1	// Copyright (C) 2020 Intel Corporation.
2	// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3
4	#include "qcborstreamreader.h"
5
6	#define CBOR_NO_ENCODER_API
7	#include <private/qcborcommon_p.h>
8
9	#include <private/qbytearray_p.h>
10	#include <private/qnumeric_p.h>
11	#include <private/qstringconverter_p.h>
12	#include <qiodevice.h>
13	#include <qdebug.h>
14	#include <qstack.h>
15	#include <qvarlengtharray.h>
16
17	QT_BEGIN_NAMESPACE
18
19	static bool qt_cbor_decoder_can_read(void *token, size_t len);
20	static void qt_cbor_decoder_advance(void *token, size_t len);
21	static void *qt_cbor_decoder_read(void *token, void *userptr, size_t offset, size_t len);
22	static CborError qt_cbor_decoder_transfer_string(void *token, const void **userptr, size_t offset, size_t len);
23
24	#define CBOR_PARSER_READER_CONTROL 1
25	#define CBOR_PARSER_CAN_READ_BYTES_FUNCTION qt_cbor_decoder_can_read
26	#define CBOR_PARSER_ADVANCE_BYTES_FUNCTION qt_cbor_decoder_advance
27	#define CBOR_PARSER_TRANSFER_STRING_FUNCTION qt_cbor_decoder_transfer_string
28	#define CBOR_PARSER_READ_BYTES_FUNCTION qt_cbor_decoder_read
29
30	QT_WARNING_PUSH
31	QT_WARNING_DISABLE_MSVC(4334) // '<<': result of 32-bit shift implicitly converted to 64 bits (was 64-bit shift intended?)
32
33	#include <cborparser.c>
34
35	QT_WARNING_POP
36
37	static CborError _cbor_value_dup_string(const CborValue *, void **, size_t *, CborValue *)
38	{
39	Q_UNREACHABLE_RETURN(CborErrorInternalError);
40	}
41	[[maybe_unused]] static CborError cbor_value_get_half_float_as_float(const CborValue *, float *)
42	{
43	Q_UNREACHABLE_RETURN(CborErrorInternalError);
44	}
45
46	// confirm our constants match TinyCBOR's
47	static_assert(int(QCborStreamReader::UnsignedInteger) == CborIntegerType);
48	static_assert(int(QCborStreamReader::ByteString) == CborByteStringType);
49	static_assert(int(QCborStreamReader::TextString) == CborTextStringType);
50	static_assert(int(QCborStreamReader::Array) == CborArrayType);
51	static_assert(int(QCborStreamReader::Map) == CborMapType);
52	static_assert(int(QCborStreamReader::Tag) == CborTagType);
53	static_assert(int(QCborStreamReader::SimpleType) == CborSimpleType);
54	static_assert(int(QCborStreamReader::HalfFloat) == CborHalfFloatType);
55	static_assert(int(QCborStreamReader::Float) == CborFloatType);
56	static_assert(int(QCborStreamReader::Double) == CborDoubleType);
57	static_assert(int(QCborStreamReader::Invalid) == CborInvalidType);
58
59	/*!
60	\class QCborStreamReader
61	\inmodule QtCore
62	\ingroup cbor
63	\ingroup qtserialization
64	\reentrant
65	\since 5.12
66
67	\brief The QCborStreamReader class is a simple CBOR stream decoder, operating
68	on either a QByteArray or QIODevice.
69
70	This class can be used to decode a stream of CBOR content directly from
71	either a QByteArray or a QIODevice. CBOR is the Concise Binary Object
72	Representation, a very compact form of binary data encoding that is
73	compatible with JSON. It was created by the IETF Constrained RESTful
74	Environments (CoRE) WG, which has used it in many new RFCs. It is meant to
75	be used alongside the \l{RFC 7252}{CoAP
76	protocol}.
77
78	QCborStreamReader provides a StAX-like API, similar to that of
79	\l{QXmlStreamReader}. Using it requires a bit of knowledge of CBOR encoding.
80	For a simpler API, see \l{QCborValue} and especially the decoding function
81	QCborValue::fromCbor().
82
83	Typically, one creates a QCborStreamReader by passing the source QByteArray
84	or QIODevice as a parameter to the constructor, then pop elements off the
85	stream if there were no errors in decoding. There are three kinds of CBOR
86	types:
87
88	\table
89	\header \li Kind \li Types \li Behavior
90	\row \li Fixed-width \li Integers, Tags, Simple types, Floating point
91	\li Value is pre-parsed by QCborStreamReader, so accessor functions
92	are \c const. Must call next() to advance.
93	\row \li Strings \li Byte arrays, Text strings
94	\li Length (if known) is pre-parsed, but the string itself is not.
95	The accessor functions are not const and may allocate memory.
96	Once called, the accessor functions automatically advance to
97	the next element.
98	\row \li Containers \li Arrays, Maps
99	\li Length (if known) is pre-parsed. To access the elements, you
100	must call enterContainer(), read all elements, then call
101	leaveContainer(). That function advances to the next element.
102	\endtable
103
104	So a processor function typically looks like this:
105
106	\snippet code/src_corelib_serialization_qcborstream.cpp 24
107
108	\section1 CBOR support
109
110	The following table lists the CBOR features that QCborStreamReader supports.
111
112	\table
113	\header \li Feature \li Support
114	\row \li Unsigned numbers \li Yes (full range)
115	\row \li Negative numbers \li Yes (full range)
116	\row \li Byte strings \li Yes
117	\row \li Text strings \li Yes
118	\row \li Chunked strings \li Yes
119	\row \li Tags \li Yes (arbitrary)
120	\row \li Booleans \li Yes
121	\row \li Null \li Yes
122	\row \li Undefined \li Yes
123	\row \li Arbitrary simple values \li Yes
124	\row \li Half-precision float (16-bit) \li Yes
125	\row \li Single-precision float (32-bit) \li Yes
126	\row \li Double-precision float (64-bit) \li Yes
127	\row \li Infinities and NaN floating point \li Yes
128	\row \li Determinate-length arrays and maps \li Yes
129	\row \li Indeterminate-length arrays and maps \li Yes
130	\row \li Map key types other than strings and integers \li Yes (arbitrary)
131	\endtable
132
133	\section1 Dealing with invalid or incomplete CBOR streams
134
135	QCborStreamReader is capable of detecting corrupt input on its own. The
136	library it uses has been extensively tested against invalid input of any
137	kind and is quite able to report errors. If any is detected,
138	QCborStreamReader will set lastError() to a value besides
139	QCborError::NoError, indicating which situation was detected.
140
141	Most errors detected by QCborStreamReader during normal item parsing are not
142	recoverable. The code using QCborStreamReader may opt to handle the data
143	that was properly decoded or it can opt to discard the entire data.
144
145	The only recoverable error is QCborError::EndOfFile, which indicates that
146	more data is required in order to complete the parsing. This situation is
147	useful when data is being read from an asynchronous source, such as a pipe
148	(QProcess) or a socket (QTcpSocket, QUdpSocket, QNetworkReply, etc.). When
149	more data arrives, the surrounding code needs to call either addData(), if
150	parsing from a QByteArray, or reparse(), if it is instead reading directly
151	a the QIDOevice that now has more data available (see setDevice()).
152
153	\sa QCborStreamWriter, QCborValue, QXmlStreamReader,
154	{Parsing and displaying CBOR data}, {Convert Example},
155	{JSON Save Game Example}
156	*/
157
158	/*!
159	\enum QCborStreamReader::Type
160
161	This enumeration contains all possible CBOR types as decoded by
162	QCborStreamReader. CBOR has 7 major types, plus a number of simple types
163	carrying no value, and floating point values.
164
165	\value UnsignedInteger (Major type 0) Ranges from 0 to 2\sup{64} - 1
166	(18,446,744,073,709,551,616)
167	\value NegativeInteger (Major type 1) Ranges from -1 to -2\sup{64}
168	(-18,446,744,073,709,551,616)
169	\value ByteArray (Major type 2) Arbitrary binary data.
170	\value ByteString An alias to ByteArray.
171	\value String (Major type 3) Unicode text, possibly containing NULs.
172	\value TextString An alias to String
173	\value Array (Major type 4) Array of heterogeneous items.
174	\value Map (Major type 5) Map/dictionary of heterogeneous items.
175	\value Tag (Major type 6) Numbers giving further semantic value
176	to generic CBOR items. See \l QCborTag for more information.
177	\value SimpleType (Major type 7) Types carrying no further value. Includes
178	booleans (true and false), null, undefined.
179	\value Float16 IEEE 754 half-precision floating point (\c qfloat16).
180	\value HalfFloat An alias to Float16.
181	\value Float IEEE 754 single-precision floating point (\tt float).
182	\value Double IEEE 754 double-precision floating point (\tt double).
183	\value Invalid Not a valid type, either due to parsing error or due to
184	reaching the end of an array or map.
185	*/
186
187	/*!
188	\enum QCborStreamReader::StringResultCode
189
190	This enum is returned by readString() and readByteArray() and is used to
191	indicate what the status of the parsing is.
192
193	\value EndOfString The parsing for the string is complete, with no error.
194	\value Ok The function returned data; there was no error.
195	\value Error Parsing failed with an error.
196	*/
197
198	/*!
199	\class QCborStreamReader::StringResult
200	\inmodule QtCore
201
202	This class is returned by readString() and readByteArray(), with either the
203	contents of the string that was read or an indication that the parsing is
204	done or found an error.
205
206	The contents of \l data are valid only if \l status is
207	\l{StringResultCode}{Ok}. Otherwise, it should be null.
208	*/
209
210	/*!
211	\variable QCborStreamReader::StringResult::data
212
213	Contains the actual data from the string if \l status is \c Ok.
214	*/
215
216	/*!
217	\variable QCborStreamReader::StringResult::status
218
219	Contains the status of the attempt of reading the string from the stream.
220	*/
221
222	/*!
223	\fn QCborStreamReader::Type QCborStreamReader::type() const
224
225	Returns the type of the current element. It is one of the valid types or
226	Invalid.
227
228	\sa isValid(), isUnsignedInteger(), isNegativeInteger(), isInteger(),
229	isByteArray(), isString(), isArray(), isMap(), isTag(), isSimpleType(),
230	isBool(), isFalse(), isTrue(), isNull(), isUndefined(), isFloat16(),
231	isFloat(), isDouble()
232	*/
233
234	/*!
235	\fn bool QCborStreamReader::isValid() const
236
237	Returns true if the current element is valid, false otherwise. The current
238	element may be invalid if there was a decoding error or we've just parsed
239	the last element in an array or map.
240
241	\note This function is not the opposite of isNull(). Null is a normal CBOR
242	type that must be handled by the application.
243
244	\sa type(), isInvalid()
245	*/
246
247	/*!
248	\fn bool QCborStreamReader::isInvalid() const
249
250	Returns true if the current element is invalid, false otherwise. The current
251	element may be invalid if there was a decoding error or we've just parsed
252	the last element in an array or map.
253
254	\note This function is not to be confused with isNull(). Null is a normal
255	CBOR type that must be handled by the application.
256
257	\sa type(), isValid()
258	*/
259
260	/*!
261	\fn bool QCborStreamReader::isUnsignedInteger() const
262
263	Returns true if the type of the current element is an unsigned integer (that
264	is if type() returns QCborStreamReader::UnsignedInteger). If this function
265	returns true, you may call toUnsignedInteger() or toInteger() to read that value.
266
267	\sa type(), toUnsignedInteger(), toInteger(), isInteger(), isNegativeInteger()
268	*/
269
270	/*!
271	\fn bool QCborStreamReader::isNegativeInteger() const
272
273	Returns true if the type of the current element is a negative integer (that
274	is if type() returns QCborStreamReader::NegativeInteger). If this function
275	returns true, you may call toNegativeInteger() or toInteger() to read that value.
276
277	\sa type(), toNegativeInteger(), toInteger(), isInteger(), isUnsignedInteger()
278	*/
279
280	/*!
281	\fn bool QCborStreamReader::isInteger() const
282
283	Returns true if the type of the current element is either an unsigned
284	integer or a negative one (that is, if type() returns
285	QCborStreamReader::UnsignedInteger or QCborStreamReader::NegativeInteger).
286	If this function returns true, you may call toInteger() to read that
287	value.
288
289	\sa type(), toInteger(), toUnsignedInteger(), toNegativeInteger(),
290	isUnsignedInteger(), isNegativeInteger()
291	*/
292
293	/*!
294	\fn bool QCborStreamReader::isByteArray() const
295
296	Returns true if the type of the current element is a byte array (that is,
297	if type() returns QCborStreamReader::ByteArray). If this function returns
298	true, you may call readByteArray() to read that data.
299
300	\sa type(), readByteArray(), isString()
301	*/
302
303	/*!
304	\fn bool QCborStreamReader::isString() const
305
306	Returns true if the type of the current element is a text string (that is,
307	if type() returns QCborStreamReader::String). If this function returns
308	true, you may call readString() to read that data.
309
310	\sa type(), readString(), isByteArray()
311	*/
312
313	/*!
314	\fn bool QCborStreamReader::isArray() const
315
316	Returns true if the type of the current element is an array (that is,
317	if type() returns QCborStreamReader::Array). If this function returns
318	true, you may call enterContainer() to begin parsing that container.
319
320	When the current element is an array, you may also call isLengthKnown() to
321	find out if the array's size is explicit in the CBOR stream. If it is, that
322	size can be obtained by calling length().
323
324	The following example pre-allocates a QVariantList given the array's size
325	for more efficient decoding:
326
327	\snippet code/src_corelib_serialization_qcborstream.cpp 25
328
329	\note The code above does not validate that the length is a sensible value.
330	If the input stream reports that the length is 1 billion elements, the above
331	function will try to allocate some 16 GB or more of RAM, which can lead to a
332	crash.
333
334	\sa type(), isMap(), isLengthKnown(), length(), enterContainer(), leaveContainer()
335	*/
336
337	/*!
338	\fn bool QCborStreamReader::isMap() const
339
340	Returns true if the type of the current element is a map (that is, if type()
341	returns QCborStreamReader::Map). If this function returns true, you may call
342	enterContainer() to begin parsing that container.
343
344	When the current element is a map, you may also call isLengthKnown() to
345	find out if the map's size is explicit in the CBOR stream. If it is, that
346	size can be obtained by calling length().
347
348	The following example pre-allocates a QVariantMap given the map's size
349	for more efficient decoding:
350
351	\snippet code/src_corelib_serialization_qcborstream.cpp 26
352
353	The example above uses a function called \c readElementAsString to read the
354	map's keys and obtain a string. That is because CBOR maps may contain any
355	type as keys, not just strings. User code needs to either perform this
356	conversion, reject non-string keys, or instead use a different container
357	besides \l QVariantMap and \l QVariantHash. For example, if the map is
358	expected to contain integer keys, which is recommended as it reduces stream
359	size and parsing, the correct container would be \c{\l{QMap}<int, QVariant>}
360	or \c{\l{QHash}<int, QVariant>}.
361
362	\note The code above does not validate that the length is a sensible value.
363	If the input stream reports that the length is 1 billion elements, the above
364	function will try to allocate some 24 GB or more of RAM, which can lead to a
365	crash.
366
367	\sa type(), isArray(), isLengthKnown(), length(), enterContainer(), leaveContainer()
368	*/
369
370	/*!
371	\fn bool QCborStreamReader::isTag() const
372
373	Returns true if the type of the current element is a CBOR tag (that is,
374	if type() returns QCborStreamReader::Tag). If this function returns
375	true, you may call toTag() to read that data.
376
377	\sa type(), toTag()
378	*/
379
380	/*!
381	\fn bool QCborStreamReader::isFloat16() const
382
383	Returns true if the type of the current element is an IEEE 754
384	half-precision floating point (that is, if type() returns
385	QCborStreamReader::Float16). If this function returns true, you may call
386	toFloat16() to read that data.
387
388	\sa type(), toFloat16(), isFloat(), isDouble()
389	*/
390
391	/*!
392	\fn bool QCborStreamReader::isFloat() const
393
394	Returns true if the type of the current element is an IEEE 754
395	single-precision floating point (that is, if type() returns
396	QCborStreamReader::Float). If this function returns true, you may call
397	toFloat() to read that data.
398
399	\sa type(), toFloat(), isFloat16(), isDouble()
400	*/
401
402	/*!
403	\fn bool QCborStreamReader::isDouble() const
404
405	Returns true if the type of the current element is an IEEE 754
406	double-precision floating point (that is, if type() returns
407	QCborStreamReader::Double). If this function returns true, you may call
408	toDouble() to read that data.
409
410	\sa type(), toDouble(), isFloat16(), isFloat()
411	*/
412
413	/*!
414	\fn bool QCborStreamReader::isSimpleType() const
415
416	Returns true if the type of the current element is any CBOR simple type,
417	including a boolean value (true and false) as well as null and undefined. To
418	find out which simple type this is, call toSimpleType(). Alternatively, to
419	test for one specific simple type, call the overload that takes a
420	QCborSimpleType parameter.
421
422	CBOR simple types are types that do not carry extra value. There are 255
423	possibilities, but there are currently only four values that have defined
424	meaning. Code is not expected to cope with unknown simple types and may
425	simply discard the stream as invalid if it finds an unknown one.
426
427	\sa QCborSimpleType, type(), isSimpleType(QCborSimpleType), toSimpleType()
428	*/
429
430	/*!
431	\fn bool QCborStreamReader::isSimpleType(QCborSimpleType st) const
432
433	Returns true if the type of the current element is the simple type \a st,
434	false otherwise. If this function returns true, then toSimpleType() will
435	return \a st.
436
437	CBOR simple types are types that do not carry extra value. There are 255
438	possibilities, but there are currently only four values that have defined
439	meaning. Code is not expected to cope with unknown simple types and may
440	simply discard the stream as invalid if it finds an unknown one.
441
442	\sa QCborSimpleType, type(), isSimpleType(), toSimpleType()
443	*/
444
445	/*!
446	\fn bool QCborStreamReader::isFalse() const
447
448	Returns true if the current element is the \c false value, false if it is
449	anything else.
450
451	\sa type(), isTrue(), isBool(), toBool(), isSimpleType(), toSimpleType()
452	*/
453
454	/*!
455	\fn bool QCborStreamReader::isTrue() const
456
457	Returns true if the current element is the \c true value, false if it is
458	anything else.
459
460	\sa type(), isFalse(), isBool(), toBool(), isSimpleType(), toSimpleType()
461	*/
462
463	/*!
464	\fn bool QCborStreamReader::isBool() const
465
466	Returns true if the current element is a boolean value (\c true or \c
467	false), false if it is anything else. If this function returns true, you may
468	call toBool() to retrieve the value of the boolean. You may also call
469	toSimpleType() and compare to either QCborSimpleValue::True or
470	QCborSimpleValue::False.
471
472	\sa type(), isFalse(), isTrue(), toBool(), isSimpleType(), toSimpleType()
473	*/
474
475	/*!
476	\fn bool QCborStreamReader::isNull() const
477
478	Returns true if the current element is the \c null value, false if it is
479	anything else. Null values may be used to indicate the absence of some
480	optional data.
481
482	\note This function is not the opposite of isValid(). A Null value is a
483	valid CBOR value.
484
485	\sa type(), isSimpleType(), toSimpleType()
486	*/
487
488	/*!
489	\fn bool QCborStreamReader::isUndefined() const
490
491	Returns true if the current element is the \c undefined value, false if it
492	is anything else. Undefined values may be encoded to indicate that some
493	conversion failed or was not possible when creating the stream.
494	QCborStreamReader never performs any replacement and this function will only
495	return true if the stream contains an explicit undefined value.
496
497	\sa type(), isSimpleType(), toSimpleType()
498	*/
499
500	/*!
501	\fn bool QCborStreamReader::isContainer() const
502
503	Returns true if the current element is a container (that is, an array or a
504	map), false if it is anything else. If the current element is a container,
505	the isLengthKnown() function may be used to find out if the container's size
506	is explicit in the stream and, if so, length() can be used to get that size.
507
508	More importantly, for a container, the enterContainer() function is
509	available to begin iterating through the elements contained therein.
510
511	\sa type(), isArray(), isMap(), isLengthKnown(), length(), enterContainer(),
512	leaveContainer(), containerDepth()
513	*/
514
515	class QCborStreamReaderPrivate
516	{
517	public:
518	enum {
519	// 9 bytes is the maximum size for any integer, floating point or
520	// length in CBOR.
521	MaxCborIndividualSize = 9,
522	IdealIoBufferSize = 256
523	};
524
525	QIODevice *device;
526	QByteArray buffer;
527	QStack<CborValue> containerStack;
528
529	CborParser parser;
530	CborValue currentElement;
531	QCborError lastError = {};
532
533	QByteArray::size_type bufferStart = 0;
534	bool corrupt = false;
535
536	QCborStreamReaderPrivate(const QByteArray &data)
537	: device(nullptr), buffer(data)
538	{
539	initDecoder();
540	}
541
542	QCborStreamReaderPrivate(QIODevice *device)
543	{
544	setDevice(device);
545	}
546
547	~QCborStreamReaderPrivate()
548	{
549	}
550
551	void setDevice(QIODevice *dev)
552	{
553	buffer.clear();
554	device = dev;
555	initDecoder();
556	}
557
558	void initDecoder()
559	{
560	containerStack.clear();
561	bufferStart = 0;
562	if (device) {
563	buffer.clear();
564	buffer.reserve(asize: IdealIoBufferSize); // sets the CapacityReserved flag
565	}
566
567	preread();
568	if (CborError err = cbor_parser_init_reader(ops: nullptr, parser: &parser, it: &currentElement, token: this))
569	handleError(err);
570	else
571	lastError = { .c: QCborError::NoError };
572	}
573
574	char *bufferPtr()
575	{
576	Q_ASSERT(buffer.isDetached());
577	return const_cast<char *>(buffer.constData()) + bufferStart;
578	}
579
580	void preread()
581	{
582	if (device && buffer.size() - bufferStart < MaxCborIndividualSize) {
583	// load more, but only if there's more to be read
584	qint64 avail = device->bytesAvailable();
585	Q_ASSERT(avail >= buffer.size());
586	if (avail == buffer.size())
587	return;
588
589	if (bufferStart)
590	device->skip(maxSize: bufferStart); // skip what we've already parsed
591
592	if (buffer.size() != IdealIoBufferSize)
593	buffer.resize(size: IdealIoBufferSize);
594
595	bufferStart = 0;
596	qint64 read = device->peek(data: bufferPtr(), maxlen: IdealIoBufferSize);
597	if (read < 0)
598	buffer.clear();
599	else if (read != IdealIoBufferSize)
600	buffer.truncate(pos: read);
601	}
602	}
603
604	void handleError(CborError err) noexcept
605	{
606	Q_ASSERT(err);
607
608	// is the error fatal?
609	if (err != CborErrorUnexpectedEOF)
610	corrupt = true;
611
612	lastError = QCborError { .c: QCborError::Code(int(err)) };
613	}
614
615	struct ReadStringChunk {
616	union {
617	char *ptr;
618	QByteArray *array;
619	QString *string;
620	};
621	enum { ByteArray = -1, String = -3 };
622	qsizetype maxlen_or_type;
623
624	ReadStringChunk(char *ptr, qsizetype maxlen) : ptr(ptr), maxlen_or_type(maxlen) {}
625	ReadStringChunk(QByteArray *array) : array(array), maxlen_or_type(ByteArray) {}
626	ReadStringChunk(QString *str) : string(str), maxlen_or_type(String) {}
627	bool isString() const { return maxlen_or_type == String; }
628	bool isByteArray() const { return maxlen_or_type == ByteArray; }
629	bool isPlainPointer() const { return maxlen_or_type >= 0; }
630	};
631
632	static QCborStreamReader::StringResultCode appendStringChunk(QCborStreamReader &reader, QByteArray *data);
633	QCborStreamReader::StringResult<qsizetype> readStringChunk(ReadStringChunk params);
634	qsizetype readStringChunk_byte(ReadStringChunk params, qsizetype len);
635	qsizetype readStringChunk_unicode(ReadStringChunk params, qsizetype utf8len);
636	bool ensureStringIteration();
637	};
638
639	void qt_cbor_stream_set_error(QCborStreamReaderPrivate *d, QCborError error)
640	{
641	d->handleError(err: CborError(error.c));
642	}
643
644	static inline bool qt_cbor_decoder_can_read(void *token, size_t len)
645	{
646	Q_ASSERT(len <= QCborStreamReaderPrivate::MaxCborIndividualSize);
647	auto self = static_cast<QCborStreamReaderPrivate *>(token);
648
649	qint64 avail = self->buffer.size() - self->bufferStart;
650	return len <= quint64(avail);
651	}
652
653	static void qt_cbor_decoder_advance(void *token, size_t len)
654	{
655	Q_ASSERT(len <= QCborStreamReaderPrivate::MaxCborIndividualSize);
656	auto self = static_cast<QCborStreamReaderPrivate *>(token);
657	Q_ASSERT(len <= size_t(self->buffer.size() - self->bufferStart));
658
659	self->bufferStart += int(len);
660	self->preread();
661	}
662
663	static void *qt_cbor_decoder_read(void *token, void *userptr, size_t offset, size_t len)
664	{
665	Q_ASSERT(len == 1 || len == 2 || len == 4 || len == 8);
666	Q_ASSERT(offset == 0 || offset == 1);
667	auto self = static_cast<const QCborStreamReaderPrivate *>(token);
668
669	// we must have pre-read the data
670	Q_ASSERT(len + offset <= size_t(self->buffer.size() - self->bufferStart));
671	return memcpy(dest: userptr, src: self->buffer.constData() + self->bufferStart + offset, n: len);
672	}
673
674	static CborError qt_cbor_decoder_transfer_string(void *token, const void **userptr, size_t offset, size_t len)
675	{
676	auto self = static_cast<QCborStreamReaderPrivate *>(token);
677	Q_ASSERT(offset <= size_t(self->buffer.size()));
678	static_assert(sizeof(size_t) >= sizeof(QByteArray::size_type));
679	static_assert(sizeof(size_t) == sizeof(qsizetype));
680
681	// check that we will have enough data from the QIODevice before we advance
682	// (otherwise, we'd lose the length information)
683	qsizetype total;
684	if (len > size_t(std::numeric_limits<QByteArray::size_type>::max())
685	|| qAddOverflow<qsizetype>(v1: offset, v2: len, r: &total))
686	return CborErrorDataTooLarge;
687
688	// our string transfer is just saving the offset to the userptr
689	*userptr = reinterpret_cast<void *>(offset);
690
691	qint64 avail = (self->device ? self->device->bytesAvailable() : self->buffer.size()) -
692	self->bufferStart;
693	return total > avail ? CborErrorUnexpectedEOF : CborNoError;
694	}
695
696	bool QCborStreamReaderPrivate::ensureStringIteration()
697	{
698	if (currentElement.flags & CborIteratorFlag_IteratingStringChunks)
699	return true;
700
701	CborError err = cbor_value_begin_string_iteration(value: &currentElement);
702	if (!err)
703	return true;
704	handleError(err);
705	return false;
706	}
707
708	/*!
709	\internal
710	*/
711	inline void QCborStreamReader::preparse()
712	{
713	if (lastError() == QCborError::NoError) {
714	type_ = cbor_value_get_type(value: &d->currentElement);
715
716	if (type_ == CborInvalidType) {
717	// We may have reached the end.
718	if (d->device && d->containerStack.isEmpty()) {
719	d->buffer.clear();
720	if (d->bufferStart)
721	d->device->skip(maxSize: d->bufferStart);
722	d->bufferStart = 0;
723	}
724	} else {
725	d->lastError = {};
726	// Undo the type mapping that TinyCBOR does (we have an explicit type
727	// for negative integer and we don't have separate types for Boolean,
728	// Null and Undefined).
729	if (type_ == CborBooleanType || type_ == CborNullType || type_ == CborUndefinedType) {
730	type_ = CborSimpleType;
731	value64 = quint8(d->buffer.at(i: d->bufferStart)) - CborSimpleType;
732	} else {
733	// Using internal TinyCBOR API!
734	value64 = _cbor_value_extract_int64_helper(value: &d->currentElement);
735
736	if (cbor_value_is_negative_integer(value: &d->currentElement))
737	type_ = quint8(QCborStreamReader::NegativeInteger);
738	}
739	}
740	} else {
741	type_ = Invalid;
742	}
743	}
744
745	/*!
746	Creates a QCborStreamReader object with no source data. After construction,
747	QCborStreamReader will report an error parsing.
748
749	You can add more data by calling addData() or by setting a different source
750	device using setDevice().
751
752	\sa addData(), isValid()
753	*/
754	QCborStreamReader::QCborStreamReader()
755	: d(new QCborStreamReaderPrivate({})), type_(Invalid)
756	{
757	}
758
759	/*!
760	\overload
761
762	Creates a QCborStreamReader object with \a len bytes of data starting at \a
763	data. The pointer must remain valid until QCborStreamReader is destroyed.
764	*/
765	QCborStreamReader::QCborStreamReader(const char *data, qsizetype len)
766	: QCborStreamReader(QByteArray::fromRawData(data, size: len))
767	{
768	}
769
770	/*!
771	\overload
772
773	Creates a QCborStreamReader object with \a len bytes of data starting at \a
774	data. The pointer must remain valid until QCborStreamReader is destroyed.
775	*/
776	QCborStreamReader::QCborStreamReader(const quint8 *data, qsizetype len)
777	: QCborStreamReader(QByteArray::fromRawData(data: reinterpret_cast<const char *>(data), size: len))
778	{
779	}
780
781	/*!
782	\overload
783
784	Creates a QCborStreamReader object that will parse the CBOR stream found in
785	\a data.
786	*/
787	QCborStreamReader::QCborStreamReader(const QByteArray &data)
788	: d(new QCborStreamReaderPrivate(data))
789	{
790	preparse();
791	}
792
793	/*!
794	\overload
795
796	Creates a QCborStreamReader object that will parse the CBOR stream found by
797	reading from \a device. QCborStreamReader does not take ownership of \a
798	device, so it must remain valid until this object is destroyed.
799	*/
800	QCborStreamReader::QCborStreamReader(QIODevice *device)
801	: d(new QCborStreamReaderPrivate(device))
802	{
803	preparse();
804	}
805
806	/*!
807	Destroys this QCborStreamReader object and frees any associated resources.
808	*/
809	QCborStreamReader::~QCborStreamReader()
810	{
811	}
812
813	/*!
814	Sets the source of data to \a device, resetting the decoder to its initial
815	state.
816	*/
817	void QCborStreamReader::setDevice(QIODevice *device)
818	{
819	d->setDevice(device);
820	preparse();
821	}
822
823	/*!
824	Returns the QIODevice that was set with either setDevice() or the
825	QCborStreamReader constructor. If this object was reading from a QByteArray,
826	this function returns nullptr instead.
827	*/
828	QIODevice *QCborStreamReader::device() const
829	{
830	return d->device;
831	}
832
833	/*!
834	Adds \a data to the CBOR stream and reparses the current element. This
835	function is useful if the end of the data was previously reached while
836	processing the stream, but now more data is available.
837	*/
838	void QCborStreamReader::addData(const QByteArray &data)
839	{
840	addData(data: data.constData(), len: data.size());
841	}
842
843	/*!
844	\fn void QCborStreamReader::addData(const quint8 *data, qsizetype len)
845	\overload
846
847	Adds \a len bytes of data starting at \a data to the CBOR stream and
848	reparses the current element. This function is useful if the end of the data
849	was previously reached while processing the stream, but now more data is
850	available.
851	*/
852
853	/*!
854	\overload
855
856	Adds \a len bytes of data starting at \a data to the CBOR stream and
857	reparses the current element. This function is useful if the end of the data
858	was previously reached while processing the stream, but now more data is
859	available.
860	*/
861	void QCborStreamReader::addData(const char *data, qsizetype len)
862	{
863	if (!d->device) {
864	if (len > 0)
865	d->buffer.append(s: data, len);
866	reparse();
867	} else {
868	qWarning(msg: "QCborStreamReader: addData() with device()");
869	}
870	}
871
872	/*!
873	Reparses the current element. This function must be called when more data
874	becomes available in the source QIODevice after parsing failed due to
875	reaching the end of the input data before the end of the CBOR stream.
876
877	When reading from QByteArray(), the addData() function automatically calls
878	this function. Calling it when the reading had not failed is a no-op.
879	*/
880	void QCborStreamReader::reparse()
881	{
882	d->lastError = {};
883	d->preread();
884	if (CborError err = cbor_value_reparse(it: &d->currentElement))
885	d->handleError(err);
886	else
887	preparse();
888	}
889
890	/*!
891	Clears the decoder state and resets the input source data to an empty byte
892	array. After this function is called, QCborStreamReader will be indicating
893	an error parsing.
894
895	Call addData() to add more data to be parsed.
896
897	\sa reset(), setDevice()
898	*/
899	void QCborStreamReader::clear()
900	{
901	setDevice(nullptr);
902	}
903
904	/*!
905	Resets the source back to the beginning and clears the decoder state. If the
906	source data was a QByteArray, QCborStreamReader will restart from the
907	beginning of the array.
908
909	If the source data is a QIODevice, this function will call
910	QIODevice::reset(), which will seek to byte position 0. If the CBOR stream
911	is not found at the beginning of the device (e.g., beginning of a file),
912	then this function will likely do the wrong thing. Instead, position the
913	QIODevice to the right offset and call setDevice().
914
915	\sa clear(), setDevice()
916	*/
917	void QCborStreamReader::reset()
918	{
919	if (d->device)
920	d->device->reset();
921	d->lastError = {};
922	d->initDecoder();
923	preparse();
924	}
925
926	/*!
927	Returns the last error in decoding the stream, if any. If no error
928	was encountered, this returns an QCborError::NoError.
929
930	\sa isValid()
931	*/
932	QCborError QCborStreamReader::lastError()
933	{
934	return d->lastError;
935	}
936
937	/*!
938	Returns the offset in the input stream of the item currently being decoded.
939	The current offset is the number of decoded bytes so far only if the source
940	data is a QByteArray or it is a QIODevice that was positioned at its
941	beginning when decoding started.
942
943	\sa reset(), clear(), device()
944	*/
945	qint64 QCborStreamReader::currentOffset() const
946	{
947	return (d->device ? d->device->pos() : 0) + d->bufferStart;
948	}
949
950	/*!
951	Returns the number of containers that this stream has entered with
952	enterContainer() but not yet left.
953
954	\sa enterContainer(), leaveContainer()
955	*/
956	int QCborStreamReader::containerDepth() const
957	{
958	return d->containerStack.size();
959	}
960
961	/*!
962	Returns either QCborStreamReader::Array or QCborStreamReader::Map,
963	indicating whether the container that contains the current item was an array
964	or map, respectively. If we're currently parsing the root element, this
965	function returns QCborStreamReader::Invalid.
966
967	\sa containerDepth(), enterContainer()
968	*/
969	QCborStreamReader::Type QCborStreamReader::parentContainerType() const
970	{
971	if (d->containerStack.isEmpty())
972	return Invalid;
973	return Type(cbor_value_get_type(value: &std::as_const(t&: d->containerStack).top()));
974	}
975
976	/*!
977	Returns true if there are more items to be decoded in the current container
978	or false of we've reached its end. If we're parsing the root element,
979	hasNext() returning false indicates the parsing is complete; otherwise, if
980	the container depth is non-zero, then the outer code needs to call
981	leaveContainer().
982
983	\sa parentContainerType(), containerDepth(), leaveContainer()
984	*/
985	bool QCborStreamReader::hasNext() const noexcept
986	{
987	return cbor_value_is_valid(value: &d->currentElement) &&
988	!cbor_value_at_end(it: &d->currentElement);
989	}
990
991	/*!
992	Advance the CBOR stream decoding one element. You should usually call this
993	function when parsing fixed-width basic elements (that is, integers, simple
994	values, tags and floating point values). But this function can be called
995	when the current item is a string, array or map too and it will skip over
996	that entire element, including all contained elements.
997
998	This function returns true if advancing was successful, false otherwise. It
999	may fail if the stream is corrupt, incomplete or if the nesting level of
1000	arrays and maps exceeds \a maxRecursion. Calling this function when
1001	hasNext() has returned false is also an error. If this function returns
1002	false, lastError() will return the error code detailing what the failure
1003	was.
1004
1005	\sa lastError(), isValid(), hasNext()
1006	*/
1007	bool QCborStreamReader::next(int maxRecursion)
1008	{
1009	if (lastError() != QCborError::NoError)
1010	return false;
1011
1012	if (!hasNext()) {
1013	d->handleError(err: CborErrorAdvancePastEOF);
1014	} else if (maxRecursion < 0) {
1015	d->handleError(err: CborErrorNestingTooDeep);
1016	} else if (isContainer()) {
1017	// iterate over each element
1018	enterContainer();
1019	while (lastError() == QCborError::NoError && hasNext())
1020	next(maxRecursion: maxRecursion - 1);
1021	if (lastError() == QCborError::NoError)
1022	leaveContainer();
1023	} else if (isByteArray()) {
1024	char c;
1025	StringResult<qsizetype> r;
1026	do {
1027	r = readStringChunk(ptr: &c, maxlen: 1);
1028	} while (r.status == Ok);
1029	} else if (isString()) {
1030	// we need to use actual readString so we get UTF-8 validation
1031	StringResult<QString> r;
1032	do {
1033	r = readString();
1034	} while (r.status == Ok);
1035	} else {
1036	// fixed types
1037	CborError err = cbor_value_advance_fixed(it: &d->currentElement);
1038	if (err)
1039	d->handleError(err);
1040	}
1041
1042	preparse();
1043	return d->lastError == QCborError::NoError;
1044	}
1045
1046	/*!
1047	Returns true if the length of the current array, map, byte array or string
1048	is known (explicit in the CBOR stream), false otherwise. This function
1049	should only be called if the element is one of those.
1050
1051	If the length is known, it may be obtained by calling length().
1052
1053	If the length of a map or an array is not known, it is implied by the number
1054	of elements present in the stream. QCborStreamReader has no API to calculate
1055	the length in that condition.
1056
1057	Strings and byte arrays may also have indeterminate length (that is, they
1058	may be transmitted in multiple chunks). Those cannot currently be created
1059	with QCborStreamWriter, but they could be with other encoders, so
1060	QCborStreamReader supports them.
1061
1062	\sa length(), QCborStreamWriter::startArray(), QCborStreamWriter::startMap()
1063	*/
1064	bool QCborStreamReader::isLengthKnown() const noexcept
1065	{
1066	return cbor_value_is_length_known(value: &d->currentElement);
1067	}
1068
1069	/*!
1070	Returns the length of the string or byte array, or the number of items in an
1071	array or the number, of item pairs in a map, if known. This function must
1072	not be called if the length is unknown (that is, if isLengthKnown() returned
1073	false). It is an error to do that and it will cause QCborStreamReader to
1074	stop parsing the input stream.
1075
1076	\sa isLengthKnown(), QCborStreamWriter::startArray(), QCborStreamWriter::startMap()
1077	*/
1078	quint64 QCborStreamReader::length() const
1079	{
1080	CborError err;
1081	switch (type()) {
1082	case String:
1083	case ByteArray:
1084	case Map:
1085	case Array:
1086	if (isLengthKnown())
1087	return value64;
1088	err = CborErrorUnknownLength;
1089	break;
1090
1091	default:
1092	err = CborErrorIllegalType;
1093	break;
1094	}
1095
1096	d->handleError(err);
1097	return quint64(-1);
1098	}
1099
1100	/*!
1101	\fn bool QCborStreamReader::enterContainer()
1102
1103	Enters the array or map that is the current item and prepares for iterating
1104	the elements contained in the container. Returns true if entering the
1105	container succeeded, false otherwise (usually, a parsing error). Each call
1106	to enterContainer() must be paired with a call to leaveContainer().
1107
1108	This function may only be called if the current item is an array or a map
1109	(that is, if isArray(), isMap() or isContainer() is true). Calling it in any
1110	other condition is an error.
1111
1112	\sa leaveContainer(), isContainer(), isArray(), isMap()
1113	*/
1114	bool QCborStreamReader::_enterContainer_helper()
1115	{
1116	d->containerStack.push(t: d->currentElement);
1117	CborError err = cbor_value_enter_container(it: &d->containerStack.top(), recursed: &d->currentElement);
1118	if (!err) {
1119	preparse();
1120	return true;
1121	}
1122	d->handleError(err);
1123	return false;
1124	}
1125
1126	/*!
1127	Leaves the array or map whose items were being processed and positions the
1128	decoder at the next item after the end of the container. Returns true if
1129	leaving the container succeeded, false otherwise (usually, a parsing error).
1130	Each call to enterContainer() must be paired with a call to
1131	leaveContainer().
1132
1133	This function may only be called if hasNext() has returned false and
1134	containerDepth() is not zero. Calling it in any other condition is an error.
1135
1136	\sa enterContainer(), parentContainerType(), containerDepth()
1137	*/
1138	bool QCborStreamReader::leaveContainer()
1139	{
1140	if (d->containerStack.isEmpty()) {
1141	qWarning(msg: "QCborStreamReader::leaveContainer: trying to leave top-level element");
1142	return false;
1143	}
1144	if (d->corrupt)
1145	return false;
1146
1147	CborValue container = d->containerStack.pop();
1148	CborError err = cbor_value_leave_container(it: &container, recursed: &d->currentElement);
1149	d->currentElement = container;
1150	if (err) {
1151	d->handleError(err);
1152	return false;
1153	}
1154
1155	preparse();
1156	return true;
1157	}
1158
1159	/*!
1160	\fn bool QCborStreamReader::toBool() const
1161
1162	Returns the boolean value of the current element.
1163
1164	This function does not perform any type conversions, including from integer.
1165	Therefore, it may only be called if isTrue(), isFalse() or isBool() returned
1166	true; calling it in any other condition is an error.
1167
1168	\sa isBool(), isTrue(), isFalse(), toInteger()
1169	*/
1170
1171	/*!
1172	\fn QCborTag QCborStreamReader::toTag() const
1173
1174	Returns the tag value of the current element.
1175
1176	This function does not perform any type conversions, including from integer.
1177	Therefore, it may only be called if isTag() is true; calling it in any other
1178	condition is an error.
1179
1180	Tags are 64-bit numbers attached to generic CBOR types that give them
1181	further meaning. For a list of known tags, see the \l QCborKnownTags
1182	enumeration.
1183
1184	\sa isTag(), toInteger(), QCborKnownTags
1185	*/
1186
1187	/*!
1188	\fn quint64 QCborStreamReader::toUnsignedInteger() const
1189
1190	Returns the unsigned integer value of the current element.
1191
1192	This function does not perform any type conversions, including from boolean
1193	or CBOR tag. Therefore, it may only be called if isUnsignedInteger() is
1194	true; calling it in any other condition is an error.
1195
1196	This function may be used to obtain numbers beyond the range of the return
1197	type of toInteger().
1198
1199	\sa type(), toInteger(), isUnsignedInteger(), isNegativeInteger()
1200	*/
1201
1202	/*!
1203	\fn QCborNegativeValue QCborStreamReader::toNegativeInteger() const
1204
1205	Returns the negative integer value of the current element.
1206	QCborNegativeValue is a 64-bit unsigned integer containing the absolute
1207	value of the negative number that was stored in the CBOR stream.
1208	Additionally, QCborNegativeValue(0) represents the number -2\sup{64}.
1209
1210	This function does not perform any type conversions, including from boolean
1211	or CBOR tag. Therefore, it may only be called if isNegativeInteger() is
1212	true; calling it in any other condition is an error.
1213
1214	This function may be used to obtain numbers beyond the range of the return
1215	type of toInteger(). However, use of negative numbers smaller than -2\sup{63}
1216	is extremely discouraged.
1217
1218	\sa type(), toInteger(), isNegativeInteger(), isUnsignedInteger()
1219	*/
1220
1221	/*!
1222	\fn qint64 QCborStreamReader::toInteger() const
1223
1224	Returns the integer value of the current element, be it negative, positive
1225	or zero. If the value is larger than 2\sup{63} - 1 or smaller than
1226	-2\sup{63}, the returned value will overflow and will have an incorrect
1227	sign. If handling those values is required, use toUnsignedInteger() or
1228	toNegativeInteger() instead.
1229
1230	This function does not perform any type conversions, including from boolean
1231	or CBOR tag. Therefore, it may only be called if isInteger() is true;
1232	calling it in any other condition is an error.
1233
1234	\sa isInteger(), toUnsignedInteger(), toNegativeInteger()
1235	*/
1236
1237	/*!
1238	\fn QCborSimpleType QCborStreamReader::toSimpleType() const
1239
1240	Returns value of the current simple type.
1241
1242	This function does not perform any type conversions, including from integer.
1243	Therefore, it may only be called if isSimpleType() is true; calling it in
1244	any other condition is an error.
1245
1246	\sa isSimpleType(), isTrue(), isFalse(), isBool(), isNull(), isUndefined()
1247	*/
1248
1249	/*!
1250	\fn qfloat16 QCborStreamReader::toFloat16() const
1251
1252	Returns the 16-bit half-precision floating point value of the current element.
1253
1254	This function does not perform any type conversions, including from other
1255	floating point types or from integer values. Therefore, it may only be
1256	called if isFloat16() is true; calling it in any other condition is an
1257	error.
1258
1259	\sa isFloat16(), toFloat(), toDouble()
1260	*/
1261
1262	/*!
1263	\fn float QCborStreamReader::toFloat() const
1264
1265	Returns the 32-bit single-precision floating point value of the current
1266	element.
1267
1268	This function does not perform any type conversions, including from other
1269	floating point types or from integer values. Therefore, it may only be
1270	called if isFloat() is true; calling it in any other condition is an error.
1271
1272	\sa isFloat(), toFloat16(), toDouble()
1273	*/
1274
1275	/*!
1276	\fn double QCborStreamReader::toDouble() const
1277
1278	Returns the 64-bit double-precision floating point value of the current
1279	element.
1280
1281	This function does not perform any type conversions, including from other
1282	floating point types or from integer values. Therefore, it may only be
1283	called if isDouble() is true; calling it in any other condition is an error.
1284
1285	\sa isDouble(), toFloat16(), toFloat()
1286	*/
1287
1288	/*!
1289	\fn QCborStreamReader::StringResult<QString> QCborStreamReader::readString()
1290
1291	Decodes one string chunk from the CBOR string and returns it. This function
1292	is used for both regular and chunked string contents, so the caller must
1293	always loop around calling this function, even if isLengthKnown() has
1294	is true. The typical use of this function is as follows:
1295
1296	\snippet code/src_corelib_serialization_qcborstream.cpp 27
1297
1298	This function does not perform any type conversions, including from integers
1299	or from byte arrays. Therefore, it may only be called if isString() returned
1300	true; calling it in any other condition is an error.
1301
1302	\sa readByteArray(), isString(), readStringChunk()
1303	*/
1304	QCborStreamReader::StringResult<QString> QCborStreamReader::_readString_helper()
1305	{
1306	QCborStreamReader::StringResult<QString> result;
1307	auto r = d->readStringChunk(params: &result.data);
1308	result.status = r.status;
1309	if (r.status == Error) {
1310	result.data.clear();
1311	} else {
1312	Q_ASSERT(r.data == result.data.size());
1313	if (r.status == EndOfString && lastError() == QCborError::NoError)
1314	preparse();
1315	}
1316
1317	return result;
1318	}
1319
1320	/*!
1321	\fn QCborStreamReader::StringResult<QByteArray> QCborStreamReader::readByteArray()
1322
1323	Decodes one byte array chunk from the CBOR string and returns it. This
1324	function is used for both regular and chunked contents, so the caller must
1325	always loop around calling this function, even if isLengthKnown() has
1326	is true. The typical use of this function is as follows:
1327
1328	\snippet code/src_corelib_serialization_qcborstream.cpp 28
1329
1330	This function does not perform any type conversions, including from integers
1331	or from strings. Therefore, it may only be called if isByteArray() is true;
1332	calling it in any other condition is an error.
1333
1334	\sa readString(), isByteArray(), readStringChunk()
1335	*/
1336	QCborStreamReader::StringResult<QByteArray> QCborStreamReader::_readByteArray_helper()
1337	{
1338	QCborStreamReader::StringResult<QByteArray> result;
1339	auto r = d->readStringChunk(params: &result.data);
1340	result.status = r.status;
1341	if (r.status == Error) {
1342	result.data.clear();
1343	} else {
1344	Q_ASSERT(r.data == result.data.size());
1345	if (r.status == EndOfString && lastError() == QCborError::NoError)
1346	preparse();
1347	}
1348
1349	return result;
1350	}
1351
1352	/*!
1353	\fn qsizetype QCborStreamReader::currentStringChunkSize() const
1354
1355	Returns the size of the current text or byte string chunk. If the CBOR
1356	stream contains a non-chunked string (that is, if isLengthKnown() returns
1357	\c true), this function returns the size of the entire string, the same as
1358	length().
1359
1360	This function is useful to pre-allocate the buffer whose pointer can be passed
1361	to readStringChunk() later.
1362
1363	\sa readString(), readByteArray(), readStringChunk()
1364	*/
1365	qsizetype QCborStreamReader::_currentStringChunkSize() const
1366	{
1367	if (!d->ensureStringIteration())
1368	return -1;
1369
1370	size_t len;
1371	CborError err = cbor_value_get_string_chunk_size(value: &d->currentElement, len: &len);
1372	if (err == CborErrorNoMoreStringChunks)
1373	return 0; // not a real error
1374	else if (err)
1375	d->handleError(err);
1376	else if (qsizetype(len) < 0)
1377	d->handleError(err: CborErrorDataTooLarge);
1378	else
1379	return qsizetype(len);
1380	return -1;
1381	}
1382
1383	/*!
1384	Reads the current string chunk into the buffer pointed to by \a ptr, whose
1385	size is \a maxlen. This function returns a \l StringResult object, with the
1386	number of bytes copied into \a ptr saved in the \c \l StringResult::data
1387	member. The \c \l StringResult::status member indicates whether there was
1388	an error reading the string, whether data was copied or whether this was
1389	the last chunk.
1390
1391	This function can be called for both \l String and \l ByteArray types.
1392	For the latter, this function will read the same data that readByteArray()
1393	would have returned. For strings, it returns the UTF-8 equivalent of the \l
1394	QString that would have been returned.
1395
1396	This function is usually used alongside currentStringChunkSize() in a loop.
1397	For example:
1398
1399	\snippet code/src_corelib_serialization_qcborstream.cpp 29
1400
1401	Unlike readByteArray() and readString(), this function is not limited by
1402	implementation limits of QByteArray and QString.
1403
1404	\note This function does not perform verification that the UTF-8 contents
1405	are properly formatted. That means this function does not produce the
1406	QCborError::InvalidUtf8String error, even when readString() does.
1407
1408	\sa currentStringChunkSize(), readString(), readByteArray(),
1409	isString(), isByteArray()
1410	*/
1411	QCborStreamReader::StringResult<qsizetype>
1412	QCborStreamReader::readStringChunk(char *ptr, qsizetype maxlen)
1413	{
1414	auto r = d->readStringChunk(params: {ptr, maxlen});
1415	if (r.status == EndOfString && lastError() == QCborError::NoError)
1416	preparse();
1417	return r;
1418	}
1419
1420	// used by qcborvalue.cpp
1421	QCborStreamReader::StringResultCode qt_cbor_append_string_chunk(QCborStreamReader &reader, QByteArray *data)
1422	{
1423	return QCborStreamReaderPrivate::appendStringChunk(reader, data);
1424	}
1425
1426	inline QCborStreamReader::StringResultCode
1427	QCborStreamReaderPrivate::appendStringChunk(QCborStreamReader &reader, QByteArray *data)
1428	{
1429	auto status = reader.d->readStringChunk(params: data).status;
1430	if (status == QCborStreamReader::EndOfString && reader.lastError() == QCborError::NoError)
1431	reader.preparse();
1432	return status;
1433	}
1434
1435	Q_NEVER_INLINE QCborStreamReader::StringResult<qsizetype>
1436	QCborStreamReaderPrivate::readStringChunk(ReadStringChunk params)
1437	{
1438	CborError err;
1439	size_t len;
1440	const void *content = nullptr;
1441	QCborStreamReader::StringResult<qsizetype> result;
1442	result.data = 0;
1443	result.status = QCborStreamReader::Error;
1444
1445	lastError = {};
1446	if (!ensureStringIteration())
1447	return result;
1448
1449	// Note: in the current implementation, the call into TinyCBOR below only
1450	// succeeds if we *already* have all the data in memory. That's obvious for
1451	// the case of direct memory (no QIODevice), whereas for QIODevices
1452	// qt_cbor_decoder_transfer_string() enforces that
1453	// QIODevice::bytesAvailable() be bigger than the amount we're about to
1454	// read.
1455	#if 1
1456	// Using internal TinyCBOR API!
1457	err = _cbor_value_get_string_chunk(value: &currentElement, bufferptr: &content, len: &len, next: &currentElement);
1458	#else
1459	// the above is effectively the same as:
1460	if (cbor_value_is_byte_string(&currentElement))
1461	err = cbor_value_get_byte_string_chunk(&currentElement, reinterpret_cast<const uint8_t **>(&content),
1462	&len, &currentElement);
1463	else
1464	err = cbor_value_get_text_string_chunk(&currentElement, reinterpret_cast<const char **>(&content),
1465	&len, &currentElement);
1466	#endif
1467
1468	// Range check: using implementation-defined behavior in converting an
1469	// unsigned value out of range of the destination signed type (same as
1470	// "len > size_t(std::numeric_limits<qsizetype>::max())", but generates
1471	// better code with ICC and MSVC).
1472	if (!err && qsizetype(len) < 0)
1473	err = CborErrorDataTooLarge;
1474
1475	if (err) {
1476	if (err == CborErrorNoMoreStringChunks) {
1477	preread();
1478	err = cbor_value_finish_string_iteration(value: &currentElement);
1479	result.status = QCborStreamReader::EndOfString;
1480	}
1481	if (err)
1482	handleError(err);
1483	// caller musts call preparse()
1484	return result;
1485	}
1486
1487	qptrdiff offset = qptrdiff(content);
1488	bufferStart += offset;
1489	if (device) {
1490	// This first skip can't fail because we've already read this many bytes.
1491	device->skip(maxSize: bufferStart);
1492	}
1493
1494	if (params.isString()) {
1495	// readString()
1496	result.data = readStringChunk_unicode(params, utf8len: qsizetype(len));
1497	} else {
1498	// readByteArray() or readStringChunk()
1499	result.data = readStringChunk_byte(params, len: qsizetype(len));
1500	}
1501
1502	if (result.data < 0)
1503	return result; // error
1504
1505	// adjust the buffers after we're done reading the string
1506	bufferStart += len;
1507	if (device) {
1508	qsizetype remainingInBuffer = buffer.size() - bufferStart;
1509
1510	if (remainingInBuffer <= 0) {
1511	// We've read from the QIODevice more than what was in the buffer.
1512	buffer.truncate(pos: 0);
1513	} else {
1514	// There's still data buffered, but we need to move it around.
1515	char *ptr = buffer.data();
1516	memmove(dest: ptr, src: ptr + bufferStart, n: remainingInBuffer);
1517	buffer.truncate(pos: remainingInBuffer);
1518	}
1519
1520	bufferStart = 0;
1521	}
1522
1523	preread();
1524	result.status = QCborStreamReader::Ok;
1525	return result;
1526	}
1527
1528	inline qsizetype
1529	QCborStreamReaderPrivate::readStringChunk_byte(ReadStringChunk params, qsizetype len)
1530	{
1531	qint64 actuallyRead;
1532	qsizetype toRead = qsizetype(len);
1533	qsizetype left = 0; // bytes from the chunk not copied to the user buffer, to discard
1534	char *ptr = nullptr;
1535
1536	if (params.isPlainPointer()) {
1537	left = toRead - params.maxlen_or_type;
1538	if (left < 0)
1539	left = 0; // buffer bigger than string
1540	else
1541	toRead = params.maxlen_or_type; // buffer smaller than string
1542	ptr = params.ptr;
1543	} else if (params.isByteArray()) {
1544	// See note above on having ensured there is enough incoming data.
1545	auto oldSize = params.array->size();
1546	auto newSize = oldSize;
1547	if (qAddOverflow<decltype(newSize)>(v1: oldSize, v2: toRead, r: &newSize)) {
1548	handleError(err: CborErrorDataTooLarge);
1549	return -1;
1550	}
1551	QT_TRY {
1552	params.array->resize(size: newSize);
1553	} QT_CATCH (const std::bad_alloc &) {
1554	// the distinction between DataTooLarge and OOM is mostly for
1555	// compatibility with Qt 5; in Qt 6, we could consider everything
1556	// to be OOM.
1557	handleError(err: newSize > MaxByteArraySize ? CborErrorDataTooLarge: CborErrorOutOfMemory);
1558	return -1;
1559	}
1560
1561	ptr = const_cast<char *>(params.array->constData()) + oldSize;
1562	}
1563
1564	if (device) {
1565	actuallyRead = device->read(data: ptr, maxlen: toRead);
1566
1567	if (actuallyRead != toRead) {
1568	actuallyRead = -1;
1569	} else if (left) {
1570	qint64 skipped = device->skip(maxSize: left);
1571	if (skipped != left)
1572	actuallyRead = -1;
1573	}
1574
1575	if (actuallyRead < 0) {
1576	handleError(err: CborErrorIO);
1577	return -1;
1578	}
1579	} else {
1580	actuallyRead = toRead;
1581	memcpy(dest: ptr, src: buffer.constData() + bufferStart, n: toRead);
1582	}
1583
1584	return actuallyRead;
1585	}
1586
1587	inline qsizetype
1588	QCborStreamReaderPrivate::readStringChunk_unicode(ReadStringChunk params, qsizetype utf8len)
1589	{
1590	// See QUtf8::convertToUnicode() a detailed explanation of why this
1591	// conversion uses the same number of words or less.
1592	QChar *begin = nullptr;
1593	if (params.isString()) {
1594	QT_TRY {
1595	params.string->resize(size: utf8len);
1596	} QT_CATCH (const std::bad_alloc &) {
1597	if (utf8len > MaxStringSize)
1598	handleError(err: CborErrorDataTooLarge);
1599	else
1600	handleError(err: CborErrorOutOfMemory);
1601	return -1;
1602	}
1603
1604	begin = const_cast<QChar *>(params.string->constData());
1605	}
1606
1607	QChar *ptr = begin;
1608	QStringConverter::State cs(QStringConverter::Flag::Stateless);
1609	if (device == nullptr) {
1610	// Easy case: we can decode straight from the buffer we already have
1611	ptr = QUtf8::convertToUnicode(out: ptr, in: { buffer.constData() + bufferStart, utf8len }, state: &cs);
1612	} else {
1613	// read in chunks, to avoid creating large, intermediate buffers
1614	constexpr qsizetype StringChunkSize = 16384;
1615	qsizetype chunkSize = qMin(a: StringChunkSize, b: utf8len);
1616	QVarLengthArray<char> chunk(chunkSize);
1617
1618	cs = { QStringConverter::Flag::ConvertInitialBom };
1619	while (utf8len > 0 && cs.invalidChars == 0) {
1620	qsizetype toRead = qMin(a: chunkSize, b: utf8len);
1621	qint64 actuallyRead = device->read(data: chunk.data(), maxlen: toRead);
1622	if (actuallyRead == toRead)
1623	ptr = QUtf8::convertToUnicode(out: ptr, in: { chunk.data(), toRead }, state: &cs);
1624
1625	if (actuallyRead != toRead) {
1626	handleError(err: CborErrorIO);
1627	return -1;
1628	}
1629	utf8len -= toRead;
1630	}
1631	}
1632
1633	if (cs.invalidChars != 0 || cs.remainingChars != 0) {
1634	handleError(err: CborErrorInvalidUtf8TextString);
1635	return -1;
1636	}
1637
1638	qsizetype size = ptr - begin;
1639	if (params.isString())
1640	params.string->truncate(pos: size);
1641	return size;
1642	}
1643
1644	QT_END_NAMESPACE
1645
1646	#include "moc_qcborstreamreader.cpp"
1647