on any subsequent calls to this function because there might be calls to
- // InsertEncodedTypeAndNumber() that slides data to the right.
+ /*
+ Return pointer and length to the enclosed encoded CBOR. The
+ intended use is for it to be hashed (e.g., SHA-256) in a
+ COSE implementation. This must be used right away, as the
+ pointer and length go invalid on any subsequent calls to
+ this function because there might be calls to
+ InsertEncodedTypeAndNumber() that slides data to the right.
+ */
if(pWrappedCBOR) {
const UsefulBufC PartialResult = UsefulOutBuf_OutUBuf(&(me->OutBuf));
*pWrappedCBOR = UsefulBuf_Tail(PartialResult, UsefulOutBuf_GetEndPosition(&(me->OutBuf)));
@@ -631,7 +768,7 @@
/*
- Public functions to finish and get the encoded result. See header qcbor.h
+ Public functions to finish and get the encoded result. See qcbor.h
*/
QCBORError QCBOREncode_Finish(QCBOREncodeContext *me, UsefulBufC *pEncodedCBOR)
{
@@ -655,7 +792,7 @@
/*
- Public functions to finish and get the encoded result. See header qcbor.h
+ Public functions to finish and get the encoded result. See qcbor.h
*/
QCBORError QCBOREncode_FinishGetSize(QCBOREncodeContext *me, size_t *puEncodedLen)
{
@@ -674,16 +811,6 @@
/*
- Notes on the code
-
- CBOR Major Type Public Function
- 0 QCBOREncode_AddUInt64
- 0, 1 QCBOREncode_AddUInt64, QCBOREncode_AddInt64
- 2, 3 QCBOREncode_AddBuffer, Also QCBOREncode_OpenMapOrArray
- 4, 5 QCBOREncode_OpenMapOrArray
- 6 QCBOREncode_AddTag
- 7 QCBOREncode_AddDouble, QCBOREncode_AddType7
-
Object code sizes on X86 with LLVM compiler and -Os (Dec 30, 2018)
_QCBOREncode_Init 69