in src/frame_codec.c [180:450]
int frame_codec_receive_bytes(FRAME_CODEC_HANDLE frame_codec, const unsigned char* buffer, size_t size)
{
int result = MU_FAILURE;
FRAME_CODEC_INSTANCE* frame_codec_data = (FRAME_CODEC_INSTANCE*)frame_codec;
/* Codes_SRS_FRAME_CODEC_01_026: [If frame_codec or buffer are NULL, frame_codec_receive_bytes shall return a non-zero value.] */
if ((frame_codec == NULL) ||
(buffer == NULL) ||
/* Codes_SRS_FRAME_CODEC_01_027: [If size is zero, frame_codec_receive_bytes shall return a non-zero value.] */
(size == 0))
{
LogError("Bad arguments: frame_codec = %p, buffer = %p, size = %u",
frame_codec,
buffer,
(unsigned int)size);
result = MU_FAILURE;
}
else
{
while (size > 0)
{
switch (frame_codec_data->receive_frame_state)
{
default:
case RECEIVE_FRAME_STATE_ERROR:
/* Codes_SRS_FRAME_CODEC_01_074: [If a decoding error is detected, any subsequent calls on frame_codec_data_receive_bytes shall fail.] */
LogError("Frame codec is in error state");
result = MU_FAILURE;
size = 0;
break;
/* Codes_SRS_FRAME_CODEC_01_008: [SIZE Bytes 0-3 of the frame header contain the frame size.] */
case RECEIVE_FRAME_STATE_FRAME_SIZE:
/* Codes_SRS_FRAME_CODEC_01_009: [This is an unsigned 32-bit integer that MUST contain the total frame size of the frame header, extended header, and frame body.] */
frame_codec_data->receive_frame_size += buffer[0] << (24 - frame_codec_data->receive_frame_pos * 8);
buffer++;
size--;
frame_codec_data->receive_frame_pos++;
if (frame_codec_data->receive_frame_pos == 4)
{
/* Codes_SRS_FRAME_CODEC_01_010: [The frame is malformed if the size is less than the size of the frame header (8 bytes).] */
if ((frame_codec_data->receive_frame_size < FRAME_HEADER_SIZE) ||
/* Codes_SRS_FRAME_CODEC_01_096: [If a frame bigger than the current max frame size is received, frame_codec_receive_bytes shall fail and return a non-zero value.] */
(frame_codec_data->receive_frame_size > frame_codec_data->max_frame_size))
{
/* Codes_SRS_FRAME_CODEC_01_074: [If a decoding error is detected, any subsequent calls on frame_codec_data_receive_bytes shall fail.] */
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_ERROR;
/* Codes_SRS_FRAME_CODEC_01_103: [Upon any decode error, if an error callback has been passed to frame_codec_create, then the error callback shall be called with the context argument being the on_frame_codec_error_callback_context argument passed to frame_codec_create.] */
frame_codec_data->on_frame_codec_error(frame_codec_data->on_frame_codec_error_callback_context);
LogError("Received frame size is too big");
result = MU_FAILURE;
}
else
{
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_DOFF;
result = 0;
}
}
else
{
result = 0;
}
break;
case RECEIVE_FRAME_STATE_DOFF:
/* Codes_SRS_FRAME_CODEC_01_011: [DOFF Byte 4 of the frame header is the data offset.] */
/* Codes_SRS_FRAME_CODEC_01_013: [The value of the data offset is an unsigned, 8-bit integer specifying a count of 4-byte words.] */
/* Codes_SRS_FRAME_CODEC_01_012: [This gives the position of the body within the frame.] */
frame_codec_data->receive_frame_doff = buffer[0];
buffer++;
size--;
/* Codes_SRS_FRAME_CODEC_01_014: [Due to the mandatory 8-byte frame header, the frame is malformed if the value is less than 2.] */
if (frame_codec_data->receive_frame_doff < 2)
{
/* Codes_SRS_FRAME_CODEC_01_074: [If a decoding error is detected, any subsequent calls on frame_codec_data_receive_bytes shall fail.] */
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_ERROR;
/* Codes_SRS_FRAME_CODEC_01_103: [Upon any decode error, if an error callback has been passed to frame_codec_create, then the error callback shall be called with the context argument being the on_frame_codec_error_callback_context argument passed to frame_codec_create.] */
frame_codec_data->on_frame_codec_error(frame_codec_data->on_frame_codec_error_callback_context);
LogError("Malformed frame received");
result = MU_FAILURE;
}
else
{
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_FRAME_TYPE;
result = 0;
}
break;
case RECEIVE_FRAME_STATE_FRAME_TYPE:
{
LIST_ITEM_HANDLE item_handle;
frame_codec_data->type_specific_size = (frame_codec_data->receive_frame_doff * 4) - 6;
/* Codes_SRS_FRAME_CODEC_01_015: [TYPE Byte 5 of the frame header is a type code.] */
frame_codec_data->receive_frame_type = buffer[0];
buffer++;
size--;
/* Codes_SRS_FRAME_CODEC_01_035: [After successfully registering a callback for a certain frame type, when subsequently that frame type is received the callbacks shall be invoked, passing to it the received frame and the callback_context value.] */
item_handle = singlylinkedlist_find(frame_codec_data->subscription_list, find_subscription_by_frame_type, &frame_codec_data->receive_frame_type);
if (item_handle == NULL)
{
frame_codec_data->receive_frame_subscription = NULL;
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_TYPE_SPECIFIC;
result = 0;
break;
}
else
{
frame_codec_data->receive_frame_subscription = (SUBSCRIPTION*)singlylinkedlist_item_get_value(item_handle);
if (frame_codec_data->receive_frame_subscription == NULL)
{
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_TYPE_SPECIFIC;
result = 0;
break;
}
else
{
frame_codec_data->receive_frame_pos = 0;
/* Codes_SRS_FRAME_CODEC_01_102: [frame_codec_receive_bytes shall allocate memory to hold the frame_body bytes.] */
frame_codec_data->receive_frame_malloc_size = frame_codec_data->receive_frame_size - 6;
frame_codec_data->receive_frame_bytes = (unsigned char*)malloc(frame_codec_data->receive_frame_malloc_size);
if (frame_codec_data->receive_frame_bytes == NULL)
{
/* Codes_SRS_FRAME_CODEC_01_101: [If the memory for the frame_body bytes cannot be allocated, frame_codec_receive_bytes shall fail and return a non-zero value.] */
/* Codes_SRS_FRAME_CODEC_01_030: [If a decoding error occurs, frame_codec_data_receive_bytes shall return a non-zero value.] */
/* Codes_SRS_FRAME_CODEC_01_074: [If a decoding error is detected, any subsequent calls on frame_codec_data_receive_bytes shall fail.] */
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_ERROR;
/* Codes_SRS_FRAME_CODEC_01_103: [Upon any decode error, if an error callback has been passed to frame_codec_create, then the error callback shall be called with the context argument being the on_frame_codec_error_callback_context argument passed to frame_codec_create.] */
frame_codec_data->on_frame_codec_error(frame_codec_data->on_frame_codec_error_callback_context);
LogError("Cannot allocate memory for frame bytes");
result = MU_FAILURE;
break;
}
else
{
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_TYPE_SPECIFIC;
result = 0;
break;
}
}
}
}
case RECEIVE_FRAME_STATE_TYPE_SPECIFIC:
{
size_t to_copy = frame_codec_data->type_specific_size - frame_codec_data->receive_frame_pos;
if (to_copy > size)
{
to_copy = size;
}
if (frame_codec_data->receive_frame_subscription != NULL)
{
// [bug:8781089] WRITE address points to the zero page - SEGV
if (frame_codec_data->receive_frame_bytes == NULL)
{
LogError("Frame bytes memory was not allocated");
result = MU_FAILURE;
size = 0;
break;
}
else if (frame_codec_data->receive_frame_pos + to_copy > frame_codec_data->receive_frame_malloc_size)
{
result = MU_FAILURE;
size = 0;
break;
}
(void)memcpy(&frame_codec_data->receive_frame_bytes[frame_codec_data->receive_frame_pos], buffer, to_copy);
frame_codec_data->receive_frame_pos += to_copy;
buffer += to_copy;
size -= to_copy;
}
else
{
frame_codec_data->receive_frame_pos += to_copy;
buffer += to_copy;
size -= to_copy;
}
if (frame_codec_data->receive_frame_pos == frame_codec_data->type_specific_size)
{
if (frame_codec_data->receive_frame_size == FRAME_HEADER_SIZE)
{
if (frame_codec_data->receive_frame_subscription != NULL)
{
/* Codes_SRS_FRAME_CODEC_01_031: [When a complete frame is successfully decoded it shall be indicated to the upper layer by invoking the on_frame_received passed to frame_codec_subscribe.] */
/* Codes_SRS_FRAME_CODEC_01_032: [Besides passing the frame information, the callback_context value passed to frame_codec_data_subscribe shall be passed to the on_frame_received function.] */
/* Codes_SRS_FRAME_CODEC_01_005: [This is an extension point defined for future expansion.] */
/* Codes_SRS_FRAME_CODEC_01_006: [The treatment of this area depends on the frame type.] */
/* Codes_SRS_FRAME_CODEC_01_100: [If the frame body size is 0, the frame_body pointer passed to on_frame_received shall be NULL.] */
frame_codec_data->receive_frame_subscription->on_frame_received(frame_codec_data->receive_frame_subscription->callback_context, frame_codec_data->receive_frame_bytes, frame_codec_data->type_specific_size, NULL, 0);
free(frame_codec_data->receive_frame_bytes);
frame_codec_data->receive_frame_bytes = NULL;
}
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_FRAME_SIZE;
frame_codec_data->receive_frame_size = 0;
}
else
{
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_FRAME_BODY;
}
frame_codec_data->receive_frame_pos = 0;
}
result = 0;
break;
}
case RECEIVE_FRAME_STATE_FRAME_BODY:
{
uint32_t frame_body_size = frame_codec_data->receive_frame_size - (frame_codec_data->receive_frame_doff * 4);
size_t to_copy = frame_body_size - frame_codec_data->receive_frame_pos;
if (to_copy > size)
{
to_copy = size;
}
if (frame_codec_data->receive_frame_bytes == NULL)
{
result = MU_FAILURE;
size = 0;
break;
}
(void)memcpy(frame_codec_data->receive_frame_bytes + frame_codec_data->receive_frame_pos + frame_codec_data->type_specific_size, buffer, to_copy);
buffer += to_copy;
size -= to_copy;
frame_codec_data->receive_frame_pos += to_copy;
if (frame_codec_data->receive_frame_pos == frame_body_size)
{
if (frame_codec_data->receive_frame_subscription != NULL)
{
/* Codes_SRS_FRAME_CODEC_01_031: [When a complete frame is successfully decoded it shall be indicated to the upper layer by invoking the on_frame_received passed to frame_codec_subscribe.] */
/* Codes_SRS_FRAME_CODEC_01_032: [Besides passing the frame information, the callback_context value passed to frame_codec_data_subscribe shall be passed to the on_frame_received function.] */
/* Codes_SRS_FRAME_CODEC_01_005: [This is an extension point defined for future expansion.] */
/* Codes_SRS_FRAME_CODEC_01_006: [The treatment of this area depends on the frame type.] */
/* Codes_SRS_FRAME_CODEC_01_099: [A pointer to the frame_body bytes shall also be passed to the on_frame_received.] */
frame_codec_data->receive_frame_subscription->on_frame_received(frame_codec_data->receive_frame_subscription->callback_context, frame_codec_data->receive_frame_bytes, frame_codec_data->type_specific_size, frame_codec_data->receive_frame_bytes + frame_codec_data->type_specific_size, frame_body_size);
free(frame_codec_data->receive_frame_bytes);
frame_codec_data->receive_frame_bytes = NULL;
}
frame_codec_data->receive_frame_state = RECEIVE_FRAME_STATE_FRAME_SIZE;
frame_codec_data->receive_frame_pos = 0;
frame_codec_data->receive_frame_size = 0;
}
result = 0;
break;
}
}
}
}
return result;
}