- Reduce what headers the runtime import needs.
- Remove stale function prototype.
- Move one function to be full scoped to a single file.
PiperOrigin-RevId: 512073294
This change also removes policy settings that are now already set to
`NEW` by default. There are still two remaining policies that were
introduced in CMake > 3.10, so I left those, and documented the CMake
version they were introduced in so we know when we can later remove them
(when our min version advances beyond that).
The min CMake version supported by Protobuf is documented here:
https://github.com/google/oss-policies-info/blob/main/foundational-cxx-support-matrix.md
PiperOrigin-RevId: 511897379
Write barrier protected objects are allowed to be promoted to the old generation, which means they only get marked on major GC.
The downside is that the `RB_BJ_WRITE` macro MUST be used to set references, otherwise the referenced object may be garbaged collected.
But the `*Descriptor` classes and `Arena` have very few references and are only set in a few places, so it's relatively easy to implement.
cc @peterzhu2118Closes#11793
COPYBARA_INTEGRATE_REVIEW=https://github.com/protocolbuffers/protobuf/pull/11793 from casperisfine:descriptor-write-barrier 215e8fad4c
PiperOrigin-RevId: 511875342
For PODs, parse the data before making the NSNumber used for extension
fields.
For messages/groups, create the message first, add it to the object graph,
and balance the retain count before doing the parsing. This ensure if an
error is hit (and a throw happens), the object(s) won't be leaked.
Parsing will always mutates the graph, so yes this includes more mutations
in failure cases, but other fields could always be modified before the
bad data is encountered. But even then, that edge case *only* apples to api
users that are explicitly *merge* (-mergeFrom...), the majority of the calls
are to +parseFromData:error:, so the entire graph is released on failure.
PiperOrigin-RevId: 511871398
being set as immutable. This would allow code to get a builder for a
sub-message and modify the original (supposedly immutable) copy.
PiperOrigin-RevId: 511598810
A bug was found during code review that didn't trigger any test failure
The fast TDP entry did not have the index in the aux_idx field.
PiperOrigin-RevId: 511570831
The validation is done at the highest point so if a sub message is what
goes over the limit it is caught at the outer message, thus reducing the
impact on the serialization code.
PiperOrigin-RevId: 511473008
The code that loads descriptors calls absl::CUnescape() to parse the escape sequences. Prior to this CL, we were not checking the return value of this call, effectively allowing the invalid data to be loaded.
If a user is compiling a .proto file, invalid escapes will be caught earlier in the compiler pipeline, and this check will be unnecessary. The only time this is an issue is when a descriptor has been constructed manually and is loaded into the runtime.
This bug manifested as an MSAN failure in a fuzz test, because in the error case absl::CUnescape() will return a string where some of the characters are uninitialized.
PiperOrigin-RevId: 511319279
Add a helper to put the logic in one place in the file.
Ensure all places that read messages also do the 2GB check for message size.
PiperOrigin-RevId: 511260874
Fix exit code on git commit which was preventing force-push and tagging from running even though these should work without a new commit. An empty commit is probably clearer anyways to show that sync has happened.
PiperOrigin-RevId: 511255365
If a change is committed while we're regenerating stale files, we should just bail and let the next job handle the refresh.
PiperOrigin-RevId: 510453613
Add the objects to the object graph and balance the retain count before
doing the parsing. This ensure if an error is hit (and a throw happens),
the object(s) won't be leaked.
Parsing will always mutate the graph, so yes this includes more mutations
in failure cases, but other fields could always be modified before the
bad data is encountered. But even then, that edge case *only* apples to api
users that are explicitly *merge* (-mergeFrom...), the majority of the calls
are to +parseFromData:error:, so the entire graph is released on failure.
PiperOrigin-RevId: 510417377
The last attempted (rolled back) resulted in changes in visible behavior:
- It consumed a recursion depth on the input stream (wrong)
- It resulted in different error codes for some malformed/truncated data.
PiperOrigin-RevId: 510415215
Unconditional update of isMutable causes data races for
LazyStringArrayList::EMPTY_LIST that is used as the default value
for protobuf fields.
Not writing to it unconditionally may also improve performance
by reducing contention for the presumably widely shared EMPTY_LIST object.
PiperOrigin-RevId: 510366298