LCOV - code coverage report
Current view: top level - stuffer - s2n_stuffer.c (source / functions) Hit Total Coverage
Test: unit_test_coverage.info Lines: 297 307 96.7 %
Date: 2026-07-04 07:27:58 Functions: 32 32 100.0 %
Branches: 253 466 54.3 %

           Branch data     Line data    Source code
       1                 :            : /*
       2                 :            :  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
       3                 :            :  *
       4                 :            :  * Licensed under the Apache License, Version 2.0 (the "License").
       5                 :            :  * You may not use this file except in compliance with the License.
       6                 :            :  * A copy of the License is located at
       7                 :            :  *
       8                 :            :  *  http://aws.amazon.com/apache2.0
       9                 :            :  *
      10                 :            :  * or in the "license" file accompanying this file. This file is distributed
      11                 :            :  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
      12                 :            :  * express or implied. See the License for the specific language governing
      13                 :            :  * permissions and limitations under the License.
      14                 :            :  */
      15                 :            : 
      16                 :            : #include "stuffer/s2n_stuffer.h"
      17                 :            : 
      18                 :            : #include "error/s2n_errno.h"
      19                 :            : #include "utils/s2n_blob.h"
      20                 :            : #include "utils/s2n_mem.h"
      21                 :            : #include "utils/s2n_safety.h"
      22                 :            : 
      23                 :            : S2N_RESULT s2n_stuffer_validate(const struct s2n_stuffer *stuffer)
      24                 :  540236915 : {
      25                 :            :     /**
      26                 :            :      * Note that we do not assert any properties on the tainted field,
      27                 :            :      * as any boolean value in that field is valid.
      28                 :            :      */
      29 [ +  + ][ +  - ]:  540236915 :     RESULT_ENSURE_REF(stuffer);
      30         [ +  + ]:  540236905 :     RESULT_GUARD(s2n_blob_validate(&stuffer->blob));
      31 [ #  # ][ -  + ]:  540236904 :     RESULT_DEBUG_ENSURE(S2N_IMPLIES(stuffer->growable, stuffer->alloced), S2N_ERR_SAFETY);
         [ +  + ][ +  - ]
      32                 :            : 
      33                 :            :     /* <= is valid because we can have a fully written/read stuffer */
      34 [ #  # ][ -  + ]:  540236904 :     RESULT_DEBUG_ENSURE(stuffer->high_water_mark <= stuffer->blob.size, S2N_ERR_SAFETY);
      35 [ +  - ][ +  + ]:  540236904 :     RESULT_DEBUG_ENSURE(stuffer->write_cursor <= stuffer->high_water_mark, S2N_ERR_SAFETY);
      36 [ +  - ][ +  + ]:  540236902 :     RESULT_DEBUG_ENSURE(stuffer->read_cursor <= stuffer->write_cursor, S2N_ERR_SAFETY);
      37                 :  540236901 :     return S2N_RESULT_OK;
      38                 :  540236902 : }
      39                 :            : 
      40                 :            : S2N_RESULT s2n_stuffer_reservation_validate(const struct s2n_stuffer_reservation *reservation)
      41                 :     382131 : {
      42                 :            :     /**
      43                 :            :      * Note that we need two dereferences here to decrease proof complexity
      44                 :            :      * for CBMC (see https://github.com/awslabs/s2n/issues/2290). We can roll back
      45                 :            :      * this change once CBMC can handle common subexpression elimination.
      46                 :            :      */
      47 [ -  + ][ #  # ]:     382131 :     RESULT_ENSURE_REF(reservation);
      48                 :     382131 :     const struct s2n_stuffer_reservation reserve_obj = *reservation;
      49         [ +  + ]:     382131 :     RESULT_GUARD(s2n_stuffer_validate(reserve_obj.stuffer));
      50                 :     382130 :     const struct s2n_stuffer stuffer_obj = *(reserve_obj.stuffer);
      51                 :            : 
      52                 :            :     /* Verify that write_cursor + length can be represented as a uint32_t without overflow */
      53 [ -  + ][ #  # ]:     382130 :     RESULT_ENSURE_LTE(reserve_obj.write_cursor, UINT32_MAX - reserve_obj.length);
      54                 :            :     /* The entire reservation must fit between the stuffer read and write cursors */
      55 [ +  + ][ +  - ]:     382130 :     RESULT_ENSURE_LTE(reserve_obj.write_cursor + reserve_obj.length, stuffer_obj.write_cursor);
      56 [ #  # ][ -  + ]:     382127 :     RESULT_ENSURE_GTE(reserve_obj.write_cursor, stuffer_obj.read_cursor);
      57                 :            : 
      58                 :     382127 :     return S2N_RESULT_OK;
      59                 :     382127 : }
      60                 :            : 
      61                 :            : /**
      62                 :            :  * Initialize a stuffer to reference some data `in`.
      63                 :            :  * 
      64                 :            :  * `stuffer` will not own the data, and the caller is responsible for ensuring that
      65                 :            :  * the data pointed to by `in` outlives `stuffer`.
      66                 :            :  */
      67                 :            : int s2n_stuffer_init(struct s2n_stuffer *stuffer, struct s2n_blob *in)
      68                 :   18813114 : {
      69 [ +  - ][ +  + ]:   18813114 :     POSIX_ENSURE_MUT(stuffer);
      70 [ +  + ][ +  + ]:   18813113 :     POSIX_PRECONDITION(s2n_blob_validate(in));
      71                 :   18813111 :     stuffer->blob = *in;
      72                 :   18813111 :     stuffer->read_cursor = 0;
      73                 :   18813111 :     stuffer->write_cursor = 0;
      74                 :   18813111 :     stuffer->high_water_mark = 0;
      75                 :   18813111 :     stuffer->alloced = 0;
      76                 :   18813111 :     stuffer->growable = 0;
      77                 :   18813111 :     stuffer->tainted = 0;
      78 [ -  + ][ +  - ]:   18813111 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
      79                 :   18813111 :     return S2N_SUCCESS;
      80                 :   18813111 : }
      81                 :            : 
      82                 :            : int s2n_stuffer_init_written(struct s2n_stuffer *stuffer, struct s2n_blob *in)
      83                 :     120522 : {
      84 [ -  + ][ #  # ]:     120522 :     POSIX_ENSURE_REF(in);
      85         [ -  + ]:     120522 :     POSIX_GUARD(s2n_stuffer_init(stuffer, in));
      86         [ -  + ]:     120522 :     POSIX_GUARD(s2n_stuffer_skip_write(stuffer, in->size));
      87                 :     120522 :     return S2N_SUCCESS;
      88                 :     120522 : }
      89                 :            : 
      90                 :            : int s2n_stuffer_alloc(struct s2n_stuffer *stuffer, const uint32_t size)
      91                 :    7373902 : {
      92 [ -  + ][ #  # ]:    7373902 :     POSIX_ENSURE_REF(stuffer);
      93                 :    7373902 :     *stuffer = (struct s2n_stuffer){ 0 };
      94         [ -  + ]:    7373902 :     POSIX_GUARD(s2n_alloc(&stuffer->blob, size));
      95         [ -  + ]:    7373902 :     POSIX_GUARD(s2n_stuffer_init(stuffer, &stuffer->blob));
      96                 :            : 
      97                 :    7373902 :     stuffer->alloced = 1;
      98                 :            : 
      99 [ -  + ][ +  - ]:    7373902 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     100                 :    7373902 :     return S2N_SUCCESS;
     101                 :    7373902 : }
     102                 :            : 
     103                 :            : int s2n_stuffer_growable_alloc(struct s2n_stuffer *stuffer, const uint32_t size)
     104                 :    7349171 : {
     105         [ -  + ]:    7349171 :     POSIX_GUARD(s2n_stuffer_alloc(stuffer, size));
     106                 :            : 
     107                 :    7349171 :     stuffer->growable = 1;
     108                 :            : 
     109 [ -  + ][ +  - ]:    7349171 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     110                 :    7349171 :     return S2N_SUCCESS;
     111                 :    7349171 : }
     112                 :            : 
     113                 :            : int s2n_stuffer_free(struct s2n_stuffer *stuffer)
     114                 :    8351214 : {
     115 [ -  + ][ +  - ]:    8351214 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     116         [ +  + ]:    8351214 :     if (stuffer->alloced) {
     117         [ -  + ]:    4066324 :         POSIX_GUARD(s2n_free(&stuffer->blob));
     118                 :    4066324 :     }
     119                 :    8351214 :     *stuffer = (struct s2n_stuffer){ 0 };
     120                 :    8351214 :     return S2N_SUCCESS;
     121                 :    8351214 : }
     122                 :            : 
     123                 :            : int s2n_stuffer_free_without_wipe(struct s2n_stuffer *stuffer)
     124                 :         10 : {
     125 [ -  + ][ +  - ]:         10 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     126         [ +  - ]:         10 :     if (stuffer->alloced) {
     127         [ -  + ]:         10 :         POSIX_GUARD(s2n_free_without_wipe(&stuffer->blob));
     128                 :         10 :     }
     129                 :         10 :     *stuffer = (struct s2n_stuffer){ 0 };
     130                 :         10 :     return S2N_SUCCESS;
     131                 :         10 : }
     132                 :            : 
     133                 :            : int s2n_stuffer_resize(struct s2n_stuffer *stuffer, const uint32_t size)
     134                 :   13846851 : {
     135 [ -  + ][ +  - ]:   13846851 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     136 [ -  + ][ #  # ]:   13846851 :     POSIX_ENSURE(!stuffer->tainted, S2N_ERR_RESIZE_TAINTED_STUFFER);
     137 [ -  + ][ #  # ]:   13846851 :     POSIX_ENSURE(stuffer->growable, S2N_ERR_RESIZE_STATIC_STUFFER);
     138                 :            : 
     139         [ +  + ]:   13846851 :     if (size == stuffer->blob.size) {
     140                 :    6917481 :         return S2N_SUCCESS;
     141                 :    6917481 :     }
     142                 :            : 
     143         [ +  + ]:    6929370 :     if (size == 0) {
     144                 :    3308334 :         s2n_stuffer_wipe(stuffer);
     145                 :    3308334 :         return s2n_free(&stuffer->blob);
     146                 :    3308334 :     }
     147                 :            : 
     148         [ +  + ]:    3621036 :     if (size < stuffer->blob.size) {
     149 [ #  # ][ -  + ]:         75 :         POSIX_CHECKED_MEMSET(stuffer->blob.data + size, S2N_WIPE_PATTERN, (stuffer->blob.size - size));
                 [ +  - ]
     150         [ -  + ]:         75 :         if (stuffer->read_cursor > size) {
     151                 :          0 :             stuffer->read_cursor = size;
     152                 :          0 :         }
     153         [ -  + ]:         75 :         if (stuffer->write_cursor > size) {
     154                 :          0 :             stuffer->write_cursor = size;
     155                 :          0 :         }
     156         [ -  + ]:         75 :         if (stuffer->high_water_mark > size) {
     157                 :          0 :             stuffer->high_water_mark = size;
     158                 :          0 :         }
     159                 :         75 :         stuffer->blob.size = size;
     160 [ -  + ][ +  - ]:         75 :         POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     161                 :         75 :         return S2N_SUCCESS;
     162                 :         75 :     }
     163                 :            : 
     164         [ -  + ]:    3620961 :     POSIX_GUARD(s2n_realloc(&stuffer->blob, size));
     165 [ -  + ][ +  - ]:    3620961 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     166                 :    3620961 :     return S2N_SUCCESS;
     167                 :    3620961 : }
     168                 :            : 
     169                 :            : int s2n_stuffer_resize_if_empty(struct s2n_stuffer *stuffer, const uint32_t size)
     170                 :     841240 : {
     171 [ -  + ][ +  - ]:     841240 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     172         [ +  + ]:     841240 :     if (stuffer->blob.data == NULL) {
     173 [ -  + ][ #  # ]:      15632 :         POSIX_ENSURE(!stuffer->tainted, S2N_ERR_RESIZE_TAINTED_STUFFER);
     174 [ +  + ][ +  - ]:      15632 :         POSIX_ENSURE(stuffer->growable, S2N_ERR_RESIZE_STATIC_STUFFER);
     175         [ -  + ]:      15631 :         POSIX_GUARD(s2n_realloc(&stuffer->blob, size));
     176                 :      15631 :     }
     177 [ -  + ][ +  - ]:     841239 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     178                 :     841239 :     return S2N_SUCCESS;
     179                 :     841239 : }
     180                 :            : 
     181                 :            : /**
     182                 :            :  * Reset read and write progress.
     183                 :            :  * 
     184                 :            :  * This sets the read and write cursors to zero.
     185                 :            :  */
     186                 :            : int s2n_stuffer_rewrite(struct s2n_stuffer *stuffer)
     187                 :    4472775 : {
     188 [ -  + ][ +  - ]:    4472775 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     189                 :    4472775 :     stuffer->write_cursor = 0;
     190                 :    4472775 :     stuffer->read_cursor = 0;
     191 [ -  + ][ +  - ]:    4472775 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     192                 :    4472775 :     return S2N_SUCCESS;
     193                 :    4472775 : }
     194                 :            : 
     195                 :            : int s2n_stuffer_rewind_read(struct s2n_stuffer *stuffer, const uint32_t size)
     196                 :     538041 : {
     197 [ -  + ][ +  - ]:     538041 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     198 [ +  + ][ +  - ]:     538041 :     POSIX_ENSURE(stuffer->read_cursor >= size, S2N_ERR_STUFFER_OUT_OF_DATA);
     199                 :     538036 :     stuffer->read_cursor -= size;
     200 [ -  + ][ +  - ]:     538036 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     201                 :     538036 :     return S2N_SUCCESS;
     202                 :     538036 : }
     203                 :            : 
     204                 :            : /**
     205                 :            :  * Reset read progress.
     206                 :            :  * 
     207                 :            :  * This sets the read cursor to zero.
     208                 :            :  */
     209                 :            : int s2n_stuffer_reread(struct s2n_stuffer *stuffer)
     210                 :    8938167 : {
     211 [ -  + ][ +  - ]:    8938167 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     212                 :    8938167 :     stuffer->read_cursor = 0;
     213                 :    8938167 :     return S2N_SUCCESS;
     214                 :    8938167 : }
     215                 :            : 
     216                 :            : int s2n_stuffer_wipe_n(struct s2n_stuffer *stuffer, const uint32_t size)
     217                 :     507805 : {
     218 [ -  + ][ +  - ]:     507805 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     219         [ +  + ]:     507805 :     uint32_t wipe_size = S2N_MIN(size, stuffer->write_cursor);
     220                 :            : 
     221                 :     507805 :     stuffer->write_cursor -= wipe_size;
     222         [ +  + ]:     507805 :     stuffer->read_cursor = S2N_MIN(stuffer->read_cursor, stuffer->write_cursor);
     223 [ -  + ][ #  # ]:     507805 :     POSIX_CHECKED_MEMSET(stuffer->blob.data + stuffer->write_cursor, S2N_WIPE_PATTERN, wipe_size);
                 [ +  + ]
     224                 :            : 
     225 [ -  + ][ +  - ]:     507805 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     226                 :     507805 :     return S2N_SUCCESS;
     227                 :     507805 : }
     228                 :            : 
     229                 :            : bool s2n_stuffer_is_consumed(struct s2n_stuffer *stuffer)
     230                 :     247590 : {
     231 [ +  - ][ +  + ]:     247590 :     return stuffer && (stuffer->read_cursor == stuffer->write_cursor) && !stuffer->tainted;
                 [ +  + ]
     232                 :     247590 : }
     233                 :            : 
     234                 :            : int s2n_stuffer_wipe(struct s2n_stuffer *stuffer)
     235                 :   41485075 : {
     236 [ -  + ][ +  - ]:   41485075 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     237         [ +  + ]:   41485075 :     if (!s2n_stuffer_is_wiped(stuffer)) {
     238 [ #  # ][ -  + ]:   10735964 :         POSIX_CHECKED_MEMSET(stuffer->blob.data, S2N_WIPE_PATTERN, stuffer->high_water_mark);
                 [ +  - ]
     239                 :   10735964 :     }
     240                 :            : 
     241                 :   41485075 :     stuffer->tainted = 0;
     242                 :   41485075 :     stuffer->write_cursor = 0;
     243                 :   41485075 :     stuffer->read_cursor = 0;
     244                 :   41485075 :     stuffer->high_water_mark = 0;
     245 [ -  + ][ +  - ]:   41485075 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     246                 :   41485075 :     return S2N_SUCCESS;
     247                 :   41485075 : }
     248                 :            : 
     249                 :            : int s2n_stuffer_skip_read(struct s2n_stuffer *stuffer, uint32_t n)
     250                 :   36816354 : {
     251 [ -  + ][ +  + ]:   36816354 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     252 [ +  - ][ +  + ]:   36816354 :     POSIX_ENSURE(s2n_stuffer_data_available(stuffer) >= n, S2N_ERR_STUFFER_OUT_OF_DATA);
     253                 :            : 
     254                 :   36799709 :     stuffer->read_cursor += n;
     255                 :   36799709 :     return S2N_SUCCESS;
     256                 :   36816354 : }
     257                 :            : 
     258                 :            : void *s2n_stuffer_raw_read(struct s2n_stuffer *stuffer, uint32_t data_len)
     259                 :    5054146 : {
     260         [ +  + ]:    5054146 :     PTR_GUARD_POSIX(s2n_stuffer_skip_read(stuffer, data_len));
     261                 :            : 
     262                 :    5054143 :     stuffer->tainted = 1;
     263                 :            : 
     264         [ +  - ]:    5054143 :     return (stuffer->blob.data) ? (stuffer->blob.data + stuffer->read_cursor - data_len) : NULL;
     265                 :    5054146 : }
     266                 :            : 
     267                 :            : int s2n_stuffer_read(struct s2n_stuffer *stuffer, struct s2n_blob *out)
     268                 :     146563 : {
     269 [ #  # ][ -  + ]:     146563 :     POSIX_ENSURE_REF(out);
     270                 :            : 
     271                 :     146563 :     return s2n_stuffer_read_bytes(stuffer, out->data, out->size);
     272                 :     146563 : }
     273                 :            : 
     274                 :            : int s2n_stuffer_erase_and_read(struct s2n_stuffer *stuffer, struct s2n_blob *out)
     275                 :     181901 : {
     276         [ -  + ]:     181901 :     POSIX_GUARD(s2n_stuffer_skip_read(stuffer, out->size));
     277                 :            : 
     278         [ +  - ]:     181901 :     void *ptr = (stuffer->blob.data) ? (stuffer->blob.data + stuffer->read_cursor - out->size) : NULL;
     279 [ #  # ][ -  + ]:     181901 :     POSIX_ENSURE(S2N_MEM_IS_READABLE(ptr, out->size), S2N_ERR_NULL);
                 [ +  - ]
     280                 :            : 
     281 [ -  + ][ #  # ]:     181901 :     POSIX_CHECKED_MEMCPY(out->data, ptr, out->size);
                 [ +  - ]
     282 [ #  # ][ -  + ]:     181901 :     POSIX_CHECKED_MEMSET(ptr, 0, out->size);
                 [ +  - ]
     283                 :            : 
     284                 :     181901 :     return S2N_SUCCESS;
     285                 :     181901 : }
     286                 :            : 
     287                 :            : int s2n_stuffer_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size)
     288                 :   23470967 : {
     289 [ +  - ][ +  + ]:   23470967 :     POSIX_ENSURE_REF(data);
     290 [ +  + ][ +  + ]:   23470965 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     291         [ +  + ]:   23470964 :     POSIX_GUARD(s2n_stuffer_skip_read(stuffer, size));
     292 [ -  + ][ #  # ]:   23454330 :     POSIX_ENSURE_REF(stuffer->blob.data);
     293                 :   23454330 :     void *ptr = stuffer->blob.data + stuffer->read_cursor - size;
     294                 :            : 
     295 [ -  + ][ #  # ]:   23454330 :     POSIX_CHECKED_MEMCPY(data, ptr, size);
                 [ +  + ]
     296                 :            : 
     297                 :   23454330 :     return S2N_SUCCESS;
     298                 :   23454330 : }
     299                 :            : 
     300                 :            : int s2n_stuffer_erase_and_read_bytes(struct s2n_stuffer *stuffer, uint8_t *data, uint32_t size)
     301                 :       7847 : {
     302         [ -  + ]:       7847 :     POSIX_GUARD(s2n_stuffer_skip_read(stuffer, size));
     303 [ -  + ][ #  # ]:       7847 :     POSIX_ENSURE_REF(stuffer->blob.data);
     304                 :       7847 :     void *ptr = stuffer->blob.data + stuffer->read_cursor - size;
     305                 :            : 
     306 [ -  + ][ #  # ]:       7847 :     POSIX_CHECKED_MEMCPY(data, ptr, size);
                 [ +  - ]
     307 [ -  + ][ #  # ]:       7847 :     POSIX_CHECKED_MEMSET(ptr, 0, size);
                 [ +  - ]
     308                 :            : 
     309                 :       7847 :     return S2N_SUCCESS;
     310                 :       7847 : }
     311                 :            : 
     312                 :            : int s2n_stuffer_skip_write(struct s2n_stuffer *stuffer, const uint32_t n)
     313                 :   61178150 : {
     314 [ -  + ][ +  + ]:   61178150 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     315         [ +  + ]:   61178150 :     POSIX_GUARD(s2n_stuffer_reserve_space(stuffer, n));
     316                 :   61160674 :     stuffer->write_cursor += n;
     317         [ +  + ]:   61160674 :     stuffer->high_water_mark = S2N_MAX(stuffer->write_cursor, stuffer->high_water_mark);
     318 [ -  + ][ +  + ]:   61160674 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     319                 :   61160674 :     return S2N_SUCCESS;
     320                 :   61160674 : }
     321                 :            : 
     322                 :            : void *s2n_stuffer_raw_write(struct s2n_stuffer *stuffer, const uint32_t data_len)
     323                 :    7274565 : {
     324         [ +  + ]:    7274565 :     PTR_GUARD_POSIX(s2n_stuffer_skip_write(stuffer, data_len));
     325                 :            : 
     326                 :    7274564 :     stuffer->tainted = 1;
     327                 :            : 
     328         [ +  - ]:    7274564 :     return (stuffer->blob.data) ? (stuffer->blob.data + stuffer->write_cursor - data_len) : NULL;
     329                 :    7274565 : }
     330                 :            : 
     331                 :            : int s2n_stuffer_write(struct s2n_stuffer *stuffer, const struct s2n_blob *in)
     332                 :     563417 : {
     333 [ +  + ][ +  + ]:     563417 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     334 [ -  + ][ +  - ]:     563415 :     POSIX_PRECONDITION(s2n_blob_validate(in));
     335                 :     563415 :     return s2n_stuffer_write_bytes(stuffer, in->data, in->size);
     336                 :     563415 : }
     337                 :            : 
     338                 :            : int s2n_stuffer_write_bytes(struct s2n_stuffer *stuffer, const uint8_t *data, const uint32_t size)
     339                 :   29827030 : {
     340         [ +  + ]:   29827030 :     if (size == 0) {
     341                 :     125520 :         return S2N_SUCCESS;
     342                 :     125520 :     }
     343                 :            : 
     344 [ #  # ][ -  + ]:   29701510 :     POSIX_ENSURE(S2N_MEM_IS_READABLE(data, size), S2N_ERR_SAFETY);
                 [ +  - ]
     345 [ -  + ][ +  - ]:   29701510 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     346         [ +  + ]:   29701510 :     POSIX_GUARD(s2n_stuffer_skip_write(stuffer, size));
     347                 :            : 
     348                 :   29684040 :     void *ptr = stuffer->blob.data + stuffer->write_cursor - size;
     349 [ #  # ][ -  + ]:   29684040 :     POSIX_ENSURE(S2N_MEM_IS_READABLE(ptr, size), S2N_ERR_NULL);
                 [ +  - ]
     350                 :            : 
     351         [ +  + ]:   29684040 :     if (ptr == data) {
     352 [ -  + ][ +  - ]:       8418 :         POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     353                 :       8418 :         return S2N_SUCCESS;
     354                 :       8418 :     }
     355                 :            : 
     356 [ -  + ][ #  # ]:   29675622 :     POSIX_CHECKED_MEMCPY(ptr, data, size);
                 [ +  - ]
     357                 :            : 
     358 [ -  + ][ +  - ]:   29675622 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     359                 :   29675622 :     return S2N_SUCCESS;
     360                 :   29675622 : }
     361                 :            : 
     362                 :            : int s2n_stuffer_writev_bytes(struct s2n_stuffer *stuffer, const struct iovec *iov, size_t iov_count, uint32_t offs,
     363                 :            :         uint32_t size)
     364                 :    3606574 : {
     365 [ -  + ][ +  - ]:    3606574 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     366 [ -  + ][ #  # ]:    3606574 :     POSIX_ENSURE_REF(iov);
     367                 :    3606574 :     void *ptr = s2n_stuffer_raw_write(stuffer, size);
     368 [ #  # ][ +  + ]:    3606574 :     POSIX_ENSURE(S2N_MEM_IS_READABLE(ptr, size), S2N_ERR_NULL);
                 [ +  - ]
     369                 :            : 
     370                 :    3606574 :     size_t size_left = size, to_skip = offs;
     371         [ +  + ]:    3638029 :     for (size_t i = 0; i < iov_count; i++) {
     372         [ +  + ]:    3637936 :         if (to_skip >= iov[i].iov_len) {
     373                 :      31371 :             to_skip -= iov[i].iov_len;
     374                 :      31371 :             continue;
     375                 :      31371 :         }
     376                 :    3606565 :         size_t iov_len_op = iov[i].iov_len - to_skip;
     377 [ -  + ][ #  # ]:    3606565 :         POSIX_ENSURE_LTE(iov_len_op, UINT32_MAX);
     378                 :    3606565 :         uint32_t iov_len = (uint32_t) iov_len_op;
     379         [ +  + ]:    3606565 :         uint32_t iov_size_to_take = S2N_MIN(size_left, iov_len);
     380 [ -  + ][ #  # ]:    3606565 :         POSIX_ENSURE_REF(iov[i].iov_base);
     381 [ -  + ][ #  # ]:    3606565 :         POSIX_ENSURE_LT(to_skip, iov[i].iov_len);
     382 [ -  + ][ #  # ]:    3606565 :         POSIX_CHECKED_MEMCPY(ptr, ((uint8_t *) (iov[i].iov_base)) + to_skip, iov_size_to_take);
                 [ +  - ]
     383                 :    3606565 :         size_left -= iov_size_to_take;
     384         [ +  + ]:    3606565 :         if (size_left == 0) {
     385                 :    3606481 :             break;
     386                 :    3606481 :         }
     387                 :         84 :         ptr = (void *) ((uint8_t *) ptr + iov_size_to_take);
     388                 :         84 :         to_skip = 0;
     389                 :         84 :     }
     390                 :            : 
     391                 :    3606574 :     return S2N_SUCCESS;
     392                 :    3606574 : }
     393                 :            : 
     394                 :            : static int s2n_stuffer_copy_impl(struct s2n_stuffer *from, struct s2n_stuffer *to, const uint32_t len)
     395                 :    7335817 : {
     396         [ -  + ]:    7335817 :     POSIX_GUARD(s2n_stuffer_skip_read(from, len));
     397         [ -  + ]:    7335817 :     POSIX_GUARD(s2n_stuffer_skip_write(to, len));
     398                 :            : 
     399         [ +  - ]:    7335817 :     uint8_t *from_ptr = (from->blob.data) ? (from->blob.data + from->read_cursor - len) : NULL;
     400         [ +  - ]:    7335817 :     uint8_t *to_ptr = (to->blob.data) ? (to->blob.data + to->write_cursor - len) : NULL;
     401                 :            : 
     402 [ #  # ][ -  + ]:    7335817 :     POSIX_CHECKED_MEMCPY(to_ptr, from_ptr, len);
                 [ +  + ]
     403                 :            : 
     404                 :    7335817 :     return S2N_SUCCESS;
     405                 :    7335817 : }
     406                 :            : 
     407                 :            : int s2n_stuffer_reserve_space(struct s2n_stuffer *stuffer, uint32_t n)
     408                 :   62108954 : {
     409 [ -  + ][ +  + ]:   62108954 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     410         [ +  + ]:   62108954 :     if (s2n_stuffer_space_remaining(stuffer) < n) {
     411 [ +  + ][ +  - ]:    3508216 :         POSIX_ENSURE(stuffer->growable, S2N_ERR_STUFFER_IS_FULL);
     412                 :            :         /* Always grow a stuffer by at least 1k */
     413         [ +  + ]:    3490739 :         const uint32_t growth = S2N_MAX(n - s2n_stuffer_space_remaining(stuffer), S2N_MIN_STUFFER_GROWTH_IN_BYTES);
     414                 :    3490739 :         uint32_t new_size = 0;
     415         [ -  + ]:    3490739 :         POSIX_GUARD(s2n_add_overflow(stuffer->blob.size, growth, &new_size));
     416         [ -  + ]:    3490739 :         POSIX_GUARD(s2n_stuffer_resize(stuffer, new_size));
     417                 :    3490739 :     }
     418 [ -  + ][ +  + ]:   62091477 :     POSIX_POSTCONDITION(s2n_stuffer_validate(stuffer));
     419                 :   62091477 :     return S2N_SUCCESS;
     420                 :   62091477 : }
     421                 :            : 
     422                 :            : /* Copies "len" bytes from "from" to "to".
     423                 :            :  * If the copy cannot succeed (i.e. there are either not enough bytes available, or there is not enough space to write them
     424                 :            :  * restore the old value of the stuffer */
     425                 :            : int s2n_stuffer_copy(struct s2n_stuffer *from, struct s2n_stuffer *to, const uint32_t len)
     426                 :    7335817 : {
     427                 :    7335817 :     const uint32_t orig_read_cursor = from->read_cursor;
     428                 :    7335817 :     const uint32_t orig_write_cursor = to->write_cursor;
     429                 :            : 
     430         [ -  + ]:    7335817 :     if (s2n_stuffer_copy_impl(from, to, len) < 0) {
     431                 :          0 :         from->read_cursor = orig_read_cursor;
     432                 :          0 :         to->write_cursor = orig_write_cursor;
     433                 :          0 :         S2N_ERROR_PRESERVE_ERRNO();
     434                 :          0 :     }
     435                 :            : 
     436                 :    7335817 :     return S2N_SUCCESS;
     437                 :    7335817 : }
     438                 :            : 
     439                 :            : int s2n_stuffer_extract_blob(struct s2n_stuffer *stuffer, struct s2n_blob *out)
     440                 :         23 : {
     441 [ -  + ][ +  - ]:         23 :     POSIX_PRECONDITION(s2n_stuffer_validate(stuffer));
     442 [ -  + ][ #  # ]:         23 :     POSIX_ENSURE_REF(out);
     443         [ -  + ]:         23 :     POSIX_GUARD(s2n_realloc(out, s2n_stuffer_data_available(stuffer)));
     444                 :            : 
     445         [ +  - ]:         23 :     if (s2n_stuffer_data_available(stuffer) > 0) {
     446 [ -  + ][ #  # ]:         23 :         POSIX_CHECKED_MEMCPY(out->data, stuffer->blob.data + stuffer->read_cursor, s2n_stuffer_data_available(stuffer));
                 [ +  - ]
     447                 :         23 :     }
     448                 :            : 
     449 [ -  + ][ +  - ]:         23 :     POSIX_POSTCONDITION(s2n_blob_validate(out));
     450                 :         23 :     return S2N_SUCCESS;
     451                 :         23 : }
     452                 :            : 
     453                 :            : int s2n_stuffer_shift(struct s2n_stuffer *stuffer)
     454                 :        508 : {
     455 [ +  - ][ +  + ]:        508 :     POSIX_ENSURE_REF(stuffer);
     456                 :        507 :     struct s2n_stuffer copy = *stuffer;
     457         [ -  + ]:        507 :     POSIX_GUARD(s2n_stuffer_rewrite(&copy));
     458                 :            : 
     459                 :        507 :     uint8_t *data = stuffer->blob.data;
     460                 :            :     /* Adding 0 to a NULL value is undefined behavior */
     461         [ +  + ]:        507 :     if (stuffer->read_cursor != 0) {
     462                 :        505 :         data += stuffer->read_cursor;
     463                 :        505 :     }
     464                 :            : 
     465                 :        507 :     uint32_t data_size = s2n_stuffer_data_available(stuffer);
     466         [ -  + ]:        507 :     POSIX_GUARD(s2n_stuffer_write_bytes(&copy, data, data_size));
     467                 :        507 :     *stuffer = copy;
     468                 :        507 :     return S2N_SUCCESS;
     469                 :        507 : }

Generated by: LCOV version 1.14