1// Copyright 2009 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package gob
6
7import (
8	"bufio"
9	"errors"
10	"internal/saferio"
11	"io"
12	"reflect"
13	"sync"
14)
15
16// tooBig provides a sanity check for sizes; used in several places. Upper limit
17// of is 1GB on 32-bit systems, 8GB on 64-bit, allowing room to grow a little
18// without overflow.
19const tooBig = (1 << 30) << (^uint(0) >> 62)
20
21// A Decoder manages the receipt of type and data information read from the
22// remote side of a connection.  It is safe for concurrent use by multiple
23// goroutines.
24//
25// The Decoder does only basic sanity checking on decoded input sizes,
26// and its limits are not configurable. Take caution when decoding gob data
27// from untrusted sources.
28type Decoder struct {
29	mutex        sync.Mutex                              // each item must be received atomically
30	r            io.Reader                               // source of the data
31	buf          decBuffer                               // buffer for more efficient i/o from r
32	wireType     map[typeId]*wireType                    // map from remote ID to local description
33	decoderCache map[reflect.Type]map[typeId]**decEngine // cache of compiled engines
34	ignorerCache map[typeId]**decEngine                  // ditto for ignored objects
35	freeList     *decoderState                           // list of free decoderStates; avoids reallocation
36	countBuf     []byte                                  // used for decoding integers while parsing messages
37	err          error
38	// ignoreDepth tracks the depth of recursively parsed ignored fields
39	ignoreDepth int
40}
41
42// NewDecoder returns a new decoder that reads from the [io.Reader].
43// If r does not also implement [io.ByteReader], it will be wrapped in a
44// [bufio.Reader].
45func NewDecoder(r io.Reader) *Decoder {
46	dec := new(Decoder)
47	// We use the ability to read bytes as a plausible surrogate for buffering.
48	if _, ok := r.(io.ByteReader); !ok {
49		r = bufio.NewReader(r)
50	}
51	dec.r = r
52	dec.wireType = make(map[typeId]*wireType)
53	dec.decoderCache = make(map[reflect.Type]map[typeId]**decEngine)
54	dec.ignorerCache = make(map[typeId]**decEngine)
55	dec.countBuf = make([]byte, 9) // counts may be uint64s (unlikely!), require 9 bytes
56
57	return dec
58}
59
60// recvType loads the definition of a type.
61func (dec *Decoder) recvType(id typeId) {
62	// Have we already seen this type? That's an error
63	if id < firstUserId || dec.wireType[id] != nil {
64		dec.err = errors.New("gob: duplicate type received")
65		return
66	}
67
68	// Type:
69	wire := new(wireType)
70	dec.decodeValue(tWireType, reflect.ValueOf(wire))
71	if dec.err != nil {
72		return
73	}
74	// Remember we've seen this type.
75	dec.wireType[id] = wire
76}
77
78var errBadCount = errors.New("invalid message length")
79
80// recvMessage reads the next count-delimited item from the input. It is the converse
81// of Encoder.writeMessage. It returns false on EOF or other error reading the message.
82func (dec *Decoder) recvMessage() bool {
83	// Read a count.
84	nbytes, _, err := decodeUintReader(dec.r, dec.countBuf)
85	if err != nil {
86		dec.err = err
87		return false
88	}
89	if nbytes >= tooBig {
90		dec.err = errBadCount
91		return false
92	}
93	dec.readMessage(int(nbytes))
94	return dec.err == nil
95}
96
97// readMessage reads the next nbytes bytes from the input.
98func (dec *Decoder) readMessage(nbytes int) {
99	if dec.buf.Len() != 0 {
100		// The buffer should always be empty now.
101		panic("non-empty decoder buffer")
102	}
103	// Read the data
104	var buf []byte
105	buf, dec.err = saferio.ReadData(dec.r, uint64(nbytes))
106	dec.buf.SetBytes(buf)
107	if dec.err == io.EOF {
108		dec.err = io.ErrUnexpectedEOF
109	}
110}
111
112// toInt turns an encoded uint64 into an int, according to the marshaling rules.
113func toInt(x uint64) int64 {
114	i := int64(x >> 1)
115	if x&1 != 0 {
116		i = ^i
117	}
118	return i
119}
120
121func (dec *Decoder) nextInt() int64 {
122	n, _, err := decodeUintReader(&dec.buf, dec.countBuf)
123	if err != nil {
124		dec.err = err
125	}
126	return toInt(n)
127}
128
129func (dec *Decoder) nextUint() uint64 {
130	n, _, err := decodeUintReader(&dec.buf, dec.countBuf)
131	if err != nil {
132		dec.err = err
133	}
134	return n
135}
136
137// decodeTypeSequence parses:
138// TypeSequence
139//
140//	(TypeDefinition DelimitedTypeDefinition*)?
141//
142// and returns the type id of the next value. It returns -1 at
143// EOF.  Upon return, the remainder of dec.buf is the value to be
144// decoded. If this is an interface value, it can be ignored by
145// resetting that buffer.
146func (dec *Decoder) decodeTypeSequence(isInterface bool) typeId {
147	firstMessage := true
148	for dec.err == nil {
149		if dec.buf.Len() == 0 {
150			if !dec.recvMessage() {
151				// We can only return io.EOF if the input was empty.
152				// If we read one or more type spec messages,
153				// require a data item message to follow.
154				// If we hit an EOF before that, then give ErrUnexpectedEOF.
155				if !firstMessage && dec.err == io.EOF {
156					dec.err = io.ErrUnexpectedEOF
157				}
158				break
159			}
160		}
161		// Receive a type id.
162		id := typeId(dec.nextInt())
163		if id >= 0 {
164			// Value follows.
165			return id
166		}
167		// Type definition for (-id) follows.
168		dec.recvType(-id)
169		if dec.err != nil {
170			break
171		}
172		// When decoding an interface, after a type there may be a
173		// DelimitedValue still in the buffer. Skip its count.
174		// (Alternatively, the buffer is empty and the byte count
175		// will be absorbed by recvMessage.)
176		if dec.buf.Len() > 0 {
177			if !isInterface {
178				dec.err = errors.New("extra data in buffer")
179				break
180			}
181			dec.nextUint()
182		}
183		firstMessage = false
184	}
185	return -1
186}
187
188// Decode reads the next value from the input stream and stores
189// it in the data represented by the empty interface value.
190// If e is nil, the value will be discarded. Otherwise,
191// the value underlying e must be a pointer to the
192// correct type for the next data item received.
193// If the input is at EOF, Decode returns [io.EOF] and
194// does not modify e.
195func (dec *Decoder) Decode(e any) error {
196	if e == nil {
197		return dec.DecodeValue(reflect.Value{})
198	}
199	value := reflect.ValueOf(e)
200	// If e represents a value as opposed to a pointer, the answer won't
201	// get back to the caller. Make sure it's a pointer.
202	if value.Type().Kind() != reflect.Pointer {
203		dec.err = errors.New("gob: attempt to decode into a non-pointer")
204		return dec.err
205	}
206	return dec.DecodeValue(value)
207}
208
209// DecodeValue reads the next value from the input stream.
210// If v is the zero reflect.Value (v.Kind() == Invalid), DecodeValue discards the value.
211// Otherwise, it stores the value into v. In that case, v must represent
212// a non-nil pointer to data or be an assignable reflect.Value (v.CanSet())
213// If the input is at EOF, DecodeValue returns [io.EOF] and
214// does not modify v.
215func (dec *Decoder) DecodeValue(v reflect.Value) error {
216	if v.IsValid() {
217		if v.Kind() == reflect.Pointer && !v.IsNil() {
218			// That's okay, we'll store through the pointer.
219		} else if !v.CanSet() {
220			return errors.New("gob: DecodeValue of unassignable value")
221		}
222	}
223	// Make sure we're single-threaded through here.
224	dec.mutex.Lock()
225	defer dec.mutex.Unlock()
226
227	dec.buf.Reset() // In case data lingers from previous invocation.
228	dec.err = nil
229	id := dec.decodeTypeSequence(false)
230	if dec.err == nil {
231		dec.decodeValue(id, v)
232	}
233	return dec.err
234}
235
236// If debug.go is compiled into the program, debugFunc prints a human-readable
237// representation of the gob data read from r by calling that file's Debug function.
238// Otherwise it is nil.
239var debugFunc func(io.Reader)
240