borsh/de/
mod.rs

1use core::marker::PhantomData;
2use core::mem::MaybeUninit;
3use core::{
4    convert::{TryFrom, TryInto},
5    mem::size_of,
6};
7
8#[cfg(feature = "bytes")]
9use bytes::{BufMut, BytesMut};
10
11use crate::__private::maybestd::{
12    borrow::{Borrow, Cow, ToOwned},
13    boxed::Box,
14    collections::{BTreeMap, BTreeSet, LinkedList, VecDeque},
15    format,
16    string::{String, ToString},
17    vec,
18    vec::Vec,
19};
20use crate::io::{Error, ErrorKind, Read, Result};
21
22use crate::error::check_zst;
23
24mod hint;
25
26const ERROR_NOT_ALL_BYTES_READ: &str = "Not all bytes read";
27const ERROR_UNEXPECTED_LENGTH_OF_INPUT: &str = "Unexpected length of input";
28const ERROR_OVERFLOW_ON_MACHINE_WITH_32_BIT_ISIZE: &str = "Overflow on machine with 32 bit isize";
29const ERROR_OVERFLOW_ON_MACHINE_WITH_32_BIT_USIZE: &str = "Overflow on machine with 32 bit usize";
30const ERROR_INVALID_ZERO_VALUE: &str = "Expected a non-zero value";
31
32#[cfg(feature = "de_strict_order")]
33const ERROR_WRONG_ORDER_OF_KEYS: &str = "keys were not serialized in ascending order";
34
35/// A data-structure that can be de-serialized from binary format by NBOR.
36pub trait BorshDeserialize: Sized {
37    /// Deserializes this instance from a given slice of bytes.
38    /// Updates the buffer to point at the remaining bytes.
39    fn deserialize(buf: &mut &[u8]) -> Result<Self> {
40        Self::deserialize_reader(&mut *buf)
41    }
42
43    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self>;
44
45    /// Deserialize this instance from a slice of bytes.
46    fn try_from_slice(v: &[u8]) -> Result<Self> {
47        let mut v_mut = v;
48        let result = Self::deserialize(&mut v_mut)?;
49        if !v_mut.is_empty() {
50            return Err(Error::new(ErrorKind::InvalidData, ERROR_NOT_ALL_BYTES_READ));
51        }
52        Ok(result)
53    }
54
55    fn try_from_reader<R: Read>(reader: &mut R) -> Result<Self> {
56        let result = Self::deserialize_reader(reader)?;
57        let mut buf = [0u8; 1];
58        match reader.read_exact(&mut buf) {
59            Err(f) if f.kind() == ErrorKind::UnexpectedEof => Ok(result),
60            _ => Err(Error::new(ErrorKind::InvalidData, ERROR_NOT_ALL_BYTES_READ)),
61        }
62    }
63
64    #[inline]
65    #[doc(hidden)]
66    fn vec_from_reader<R: Read>(len: u32, reader: &mut R) -> Result<Option<Vec<Self>>> {
67        let _ = len;
68        let _ = reader;
69        Ok(None)
70    }
71
72    #[inline]
73    #[doc(hidden)]
74    fn array_from_reader<R: Read, const N: usize>(reader: &mut R) -> Result<Option<[Self; N]>> {
75        let _ = reader;
76        Ok(None)
77    }
78}
79
80/// Additional methods offered on enums which is used by `[derive(BorshDeserialize)]`.
81pub trait EnumExt: BorshDeserialize {
82    /// Deserialises given variant of an enum from the reader.
83    ///
84    /// This may be used to perform validation or filtering based on what
85    /// variant is being deserialised.
86    ///
87    /// ```
88    /// use borsh::BorshDeserialize;
89    /// use borsh::de::EnumExt as _;
90    ///
91    /// /// derive is only available if borsh is built with `features = ["derive"]`
92    /// # #[cfg(feature = "derive")]
93    /// #[derive(Debug, PartialEq, Eq, BorshDeserialize)]
94    /// enum MyEnum {
95    ///     Zero,
96    ///     One(u8),
97    ///     Many(Vec<u8>)
98    /// }
99    ///
100    /// # #[cfg(feature = "derive")]
101    /// #[derive(Debug, PartialEq, Eq)]
102    /// struct OneOrZero(MyEnum);
103    ///
104    /// # #[cfg(feature = "derive")]
105    /// impl borsh::de::BorshDeserialize for OneOrZero {
106    ///     fn deserialize_reader<R: borsh::io::Read>(
107    ///         reader: &mut R,
108    ///     ) -> borsh::io::Result<Self> {
109    ///         use borsh::de::EnumExt;
110    ///         let tag = u8::deserialize_reader(reader)?;
111    ///         if tag == 2 {
112    ///             Err(borsh::io::Error::new(
113    ///                 borsh::io::ErrorKind::InvalidData,
114    ///                 "MyEnum::Many not allowed here",
115    ///             ))
116    ///         } else {
117    ///             MyEnum::deserialize_variant(reader, tag).map(Self)
118    ///         }
119    ///     }
120    /// }
121    ///
122    /// use borsh::from_slice;
123    /// let data = b"\0";
124    /// # #[cfg(feature = "derive")]
125    /// assert_eq!(MyEnum::Zero, from_slice::<MyEnum>(&data[..]).unwrap());
126    /// # #[cfg(feature = "derive")]
127    /// assert_eq!(MyEnum::Zero, from_slice::<OneOrZero>(&data[..]).unwrap().0);
128    ///
129    /// let data = b"\x02\0\0\0\0";
130    /// # #[cfg(feature = "derive")]
131    /// assert_eq!(MyEnum::Many(Vec::new()), from_slice::<MyEnum>(&data[..]).unwrap());
132    /// # #[cfg(feature = "derive")]
133    /// assert!(from_slice::<OneOrZero>(&data[..]).is_err());
134    /// ```
135    fn deserialize_variant<R: Read>(reader: &mut R, tag: u8) -> Result<Self>;
136}
137
138fn unexpected_eof_to_unexpected_length_of_input(e: Error) -> Error {
139    if e.kind() == ErrorKind::UnexpectedEof {
140        Error::new(ErrorKind::InvalidData, ERROR_UNEXPECTED_LENGTH_OF_INPUT)
141    } else {
142        e
143    }
144}
145
146impl BorshDeserialize for u8 {
147    #[inline]
148    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
149        let mut buf = [0u8; 1];
150        reader
151            .read_exact(&mut buf)
152            .map_err(unexpected_eof_to_unexpected_length_of_input)?;
153        Ok(buf[0])
154    }
155
156    #[inline]
157    #[doc(hidden)]
158    fn vec_from_reader<R: Read>(len: u32, reader: &mut R) -> Result<Option<Vec<Self>>> {
159        let len: usize = len.try_into().map_err(|_| ErrorKind::InvalidData)?;
160        // Avoid OOM by limiting the size of allocation.  This makes the read
161        // less efficient (since we need to loop and reallocate) but it protects
162        // us from someone sending us [0xff, 0xff, 0xff, 0xff] and forcing us to
163        // allocate 4GiB of memory.
164        let mut vec = vec![0u8; len.min(1024 * 1024)];
165        let mut pos = 0;
166        while pos < len {
167            if pos == vec.len() {
168                vec.resize(vec.len().saturating_mul(2).min(len), 0)
169            }
170            // TODO(mina86): Convert this to read_buf once that stabilises.
171            match reader.read(&mut vec.as_mut_slice()[pos..])? {
172                0 => {
173                    return Err(Error::new(
174                        ErrorKind::InvalidData,
175                        ERROR_UNEXPECTED_LENGTH_OF_INPUT,
176                    ))
177                }
178                read => {
179                    pos += read;
180                }
181            }
182        }
183        Ok(Some(vec))
184    }
185
186    #[inline]
187    #[doc(hidden)]
188    fn array_from_reader<R: Read, const N: usize>(reader: &mut R) -> Result<Option<[Self; N]>> {
189        let mut arr = [0u8; N];
190        reader
191            .read_exact(&mut arr)
192            .map_err(unexpected_eof_to_unexpected_length_of_input)?;
193        Ok(Some(arr))
194    }
195}
196
197macro_rules! impl_for_integer {
198    ($type: ident) => {
199        impl BorshDeserialize for $type {
200            #[inline]
201            fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
202                let mut buf = [0u8; size_of::<$type>()];
203                reader
204                    .read_exact(&mut buf)
205                    .map_err(unexpected_eof_to_unexpected_length_of_input)?;
206                let res = $type::from_le_bytes(buf.try_into().unwrap());
207                Ok(res)
208            }
209        }
210    };
211}
212
213impl_for_integer!(i8);
214impl_for_integer!(i16);
215impl_for_integer!(i32);
216impl_for_integer!(i64);
217impl_for_integer!(i128);
218impl_for_integer!(u16);
219impl_for_integer!(u32);
220impl_for_integer!(u64);
221impl_for_integer!(u128);
222
223macro_rules! impl_for_nonzero_integer {
224    ($type: ty) => {
225        impl BorshDeserialize for $type {
226            #[inline]
227            fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
228                <$type>::new(BorshDeserialize::deserialize_reader(reader)?)
229                    .ok_or_else(|| Error::new(ErrorKind::InvalidData, ERROR_INVALID_ZERO_VALUE))
230            }
231        }
232    };
233}
234
235impl_for_nonzero_integer!(core::num::NonZeroI8);
236impl_for_nonzero_integer!(core::num::NonZeroI16);
237impl_for_nonzero_integer!(core::num::NonZeroI32);
238impl_for_nonzero_integer!(core::num::NonZeroI64);
239impl_for_nonzero_integer!(core::num::NonZeroI128);
240impl_for_nonzero_integer!(core::num::NonZeroU8);
241impl_for_nonzero_integer!(core::num::NonZeroU16);
242impl_for_nonzero_integer!(core::num::NonZeroU32);
243impl_for_nonzero_integer!(core::num::NonZeroU64);
244impl_for_nonzero_integer!(core::num::NonZeroU128);
245impl_for_nonzero_integer!(core::num::NonZeroUsize);
246
247impl BorshDeserialize for isize {
248    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
249        let i: i64 = BorshDeserialize::deserialize_reader(reader)?;
250        let i = isize::try_from(i).map_err(|_| {
251            Error::new(
252                ErrorKind::InvalidData,
253                ERROR_OVERFLOW_ON_MACHINE_WITH_32_BIT_ISIZE,
254            )
255        })?;
256        Ok(i)
257    }
258}
259
260impl BorshDeserialize for usize {
261    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
262        let u: u64 = BorshDeserialize::deserialize_reader(reader)?;
263        let u = usize::try_from(u).map_err(|_| {
264            Error::new(
265                ErrorKind::InvalidData,
266                ERROR_OVERFLOW_ON_MACHINE_WITH_32_BIT_USIZE,
267            )
268        })?;
269        Ok(u)
270    }
271}
272
273// Note NaNs have a portability issue. Specifically, signalling NaNs on MIPS are quiet NaNs on x86,
274// and vice-versa. We disallow NaNs to avoid this issue.
275macro_rules! impl_for_float {
276    ($type: ident, $int_type: ident) => {
277        impl BorshDeserialize for $type {
278            #[inline]
279            fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
280                let mut buf = [0u8; size_of::<$type>()];
281                reader
282                    .read_exact(&mut buf)
283                    .map_err(unexpected_eof_to_unexpected_length_of_input)?;
284                let res = $type::from_bits($int_type::from_le_bytes(buf.try_into().unwrap()));
285                if res.is_nan() {
286                    return Err(Error::new(
287                        ErrorKind::InvalidData,
288                        "For portability reasons we do not allow to deserialize NaNs.",
289                    ));
290                }
291                Ok(res)
292            }
293        }
294    };
295}
296
297impl_for_float!(f32, u32);
298impl_for_float!(f64, u64);
299
300impl BorshDeserialize for bool {
301    #[inline]
302    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
303        let b: u8 = BorshDeserialize::deserialize_reader(reader)?;
304        if b == 0 {
305            Ok(false)
306        } else if b == 1 {
307            Ok(true)
308        } else {
309            let msg = format!("Invalid bool representation: {}", b);
310
311            Err(Error::new(ErrorKind::InvalidData, msg))
312        }
313    }
314}
315
316impl<T> BorshDeserialize for Option<T>
317where
318    T: BorshDeserialize,
319{
320    #[inline]
321    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
322        let flag: u8 = BorshDeserialize::deserialize_reader(reader)?;
323        if flag == 0 {
324            Ok(None)
325        } else if flag == 1 {
326            Ok(Some(T::deserialize_reader(reader)?))
327        } else {
328            let msg = format!(
329                "Invalid Option representation: {}. The first byte must be 0 or 1",
330                flag
331            );
332
333            Err(Error::new(ErrorKind::InvalidData, msg))
334        }
335    }
336}
337
338impl<T, E> BorshDeserialize for core::result::Result<T, E>
339where
340    T: BorshDeserialize,
341    E: BorshDeserialize,
342{
343    #[inline]
344    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
345        let flag: u8 = BorshDeserialize::deserialize_reader(reader)?;
346        if flag == 0 {
347            Ok(Err(E::deserialize_reader(reader)?))
348        } else if flag == 1 {
349            Ok(Ok(T::deserialize_reader(reader)?))
350        } else {
351            let msg = format!(
352                "Invalid Result representation: {}. The first byte must be 0 or 1",
353                flag
354            );
355
356            Err(Error::new(ErrorKind::InvalidData, msg))
357        }
358    }
359}
360
361impl BorshDeserialize for String {
362    #[inline]
363    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
364        String::from_utf8(Vec::<u8>::deserialize_reader(reader)?).map_err(|err| {
365            let msg = err.to_string();
366            Error::new(ErrorKind::InvalidData, msg)
367        })
368    }
369}
370
371/// Module is available if borsh is built with `features = ["ascii"]`.
372#[cfg(feature = "ascii")]
373pub mod ascii {
374    //!
375    //! Module defines [BorshDeserialize] implementation for
376    //! some types from [ascii](::ascii) crate.
377    use crate::BorshDeserialize;
378    use crate::__private::maybestd::{string::ToString, vec::Vec};
379    use crate::io::{Error, ErrorKind, Read, Result};
380
381    impl BorshDeserialize for ascii::AsciiString {
382        #[inline]
383        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
384            let bytes = Vec::<u8>::deserialize_reader(reader)?;
385            ascii::AsciiString::from_ascii(bytes)
386                .map_err(|err| Error::new(ErrorKind::InvalidData, err.to_string()))
387        }
388    }
389
390    impl BorshDeserialize for ascii::AsciiChar {
391        #[inline]
392        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
393            let byte = u8::deserialize_reader(reader)?;
394            ascii::AsciiChar::from_ascii(byte)
395                .map_err(|err| Error::new(ErrorKind::InvalidData, err.to_string()))
396        }
397    }
398}
399
400impl<T> BorshDeserialize for Vec<T>
401where
402    T: BorshDeserialize,
403{
404    #[inline]
405    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
406        check_zst::<T>()?;
407
408        let len = u32::deserialize_reader(reader)?;
409        if len == 0 {
410            Ok(Vec::new())
411        } else if let Some(vec_bytes) = T::vec_from_reader(len, reader)? {
412            Ok(vec_bytes)
413        } else {
414            // TODO(16): return capacity allocation when we can safely do that.
415            let mut result = Vec::with_capacity(hint::cautious::<T>(len));
416            for _ in 0..len {
417                result.push(T::deserialize_reader(reader)?);
418            }
419            Ok(result)
420        }
421    }
422}
423
424#[cfg(feature = "bytes")]
425impl BorshDeserialize for bytes::Bytes {
426    #[inline]
427    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
428        let vec = <Vec<u8>>::deserialize_reader(reader)?;
429        Ok(vec.into())
430    }
431}
432
433#[cfg(feature = "bytes")]
434impl BorshDeserialize for bytes::BytesMut {
435    #[inline]
436    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
437        let len = u32::deserialize_reader(reader)?;
438        let mut out = BytesMut::with_capacity(hint::cautious::<u8>(len));
439        for _ in 0..len {
440            out.put_u8(u8::deserialize_reader(reader)?);
441        }
442        Ok(out)
443    }
444}
445
446#[cfg(feature = "bson")]
447impl BorshDeserialize for bson::oid::ObjectId {
448    #[inline]
449    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
450        let mut buf = [0u8; 12];
451        reader.read_exact(&mut buf)?;
452        Ok(bson::oid::ObjectId::from_bytes(buf))
453    }
454}
455
456impl<T> BorshDeserialize for Cow<'_, T>
457where
458    T: ToOwned + ?Sized,
459    T::Owned: BorshDeserialize,
460{
461    #[inline]
462    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
463        Ok(Cow::Owned(BorshDeserialize::deserialize_reader(reader)?))
464    }
465}
466
467impl<T> BorshDeserialize for VecDeque<T>
468where
469    T: BorshDeserialize,
470{
471    #[inline]
472    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
473        let vec = <Vec<T>>::deserialize_reader(reader)?;
474        Ok(vec.into())
475    }
476}
477
478impl<T> BorshDeserialize for LinkedList<T>
479where
480    T: BorshDeserialize,
481{
482    #[inline]
483    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
484        let vec = <Vec<T>>::deserialize_reader(reader)?;
485        Ok(vec.into_iter().collect::<LinkedList<T>>())
486    }
487}
488
489/// Module is available if borsh is built with `features = ["std"]` or `features = ["hashbrown"]`.
490///
491/// Module defines [BorshDeserialize] implementation for
492/// [HashMap](std::collections::HashMap)/[HashSet](std::collections::HashSet).
493#[cfg(hash_collections)]
494pub mod hashes {
495    use core::hash::{BuildHasher, Hash};
496
497    use crate::BorshDeserialize;
498    use crate::__private::maybestd::collections::{HashMap, HashSet};
499    use crate::__private::maybestd::vec::Vec;
500    use crate::io::{Read, Result};
501
502    #[cfg(feature = "de_strict_order")]
503    const ERROR_WRONG_ORDER_OF_KEYS: &str = "keys were not serialized in ascending order";
504    use crate::error::check_zst;
505    #[cfg(feature = "de_strict_order")]
506    use crate::io::{Error, ErrorKind};
507
508    impl<T, H> BorshDeserialize for HashSet<T, H>
509    where
510        T: BorshDeserialize + Eq + Hash + Ord,
511        H: BuildHasher + Default,
512    {
513        #[inline]
514        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
515            // NOTE: deserialize-as-you-go approach as once was in HashSet is better in the sense
516            // that it allows to fail early, and not allocate memory for all the elements
517            // which may fail `cmp()` checks
518            // NOTE: deserialize first to `Vec<T>` is faster
519            let vec = <Vec<T>>::deserialize_reader(reader)?;
520
521            #[cfg(feature = "de_strict_order")]
522            // TODO: replace with `is_sorted` api when stabilizes https://github.com/rust-lang/rust/issues/53485
523            // TODO: first replace with `array_windows` api when stabilizes https://github.com/rust-lang/rust/issues/75027
524            for pair in vec.windows(2) {
525                let [a, b] = pair else {
526                    unreachable!("`windows` always return a slice of length 2 or nothing");
527                };
528                let cmp_result = a.cmp(b).is_lt();
529                if !cmp_result {
530                    return Err(Error::new(
531                        ErrorKind::InvalidData,
532                        ERROR_WRONG_ORDER_OF_KEYS,
533                    ));
534                }
535            }
536
537            Ok(vec.into_iter().collect::<HashSet<T, H>>())
538        }
539    }
540
541    impl<K, V, H> BorshDeserialize for HashMap<K, V, H>
542    where
543        K: BorshDeserialize + Eq + Hash + Ord,
544        V: BorshDeserialize,
545        H: BuildHasher + Default,
546    {
547        #[inline]
548        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
549            check_zst::<K>()?;
550            // NOTE: deserialize-as-you-go approach as once was in HashSet is better in the sense
551            // that it allows to fail early, and not allocate memory for all the entries
552            // which may fail `cmp()` checks
553            // NOTE: deserialize first to `Vec<(K, V)>` is faster
554            let vec = <Vec<(K, V)>>::deserialize_reader(reader)?;
555
556            #[cfg(feature = "de_strict_order")]
557            // TODO: replace with `is_sorted` api when stabilizes https://github.com/rust-lang/rust/issues/53485
558            // TODO: first replace with `array_windows` api when stabilizes https://github.com/rust-lang/rust/issues/75027
559            for pair in vec.windows(2) {
560                let [(a_k, _a_v), (b_k, _b_v)] = pair else {
561                    unreachable!("`windows` always return a slice of length 2 or nothing");
562                };
563                let cmp_result = a_k.cmp(b_k).is_lt();
564                if !cmp_result {
565                    return Err(Error::new(
566                        ErrorKind::InvalidData,
567                        ERROR_WRONG_ORDER_OF_KEYS,
568                    ));
569                }
570            }
571
572            Ok(vec.into_iter().collect::<HashMap<K, V, H>>())
573        }
574    }
575}
576
577impl<T> BorshDeserialize for BTreeSet<T>
578where
579    T: BorshDeserialize + Ord,
580{
581    #[inline]
582    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
583        // NOTE: deserialize-as-you-go approach as once was in HashSet is better in the sense
584        // that it allows to fail early, and not allocate memory for all the elements
585        // which may fail `cmp()` checks
586        // NOTE: deserialize first to `Vec<T>` is faster
587        let vec = <Vec<T>>::deserialize_reader(reader)?;
588
589        #[cfg(feature = "de_strict_order")]
590        // TODO: replace with `is_sorted` api when stabilizes https://github.com/rust-lang/rust/issues/53485
591        // TODO: first replace with `array_windows` api when stabilizes https://github.com/rust-lang/rust/issues/75027
592        for pair in vec.windows(2) {
593            let [a, b] = pair else {
594                unreachable!("`windows` always return a slice of length 2 or nothing");
595            };
596            let cmp_result = a.cmp(b).is_lt();
597            if !cmp_result {
598                return Err(Error::new(
599                    ErrorKind::InvalidData,
600                    ERROR_WRONG_ORDER_OF_KEYS,
601                ));
602            }
603        }
604        // NOTE: BTreeSet has an optimization inside of impl <T> FromIterator<T> for BTreeSet<T, Global>,
605        // based on BTreeMap::bulk_build_from_sorted_iter
606        Ok(vec.into_iter().collect::<BTreeSet<T>>())
607    }
608}
609
610impl<K, V> BorshDeserialize for BTreeMap<K, V>
611where
612    K: BorshDeserialize + Ord,
613    V: BorshDeserialize,
614{
615    #[inline]
616    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
617        check_zst::<K>()?;
618        // NOTE: deserialize-as-you-go approach as once was in HashSet is better in the sense
619        // that it allows to fail early, and not allocate memory for all the entries
620        // which may fail `cmp()` checks
621        // NOTE: deserialize first to `Vec<(K, V)>` is faster
622        let vec = <Vec<(K, V)>>::deserialize_reader(reader)?;
623
624        #[cfg(feature = "de_strict_order")]
625        // TODO: replace with `is_sorted` api when stabilizes https://github.com/rust-lang/rust/issues/53485
626        // TODO: first replace with `array_windows` api when stabilizes https://github.com/rust-lang/rust/issues/75027
627        for pair in vec.windows(2) {
628            let [(a_k, _a_v), (b_k, _b_v)] = pair else {
629                unreachable!("`windows` always return a slice of length 2 or nothing");
630            };
631            let cmp_result = a_k.cmp(b_k).is_lt();
632            if !cmp_result {
633                return Err(Error::new(
634                    ErrorKind::InvalidData,
635                    ERROR_WRONG_ORDER_OF_KEYS,
636                ));
637            }
638        }
639
640        // NOTE: BTreeMap has an optimization inside of impl<K, V> FromIterator<(K, V)> for BTreeMap<K, V, Global>,
641        // based on BTreeMap::bulk_build_from_sorted_iter
642        Ok(vec.into_iter().collect::<BTreeMap<K, V>>())
643    }
644}
645
646#[cfg(feature = "std")]
647impl BorshDeserialize for std::net::SocketAddr {
648    #[inline]
649    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
650        let kind = u8::deserialize_reader(reader)?;
651        match kind {
652            0 => std::net::SocketAddrV4::deserialize_reader(reader).map(std::net::SocketAddr::V4),
653            1 => std::net::SocketAddrV6::deserialize_reader(reader).map(std::net::SocketAddr::V6),
654            value => Err(Error::new(
655                ErrorKind::InvalidData,
656                format!("Invalid SocketAddr variant: {}", value),
657            )),
658        }
659    }
660}
661
662#[cfg(feature = "std")]
663impl BorshDeserialize for std::net::IpAddr {
664    #[inline]
665    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
666        let kind = u8::deserialize_reader(reader)?;
667        match kind {
668            0u8 => {
669                // Deserialize an Ipv4Addr and convert it to IpAddr::V4
670                let ipv4_addr = std::net::Ipv4Addr::deserialize_reader(reader)?;
671                Ok(std::net::IpAddr::V4(ipv4_addr))
672            }
673            1u8 => {
674                // Deserialize an Ipv6Addr and convert it to IpAddr::V6
675                let ipv6_addr = std::net::Ipv6Addr::deserialize_reader(reader)?;
676                Ok(std::net::IpAddr::V6(ipv6_addr))
677            }
678            value => Err(Error::new(
679                ErrorKind::InvalidData,
680                format!("Invalid IpAddr variant: {}", value),
681            )),
682        }
683    }
684}
685
686#[cfg(feature = "std")]
687impl BorshDeserialize for std::net::SocketAddrV4 {
688    #[inline]
689    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
690        let ip = std::net::Ipv4Addr::deserialize_reader(reader)?;
691        let port = u16::deserialize_reader(reader)?;
692        Ok(std::net::SocketAddrV4::new(ip, port))
693    }
694}
695
696#[cfg(feature = "std")]
697impl BorshDeserialize for std::net::SocketAddrV6 {
698    #[inline]
699    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
700        let ip = std::net::Ipv6Addr::deserialize_reader(reader)?;
701        let port = u16::deserialize_reader(reader)?;
702        Ok(std::net::SocketAddrV6::new(ip, port, 0, 0))
703    }
704}
705
706#[cfg(feature = "std")]
707impl BorshDeserialize for std::net::Ipv4Addr {
708    #[inline]
709    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
710        let mut buf = [0u8; 4];
711        reader
712            .read_exact(&mut buf)
713            .map_err(unexpected_eof_to_unexpected_length_of_input)?;
714        Ok(std::net::Ipv4Addr::from(buf))
715    }
716}
717
718#[cfg(feature = "std")]
719impl BorshDeserialize for std::net::Ipv6Addr {
720    #[inline]
721    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
722        let mut buf = [0u8; 16];
723        reader
724            .read_exact(&mut buf)
725            .map_err(unexpected_eof_to_unexpected_length_of_input)?;
726        Ok(std::net::Ipv6Addr::from(buf))
727    }
728}
729
730impl<T, U> BorshDeserialize for Box<T>
731where
732    U: Into<Box<T>> + Borrow<T>,
733    T: ToOwned<Owned = U> + ?Sized,
734    T::Owned: BorshDeserialize,
735{
736    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
737        Ok(T::Owned::deserialize_reader(reader)?.into())
738    }
739}
740
741impl<T, const N: usize> BorshDeserialize for [T; N]
742where
743    T: BorshDeserialize,
744{
745    #[inline]
746    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
747        struct ArrayDropGuard<T, const N: usize> {
748            buffer: [MaybeUninit<T>; N],
749            init_count: usize,
750        }
751        impl<T, const N: usize> Drop for ArrayDropGuard<T, N> {
752            fn drop(&mut self) {
753                let init_range = &mut self.buffer[..self.init_count];
754                // SAFETY: Elements up to self.init_count have been initialized. Assumes this value
755                //         is only incremented in `fill_buffer`, which writes the element before
756                //         increasing the init_count.
757                unsafe {
758                    core::ptr::drop_in_place(init_range as *mut _ as *mut [T]);
759                };
760            }
761        }
762        impl<T, const N: usize> ArrayDropGuard<T, N> {
763            unsafe fn transmute_to_array(mut self) -> [T; N] {
764                debug_assert_eq!(self.init_count, N);
765                // Set init_count to 0 so that the values do not get dropped twice.
766                self.init_count = 0;
767                // SAFETY: This cast is required because `mem::transmute` does not work with
768                //         const generics https://github.com/rust-lang/rust/issues/61956. This
769                //         array is guaranteed to be initialized by this point.
770                core::ptr::read(&self.buffer as *const _ as *const [T; N])
771            }
772            fn fill_buffer(&mut self, mut f: impl FnMut() -> Result<T>) -> Result<()> {
773                // TODO: replace with `core::array::try_from_fn` when stabilized to avoid manually
774                // dropping uninitialized values through the guard drop.
775                for elem in self.buffer.iter_mut() {
776                    elem.write(f()?);
777                    self.init_count += 1;
778                }
779                Ok(())
780            }
781        }
782
783        if let Some(arr) = T::array_from_reader(reader)? {
784            Ok(arr)
785        } else {
786            let mut result = ArrayDropGuard {
787                buffer: unsafe { MaybeUninit::uninit().assume_init() },
788                init_count: 0,
789            };
790
791            result.fill_buffer(|| T::deserialize_reader(reader))?;
792
793            // SAFETY: The elements up to `i` have been initialized in `fill_buffer`.
794            Ok(unsafe { result.transmute_to_array() })
795        }
796    }
797}
798
799#[test]
800fn array_deserialization_doesnt_leak() {
801    use core::sync::atomic::{AtomicUsize, Ordering};
802
803    static DESERIALIZE_COUNT: AtomicUsize = AtomicUsize::new(0);
804    static DROP_COUNT: AtomicUsize = AtomicUsize::new(0);
805
806    #[allow(unused)]
807    struct MyType(u8);
808    impl BorshDeserialize for MyType {
809        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
810            let val = u8::deserialize_reader(reader)?;
811            let v = DESERIALIZE_COUNT.fetch_add(1, Ordering::SeqCst);
812            if v >= 7 {
813                panic!("panic in deserialize");
814            }
815            Ok(MyType(val))
816        }
817    }
818    impl Drop for MyType {
819        fn drop(&mut self) {
820            DROP_COUNT.fetch_add(1, Ordering::SeqCst);
821        }
822    }
823
824    assert!(<[MyType; 5] as BorshDeserialize>::deserialize(&mut &[0u8; 3][..]).is_err());
825    assert_eq!(DESERIALIZE_COUNT.load(Ordering::SeqCst), 3);
826    assert_eq!(DROP_COUNT.load(Ordering::SeqCst), 3);
827
828    assert!(<[MyType; 2] as BorshDeserialize>::deserialize(&mut &[0u8; 2][..]).is_ok());
829    assert_eq!(DESERIALIZE_COUNT.load(Ordering::SeqCst), 5);
830    assert_eq!(DROP_COUNT.load(Ordering::SeqCst), 5);
831
832    #[cfg(feature = "std")]
833    {
834        // Test that during a panic in deserialize, the values are still dropped.
835        let result = std::panic::catch_unwind(|| {
836            <[MyType; 3] as BorshDeserialize>::deserialize(&mut &[0u8; 3][..]).unwrap();
837        });
838        assert!(result.is_err());
839        assert_eq!(DESERIALIZE_COUNT.load(Ordering::SeqCst), 8);
840        assert_eq!(DROP_COUNT.load(Ordering::SeqCst), 7); // 5 because 6 panicked and was not init
841    }
842}
843
844macro_rules! impl_tuple {
845    (@unit $name:ty) => {
846        impl BorshDeserialize for $name {
847            #[inline]
848            fn deserialize_reader<R: Read>(_reader: &mut R) -> Result<Self> {
849                Ok(<$name>::default())
850            }
851        }
852    };
853
854    ($($name:ident)+) => {
855      impl<$($name),+> BorshDeserialize for ($($name,)+)
856      where $($name: BorshDeserialize,)+
857      {
858        #[inline]
859        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
860
861            Ok(($($name::deserialize_reader(reader)?,)+))
862        }
863      }
864    };
865}
866
867impl_tuple!(@unit ());
868impl_tuple!(@unit core::ops::RangeFull);
869
870impl_tuple!(T0);
871impl_tuple!(T0 T1);
872impl_tuple!(T0 T1 T2);
873impl_tuple!(T0 T1 T2 T3);
874impl_tuple!(T0 T1 T2 T3 T4);
875impl_tuple!(T0 T1 T2 T3 T4 T5);
876impl_tuple!(T0 T1 T2 T3 T4 T5 T6);
877impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7);
878impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8);
879impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9);
880impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10);
881impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11);
882impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12);
883impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13);
884impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14);
885impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15);
886impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16);
887impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17);
888impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18);
889impl_tuple!(T0 T1 T2 T3 T4 T5 T6 T7 T8 T9 T10 T11 T12 T13 T14 T15 T16 T17 T18 T19);
890
891macro_rules! impl_range {
892    ($type:ident, $make:expr, $($side:ident),*) => {
893        impl<T: BorshDeserialize> BorshDeserialize for core::ops::$type<T> {
894            #[inline]
895            fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
896                let ($($side,)*) = <_>::deserialize_reader(reader)?;
897                Ok($make)
898            }
899        }
900    };
901}
902
903impl_range!(Range, start..end, start, end);
904impl_range!(RangeInclusive, start..=end, start, end);
905impl_range!(RangeFrom, start.., start);
906impl_range!(RangeTo, ..end, end);
907impl_range!(RangeToInclusive, ..=end, end);
908
909/// Module is available if borsh is built with `features = ["rc"]`.
910#[cfg(feature = "rc")]
911pub mod rc {
912    //!
913    //! Module defines [BorshDeserialize] implementation for
914    //! [alloc::rc::Rc](std::rc::Rc) and [alloc::sync::Arc](std::sync::Arc).
915    use crate::__private::maybestd::{boxed::Box, rc::Rc, sync::Arc};
916    use crate::io::{Read, Result};
917    use crate::BorshDeserialize;
918
919    /// This impl requires the [`"rc"`] Cargo feature of borsh.
920    ///
921    /// Deserializing a data structure containing `Rc` will not attempt to
922    /// deduplicate `Rc` references to the same data. Every deserialized `Rc`
923    /// will end up with a strong count of 1.
924    impl<T: ?Sized> BorshDeserialize for Rc<T>
925    where
926        Box<T>: BorshDeserialize,
927    {
928        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
929            Ok(Box::<T>::deserialize_reader(reader)?.into())
930        }
931    }
932
933    /// This impl requires the [`"rc"`] Cargo feature of borsh.
934    ///
935    /// Deserializing a data structure containing `Arc` will not attempt to
936    /// deduplicate `Arc` references to the same data. Every deserialized `Arc`
937    /// will end up with a strong count of 1.
938    impl<T: ?Sized> BorshDeserialize for Arc<T>
939    where
940        Box<T>: BorshDeserialize,
941    {
942        fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
943            Ok(Box::<T>::deserialize_reader(reader)?.into())
944        }
945    }
946}
947
948impl<T: ?Sized> BorshDeserialize for PhantomData<T> {
949    fn deserialize_reader<R: Read>(_: &mut R) -> Result<Self> {
950        Ok(PhantomData)
951    }
952}
953
954impl<T> BorshDeserialize for core::cell::Cell<T>
955where
956    T: BorshDeserialize + Copy,
957{
958    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
959        <T as BorshDeserialize>::deserialize_reader(reader).map(core::cell::Cell::new)
960    }
961}
962
963impl<T> BorshDeserialize for core::cell::RefCell<T>
964where
965    T: BorshDeserialize,
966{
967    fn deserialize_reader<R: Read>(reader: &mut R) -> Result<Self> {
968        <T as BorshDeserialize>::deserialize_reader(reader).map(core::cell::RefCell::new)
969    }
970}
971
972/// Deserializes an object from a slice of bytes.
973/// # Example
974/// ```
975/// use borsh::{BorshDeserialize, BorshSerialize, from_slice, to_vec};
976///
977/// /// derive is only available if borsh is built with `features = ["derive"]`
978/// # #[cfg(feature = "derive")]
979/// #[derive(BorshSerialize, BorshDeserialize, PartialEq, Debug)]
980/// struct MyStruct {
981///    a: u64,
982///    b: Vec<u8>,
983/// }
984///
985/// # #[cfg(feature = "derive")]
986/// let original = MyStruct { a: 10, b: vec![1, 2, 3] };
987/// # #[cfg(feature = "derive")]
988/// let encoded = to_vec(&original).unwrap();
989/// # #[cfg(feature = "derive")]
990/// let decoded = from_slice::<MyStruct>(&encoded).unwrap();
991/// # #[cfg(feature = "derive")]
992/// assert_eq!(original, decoded);
993/// ```
994/// # Panics
995/// If the data is invalid, this function will panic.
996/// # Errors
997/// If the data is invalid, this function will return an error.
998/// # Note
999/// This function will return an error if the data is not fully read.
1000pub fn from_slice<T: BorshDeserialize>(v: &[u8]) -> Result<T> {
1001    let mut v_mut = v;
1002    let object = T::deserialize(&mut v_mut)?;
1003    if !v_mut.is_empty() {
1004        return Err(Error::new(
1005            ErrorKind::InvalidData,
1006            crate::de::ERROR_NOT_ALL_BYTES_READ,
1007        ));
1008    }
1009    Ok(object)
1010}
1011
1012/// Deserializes an object from a reader.
1013/// # Example
1014/// ```
1015/// use borsh::{BorshDeserialize, BorshSerialize, from_reader, to_vec};
1016///
1017/// /// derive is only available if borsh is built with `features = ["derive"]`
1018/// # #[cfg(feature = "derive")]
1019/// #[derive(BorshSerialize, BorshDeserialize, PartialEq, Debug)]
1020/// struct MyStruct {
1021///     a: u64,
1022///     b: Vec<u8>,
1023/// }
1024///
1025/// # #[cfg(feature = "derive")]
1026/// let original = MyStruct { a: 10, b: vec![1, 2, 3] };
1027/// # #[cfg(feature = "derive")]
1028/// let encoded = to_vec(&original).unwrap();
1029/// # #[cfg(feature = "derive")]
1030/// let decoded = from_reader::<_, MyStruct>(&mut encoded.as_slice()).unwrap();
1031/// # #[cfg(feature = "derive")]
1032/// assert_eq!(original, decoded);
1033/// ```
1034pub fn from_reader<R: Read, T: BorshDeserialize>(reader: &mut R) -> Result<T> {
1035    let result = T::deserialize_reader(reader)?;
1036    let mut buf = [0u8; 1];
1037    match reader.read_exact(&mut buf) {
1038        Err(f) if f.kind() == ErrorKind::UnexpectedEof => Ok(result),
1039        _ => Err(Error::new(ErrorKind::InvalidData, ERROR_NOT_ALL_BYTES_READ)),
1040    }
1041}