[kdbus] KDBUS_ITEM_PAYLOAD_OFF items are (once again) relative to msg header

[platform/upstream/glib.git] / glib / gvariant-core.c

/*
 * Copyright © 2007, 2008 Ryan Lortie
 * Copyright © 2010 Codethink Limited
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 */

#include "config.h"

#include <glib/gvariant-core.h>
#include "glib-private.h"

#include <glib/gvariant-serialiser.h>
#include <glib/gtestutils.h>
#include <glib/gbitlock.h>
#include <glib/gatomic.h>
#include <glib/gbytes.h>
#include <glib/gslice.h>
#include <glib/gmem.h>
#include <string.h>


/*
 * This file includes the structure definition for GVariant and a small
 * set of functions that are allowed to access the structure directly.
 *
 * This minimises the amount of code that can possibly touch a GVariant
 * structure directly to a few simple fundamental operations.  These few
 * operations are written to be completely threadsafe with respect to
 * all possible outside access.  This means that we only need to be
 * concerned about thread safety issues in this one small file.
 *
 * Most GVariant API functions are in gvariant.c.
 */

/**
 * GVariant:
 *
 * #GVariant is an opaque data structure and can only be accessed
 * using the following functions.
 *
 * Since: 2.24
 **/
struct _GVariant
/* see below for field member documentation */
{
  GVariantTypeInfo *type_info;
  gsize size;

  union
  {
    struct
    {
      GBytes *bytes;
      gconstpointer data;
    } serialised;

    struct
    {
      GVariant **children;
      gsize n_children;
    } tree;
  } contents;

  gint state;
  gint ref_count;
};

/* struct GVariant:
 *
 * There are two primary forms of GVariant instances: "serialised form"
 * and "tree form".
 *
 * "serialised form": A serialised GVariant instance stores its value in
 *                    the GVariant serialisation format.  All
 *                    basic-typed instances (ie: non-containers) are in
 *                    serialised format, as are some containers.
 *
 * "tree form": Some containers are in "tree form".  In this case,
 *              instead of containing the serialised data for the
 *              container, the instance contains an array of pointers to
 *              the child values of the container (thus forming a tree).
 *
 * It is possible for an instance to transition from tree form to
 * serialised form.  This happens, implicitly, if the serialised data is
 * requested (eg: via g_variant_get_data()).  Serialised form instances
 * never transition into tree form.
 *
 *
 * The fields of the structure are documented here:
 *
 * type_info: this is a reference to a GVariantTypeInfo describing the
 *            type of the instance.  When the instance is freed, this
 *            reference must be released with g_variant_type_info_unref().
 *
 *            The type_info field never changes during the life of the
 *            instance, so it can be accessed without a lock.
 *
 * size: this is the size of the serialised form for the instance.  It
 *       is known for serialised instances and also tree-form instances
 *       (for which it is calculated at construction time, from the
 *       known sizes of the children used).  After construction, it
 *       never changes and therefore can be accessed without a lock.
 *
 * contents: a union containing either the information associated with
 *           holding a value in serialised form or holding a value in
 *           tree form.
 *
 *   .serialised: Only valid when the instance is in serialised form.
 *
 *                Since an instance can never transition away from
 *                serialised form, once these fields are set, they will
 *                never be changed.  It is therefore valid to access
 *                them without holding a lock.
 *
 *     .bytes:  the #GBytes that contains the memory pointed to by
 *              .data, or %NULL if .data is %NULL.  In the event that
 *              the instance was deserialised from another instance,
 *              then the bytes will be shared by both of them.  When
 *              the instance is freed, this reference must be released
 *              with g_bytes_unref().
 *
 *     .data: the serialised data (of size 'size') of the instance.
 *            This pointer should not be freed or modified in any way.
 *            #GBytes is responsible for memory management.
 *
 *            This pointer may be %NULL in two cases:
 *
 *              - if the serialised size of the instance is 0
 *
 *              - if the instance is of a fixed-sized type and was
 *                deserialised out of a corrupted container such that
 *                the container contains too few bytes to point to the
 *                entire proper fixed-size of this instance.  In this
 *                case, 'size' will still be equal to the proper fixed
 *                size, but this pointer will be %NULL.  This is exactly
 *                the reason that g_variant_get_data() sometimes returns
 *                %NULL.  For all other calls, the effect should be as
 *                if .data pointed to the appropriate number of nul
 *                bytes.
 *
 *   .tree: Only valid when the instance is in tree form.
 *
 *          Note that accesses from other threads could result in
 *          conversion of the instance from tree form to serialised form
 *          at any time.  For this reason, the instance lock must always
 *          be held while performing any operations on 'contents.tree'.
 *
 *     .children: the array of the child instances of this instance.
 *                When the instance is freed (or converted to serialised
 *                form) then each child must have g_variant_unref()
 *                called on it and the array must be freed using
 *                g_free().
 *
 *     .n_children: the number of items in the .children array.
 *
 * state: a bitfield describing the state of the instance.  It is a
 *        bitwise-or of the following STATE_* constants:
 *
 *    STATE_LOCKED: the instance lock is held.  This is the bit used by
 *                  g_bit_lock().
 *
 *    STATE_SERIALISED: the instance is in serialised form.  If this
 *                      flag is not set then the instance is in tree
 *                      form.
 *
 *    STATE_TRUSTED: for serialised form instances, this means that the
 *                   serialised data is known to be in normal form (ie:
 *                   not corrupted).
 *
 *                   For tree form instances, this means that all of the
 *                   child instances in the contents.tree.children array
 *                   are trusted.  This means that if the container is
 *                   serialised then the resulting data will be in
 *                   normal form.
 *
 *                   If this flag is unset it does not imply that the
 *                   data is corrupted.  It merely means that we're not
 *                   sure that it's valid.  See g_variant_is_trusted().
 *
 *    STATE_FLOATING: if this flag is set then the object has a floating
 *                    reference.  See g_variant_ref_sink().
 *
 * ref_count: the reference count of the instance
 */
#define STATE_LOCKED     1
#define STATE_SERIALISED 2
#define STATE_TRUSTED    4
#define STATE_FLOATING   8

/* -- private -- */
/* < private >
 * g_variant_lock:
 * @value: a #GVariant
 *
 * Locks @value for performing sensitive operations.
 */
static void
g_variant_lock (GVariant *value)
{
  g_bit_lock (&value->state, 0);
}

/* < private >
 * g_variant_unlock:
 * @value: a #GVariant
 *
 * Unlocks @value after performing sensitive operations.
 */
static void
g_variant_unlock (GVariant *value)
{
  g_bit_unlock (&value->state, 0);
}

/* < private >
 * g_variant_release_children:
 * @value: a #GVariant
 *
 * Releases the reference held on each child in the 'children' array of
 * @value and frees the array itself.  @value must be in tree form.
 *
 * This is done when freeing a tree-form instance or converting it to
 * serialised form.
 *
 * The current thread must hold the lock on @value.
 */
static void
g_variant_release_children (GVariant *value)
{
  gsize i;

  g_assert (value->state & STATE_LOCKED);
  g_assert (~value->state & STATE_SERIALISED);

  for (i = 0; i < value->contents.tree.n_children; i++)
    g_variant_unref (value->contents.tree.children[i]);

  g_free (value->contents.tree.children);
}

/* < private >
 * g_variant_lock_in_tree_form:
 * @value: a #GVariant
 *
 * Locks @value if it is in tree form.
 *
 * Returns: %TRUE if @value is now in tree form with the lock acquired
 */
static gboolean
g_variant_lock_in_tree_form (GVariant *value)
{
  if (g_atomic_int_get (&value->state) & STATE_SERIALISED)
    return FALSE;

  g_variant_lock (value);

  if (value->state & STATE_SERIALISED)
    {
      g_variant_unlock (value);
      return FALSE;
    }

  return TRUE;
}

/* This begins the main body of the recursive serialiser.
 *
 * There are 3 functions here that work as a team with the serialiser to
 * get things done.  g_variant_store() has a trivial role, but as a
 * public API function, it has its definition elsewhere.
 *
 * Note that "serialisation" of an instance does not mean that the
 * instance is converted to serialised form -- it means that the
 * serialised form of an instance is written to an external buffer.
 * g_variant_ensure_serialised() (which is not part of this set of
 * functions) is the function that is responsible for converting an
 * instance to serialised form.
 *
 * We are only concerned here with container types since non-container
 * instances are always in serialised form.  For these instances,
 * storing their serialised form merely involves a memcpy().
 *
 * Converting to serialised form:
 *
 *   The first step in the process of converting a GVariant to
 *   serialised form is to allocate a buffer.  The size of the buffer is
 *   always known because we computed at construction time of the
 *   GVariant.
 *
 *   After the buffer has been allocated, g_variant_serialise() is
 *   called on the container.  This invokes the serialiser code to write
 *   the bytes to the container.  The serialiser is passed
 *   g_variant_fill_gvs() as a callback.
 *
 *   At the time that g_variant_fill_gvs() is called for each child, the
 *   child is given a pointer to a sub-region of the allocated buffer
 *   where it should write its data.  This is done by calling
 *   g_variant_store().  In the event that the instance is in serialised
 *   form this means a memcpy() of the serialised data into the
 *   allocated buffer.  In the event that the instance is in tree form
 *   this means a recursive call back into g_variant_serialise().
 *
 *
 * The forward declaration here allows corecursion via callback:
 */
static void g_variant_fill_gvs (GVariantSerialised *, gpointer);

/* < private >
 * g_variant_serialise:
 * @value: a #GVariant
 * @data: an appropriately-sized buffer
 *
 * Serialises @value into @data.  @value must be in tree form.
 *
 * No change is made to @value.
 *
 * The current thread must hold the lock on @value.
 */
static void
g_variant_serialise (GVariant *value,
                     gpointer  data)
{
  GVariantSerialised serialised = { 0, };
  gpointer *children;
  gsize n_children;

  g_assert (~value->state & STATE_SERIALISED);
  g_assert (value->state & STATE_LOCKED);

  serialised.type_info = value->type_info;
  serialised.size = value->size;
  serialised.data = data;

  children = (gpointer *) value->contents.tree.children;
  n_children = value->contents.tree.n_children;

  g_variant_serialiser_serialise (serialised, g_variant_fill_gvs,
                                  children, n_children);
}

/* < private >
 * g_variant_fill_gvs:
 * @serialised: a pointer to a #GVariantSerialised
 * @data: a #GVariant instance
 *
 * This is the callback that is passed by a tree-form container instance
 * to the serialiser.  This callback gets called on each child of the
 * container.  Each child is responsible for performing the following
 * actions:
 *
 *  - reporting its type
 *
 *  - reporting its serialised size
 *
 *  - possibly storing its serialised form into the provided buffer
 *
 * This callback is also used during g_variant_new_from_children() in
 * order to discover the size and type of each child.
 */
static void
g_variant_fill_gvs (GVariantSerialised *serialised,
                    gpointer            data)
{
  GVariant *value = data;

  if (serialised->type_info == NULL)
    serialised->type_info = value->type_info;
  g_assert (serialised->type_info == value->type_info);

  if (serialised->size == 0)
    serialised->size = value->size;
  g_assert (serialised->size == value->size);

  if (serialised->data)
    /* g_variant_store() is a public API, so it
     * it will reacquire the lock if it needs to.
     */
    g_variant_store (value, serialised->data);
}

/* this ends the main body of the recursive serialiser */

/* < private >
 * g_variant_ensure_serialised:
 * @value: a #GVariant
 *
 * Ensures that @value is in serialised form.
 *
 * If @value is in tree form then this function allocates a buffer of
 * that size and serialises the instance into the buffer.  The
 * 'children' array is then released and the instance is set to
 * serialised form based on the contents of the buffer.
 */
static void
g_variant_ensure_serialised (GVariant *value)
{
  if (g_variant_lock_in_tree_form (value))
    {
      GBytes *bytes;
      gpointer data;

      data = g_malloc (value->size);
      g_variant_serialise (value, data);

      g_variant_release_children (value);

      bytes = g_bytes_new_take (data, value->size);
      value->contents.serialised.data = g_bytes_get_data (bytes, NULL);
      value->contents.serialised.bytes = bytes;
      value->state |= STATE_SERIALISED;

      g_variant_unlock (value);
    }
}

/* Now we have the code to recursively serialise a GVariant into a
 * GVariantVectors structure.
 *
 * We want to do this in cases where the GVariant contains large chunks
 * of serialised data in order to avoid having to copy this data.
 *
 * This generally works the same as normal serialising (co-recursion
 * with the serialiser) but instead of using a callback we just hard-code
 * the callback with the name g_variant_callback_write_to_vectors().
 *
 * This is a private API that will be used by GDBus.
 */
gsize
g_variant_callback_write_to_vectors (GVariantVectors   *vectors,
                                     gpointer           data,
                                     GVariantTypeInfo **type_info)
{
  GVariant *value = data;

  if (g_variant_lock_in_tree_form (value))
    {
      g_variant_serialiser_write_to_vectors (vectors, value->type_info, value->size,
                                             (gpointer *) value->contents.tree.children,
                                             value->contents.tree.n_children);

      g_variant_unlock (value);
    }
  else
    g_variant_vectors_append_gbytes (vectors, value->contents.serialised.bytes,
                                     value->contents.serialised.data, value->size);

  if (type_info)
    *type_info = value->type_info;

  return value->size;
}

/* < private >
 * g_variant_serialise_to_vectors:
 * @value: a #GVariant
 * @vectors: (out): the result
 *
 * Serialises @value into @vectors.
 *
 * The caller must free @vectors.
 */
void
g_variant_to_vectors (GVariant        *value,
                      GVariantVectors *vectors)
{
  g_variant_vectors_init (vectors);

  g_variant_callback_write_to_vectors (vectors, value, NULL);
}

/* < private >
 * g_variant_alloc:
 * @type_info: (transfer full) the type info of the new instance
 * @serialised: if the instance will be in serialised form
 * @trusted: if the instance will be trusted
 *
 * Allocates a #GVariant instance and does some common work (such as
 * looking up and filling in the type info), setting the state field,
 * and setting the ref_count to 1.
 *
 * Returns: a new #GVariant with a floating reference
 */
static GVariant *
g_variant_alloc (GVariantTypeInfo *type_info,
                 gboolean          serialised,
                 gboolean          trusted)
{
  GVariant *value;

  value = g_slice_new (GVariant);
  value->type_info = type_info;
  value->state = (serialised ? STATE_SERIALISED : 0) |
                 (trusted ? STATE_TRUSTED : 0) |
                 STATE_FLOATING;
  value->ref_count = 1;

  return value;
}

/* -- internal -- */

/* < internal >
 * g_variant_new_from_children:
 * @type_info: (transfer full) a #GVariantTypeInfo
 * @children: an array of #GVariant pointers.  Consumed.
 * @n_children: the length of @children
 * @trusted: %TRUE if every child in @children in trusted
 *
 * Constructs a new tree-mode #GVariant instance.  This is the inner
 * interface for creation of new tree-mode values that gets called from
 * various functions in gvariant.c.
 *
 * @children is consumed by this function.  g_free() will be called on
 * it some time later.
 *
 * Returns: a new #GVariant with a floating reference
 */
GVariant *
g_variant_new_from_children (GVariantTypeInfo  *type_info,
                             GVariant         **children,
                             gsize              n_children,
                             gboolean           trusted)
{
  GVariant *value;

  value = g_variant_alloc (type_info, FALSE, trusted);
  value->contents.tree.children = children;
  value->contents.tree.n_children = n_children;
  value->size = g_variant_serialiser_needed_size (value->type_info, g_variant_fill_gvs,
                                                  (gpointer *) children, n_children);

  return value;
}

/* < internal >
 * g_variant_new_serialised:
 * @type_info: (transfer full): a #GVariantTypeInfo
 * @bytes: (transfer full): the #GBytes holding @data
 * @data: a pointer to the serialised data
 * @size: the size of @data, in bytes
 * @trusted: %TRUE if @data is trusted
 *
 * Constructs a new serialised #GVariant instance.  This is the inner
 * interface for creation of new serialised values that gets called from
 * various functions in gvariant.c.
 *
 * @bytes is consumed by this function.  g_bytes_unref() will be called
 * on it some time later.
 *
 * Returns: a new #GVariant with a floating reference
 */
GVariant *
g_variant_new_serialised (GVariantTypeInfo *type_info,
                          GBytes           *bytes,
                          gconstpointer     data,
                          gsize             size,
                          gboolean          trusted)
{
  GVariant *value;
  gsize fixed_size;

  value = g_variant_alloc (type_info, TRUE, trusted);
  value->contents.serialised.bytes = bytes;
  value->contents.serialised.data = data;
  value->size = size;

  g_variant_type_info_query (value->type_info, NULL, &fixed_size);
  if G_UNLIKELY (fixed_size && size != fixed_size)
    {
      /* Creating a fixed-sized GVariant with a bytes of the wrong
       * size.
       *
       * We should do the equivalent of pulling a fixed-sized child out
       * of a broken container (ie: data is NULL size is equal to the correct
       * fixed size).
       *
       * This really ought not to happen if the data is trusted...
       */
      if (trusted)
        g_error ("Attempting to create a trusted GVariant instance out of invalid data");

      /* We hang on to the GBytes (even though we don't use it anymore)
       * because every GVariant must have a GBytes.
       */
      value->contents.serialised.data = NULL;
      value->size = fixed_size;
    }

  return value;
}

/* < internal >
 * g_variant_get_type_info:
 * @value: a #GVariant
 *
 * Returns the #GVariantTypeInfo corresponding to the type of @value.  A
 * reference is not added, so the return value is only good for the
 * duration of the life of @value.
 *
 * Returns: the #GVariantTypeInfo for @value
 */
GVariantTypeInfo *
g_variant_get_type_info (GVariant *value)
{
  return value->type_info;
}

/* < internal >
 * g_variant_is_trusted:
 * @value: a #GVariant
 *
 * Determines if @value is trusted by #GVariant to contain only
 * fully-valid data.  All values constructed solely via #GVariant APIs
 * are trusted, but values containing data read in from other sources
 * are usually not trusted.
 *
 * The main advantage of trusted data is that certain checks can be
 * skipped.  For example, we don't need to check that a string is
 * properly nul-terminated or that an object path is actually a
 * properly-formatted object path.
 *
 * Returns: if @value is trusted
 */
gboolean
g_variant_is_trusted (GVariant *value)
{
  return (value->state & STATE_TRUSTED) != 0;
}

/* < internal >
 * g_variant_get_serialised:
 * @value: a #GVariant
 * @bytes: (out) (transfer none): a location to store the #GBytes
 * @size: (out): a location to store the size of the returned data
 *
 * Ensures that @value is in serialised form and returns information
 * about it.  This is called from various APIs in gvariant.c
 *
 * Returns: data, of length @size
 */
gconstpointer
g_variant_get_serialised (GVariant  *value,
                          GBytes   **bytes,
                          gsize     *size)
{
  g_variant_ensure_serialised (value);

  if (bytes)
    *bytes = value->contents.serialised.bytes;

  *size = value->size;

  return value->contents.serialised.data;
}

static GVariant *
g_variant_vector_deserialise (GVariantTypeInfo *type_info,
                              GVariantVector   *first_vector,
                              GVariantVector   *last_vector,
                              gsize             size,
                              gboolean          trusted,
                              GArray           *unpacked_children)
{
  g_assert (size > 0);

  if (first_vector < last_vector)
    {
      GVariantVector *vector = first_vector;
      const guchar *end_pointer;
      GVariant **children;
      guint save_point;
      guint n_children;
      gboolean failed;
      guint i;

      end_pointer = last_vector->data.pointer + last_vector->size;
      save_point = unpacked_children->len;

      if (!g_variant_serialiser_unpack_all (type_info, end_pointer, last_vector->size, size, unpacked_children))
        {
          for (i = save_point; i < unpacked_children->len; i++)
            g_variant_type_info_unref (g_array_index (unpacked_children, GVariantUnpacked, i).type_info);
          g_array_set_size (unpacked_children, save_point);

          g_variant_type_info_unref (type_info);

          return NULL;
        }

      n_children = unpacked_children->len - save_point;
      children = g_new (GVariant *, n_children);
      failed = FALSE;

      for (i = 0; i < n_children; i++)
        {
          GVariantUnpacked *unpacked = &g_array_index (unpacked_children, GVariantUnpacked, save_point + i);
          const guchar *resume_at_data;
          gsize resume_at_size;
          GVariantVector *fv;

          /* Skip the alignment.
           *
           * We can destroy vectors because we won't be going back.
           *
           * We do a >= compare because we want to go to the next vector
           * if it is the start of our child.
           */
          while (unpacked->skip >= vector->size)
            {
              unpacked->skip -= vector->size;
              vector++;
            }
          g_assert (vector <= last_vector);

          fv = vector;
          fv->data.pointer += unpacked->skip;
          fv->size -= unpacked->skip;

          if (unpacked->size == 0)
            {
              children[i] = g_variant_new_serialised (unpacked->type_info, g_bytes_new (NULL, 0), NULL, 0, trusted);
              g_variant_ref_sink (children[i]);
              continue;
            }

          /* Now skip to the end, according to 'size'.
           *
           * We cannot destroy everything here because we will probably
           * end up reusing the last one.
           *
           * We do a > compare because we want to stay on this vector if
           * it is the end of our child.
           */
          size = unpacked->size;
          while (unpacked->size > vector->size)
            {
              unpacked->size -= vector->size;
              vector++;
            }
          g_assert (vector <= last_vector);

          /* We have to modify the vectors for the benefit of the
           * recursive step.  We also have to remember where we left
           * off, keeping in mind that the recursive step may itself
           * modify the vectors.
           */
          resume_at_data = vector->data.pointer + unpacked->size;
          resume_at_size = vector->size - unpacked->size;
          vector->size = unpacked->size;

          children[i] = g_variant_vector_deserialise (unpacked->type_info, fv, vector,
                                                      size, trusted, unpacked_children);

          vector->data.pointer = resume_at_data;
          vector->size = resume_at_size;

          if (children[i])
            g_variant_ref_sink (children[i]);
          else
            failed = TRUE;
        }

      /* We consumed all the type infos */
      g_array_set_size (unpacked_children, save_point);

      if G_UNLIKELY (failed)
        {
          for (i = 0; i < n_children; i++)
            if (children[i])
              g_variant_unref (children[i]);

          g_variant_type_info_unref (type_info);
          g_free (children);

          return NULL;
        }

      return g_variant_new_from_children (type_info, children, n_children, trusted);
    }
  else
    {
      g_assert (first_vector == last_vector);
      g_assert (size == first_vector->size);

      return g_variant_new_serialised (type_info, g_bytes_ref (first_vector->gbytes),
                                       first_vector->data.pointer, size, trusted);
    }
}

GVariant *
g_variant_from_vectors (const GVariantType *type,
                        GVariantVector     *vectors,
                        gsize               n_vectors,
                        gsize               size,
                        gboolean            trusted)
{
  GVariant *result;
  GArray *tmp;

  g_return_val_if_fail (vectors != NULL || n_vectors == 0, NULL);

  if (size == 0)
    return g_variant_new_serialised (g_variant_type_info_get (type), g_bytes_new (NULL, 0), NULL, 0, trusted);

  tmp = g_array_new (FALSE, FALSE, sizeof (GVariantUnpacked));
  result = g_variant_vector_deserialise (g_variant_type_info_get (type),
                                         vectors, vectors + n_vectors - 1, size, trusted, tmp);
  if (result)
    g_variant_ref_sink (result);
  g_array_free (tmp, TRUE);

  return result;
}

/* -- public -- */

/**
 * g_variant_unref:
 * @value: a #GVariant
 *
 * Decreases the reference count of @value.  When its reference count
 * drops to 0, the memory used by the variant is freed.
 *
 * Since: 2.24
 **/
void
g_variant_unref (GVariant *value)
{
  g_return_if_fail (value != NULL);
  g_return_if_fail (value->ref_count > 0);

  if (g_atomic_int_dec_and_test (&value->ref_count))
    {
      if G_UNLIKELY (value->state & STATE_LOCKED)
        g_critical ("attempting to free a locked GVariant instance.  "
                    "This should never happen.");

      value->state |= STATE_LOCKED;

      g_variant_type_info_unref (value->type_info);

      if (value->state & STATE_SERIALISED)
        g_bytes_unref (value->contents.serialised.bytes);
      else
        g_variant_release_children (value);

      memset (value, 0, sizeof (GVariant));
      g_slice_free (GVariant, value);
    }
}

/**
 * g_variant_ref:
 * @value: a #GVariant
 *
 * Increases the reference count of @value.
 *
 * Returns: the same @value
 *
 * Since: 2.24
 **/
GVariant *
g_variant_ref (GVariant *value)
{
  g_return_val_if_fail (value != NULL, NULL);
  g_return_val_if_fail (value->ref_count > 0, NULL);

  g_atomic_int_inc (&value->ref_count);

  return value;
}

/**
 * g_variant_ref_sink:
 * @value: a #GVariant
 *
 * #GVariant uses a floating reference count system.  All functions with
 * names starting with `g_variant_new_` return floating
 * references.
 *
 * Calling g_variant_ref_sink() on a #GVariant with a floating reference
 * will convert the floating reference into a full reference.  Calling
 * g_variant_ref_sink() on a non-floating #GVariant results in an
 * additional normal reference being added.
 *
 * In other words, if the @value is floating, then this call "assumes
 * ownership" of the floating reference, converting it to a normal
 * reference.  If the @value is not floating, then this call adds a
 * new normal reference increasing the reference count by one.
 *
 * All calls that result in a #GVariant instance being inserted into a
 * container will call g_variant_ref_sink() on the instance.  This means
 * that if the value was just created (and has only its floating
 * reference) then the container will assume sole ownership of the value
 * at that point and the caller will not need to unreference it.  This
 * makes certain common styles of programming much easier while still
 * maintaining normal refcounting semantics in situations where values
 * are not floating.
 *
 * Returns: the same @value
 *
 * Since: 2.24
 **/
GVariant *
g_variant_ref_sink (GVariant *value)
{
  g_return_val_if_fail (value != NULL, NULL);
  g_return_val_if_fail (value->ref_count > 0, NULL);

  g_variant_lock (value);

  if (~value->state & STATE_FLOATING)
    g_variant_ref (value);
  else
    value->state &= ~STATE_FLOATING;

  g_variant_unlock (value);

  return value;
}

/**
 * g_variant_take_ref:
 * @value: a #GVariant
 *
 * If @value is floating, sink it.  Otherwise, do nothing.
 *
 * Typically you want to use g_variant_ref_sink() in order to
 * automatically do the correct thing with respect to floating or
 * non-floating references, but there is one specific scenario where
 * this function is helpful.
 *
 * The situation where this function is helpful is when creating an API
 * that allows the user to provide a callback function that returns a
 * #GVariant.  We certainly want to allow the user the flexibility to
 * return a non-floating reference from this callback (for the case
 * where the value that is being returned already exists).
 *
 * At the same time, the style of the #GVariant API makes it likely that
 * for newly-created #GVariant instances, the user can be saved some
 * typing if they are allowed to return a #GVariant with a floating
 * reference.
 *
 * Using this function on the return value of the user's callback allows
 * the user to do whichever is more convenient for them.  The caller
 * will alway receives exactly one full reference to the value: either
 * the one that was returned in the first place, or a floating reference
 * that has been converted to a full reference.
 *
 * This function has an odd interaction when combined with
 * g_variant_ref_sink() running at the same time in another thread on
 * the same #GVariant instance.  If g_variant_ref_sink() runs first then
 * the result will be that the floating reference is converted to a hard
 * reference.  If g_variant_take_ref() runs first then the result will
 * be that the floating reference is converted to a hard reference and
 * an additional reference on top of that one is added.  It is best to
 * avoid this situation.
 *
 * Returns: the same @value
 **/
GVariant *
g_variant_take_ref (GVariant *value)
{
  g_return_val_if_fail (value != NULL, NULL);
  g_return_val_if_fail (value->ref_count > 0, NULL);

  g_atomic_int_and (&value->state, ~STATE_FLOATING);

  return value;
}

/**
 * g_variant_is_floating:
 * @value: a #GVariant
 *
 * Checks whether @value has a floating reference count.
 *
 * This function should only ever be used to assert that a given variant
 * is or is not floating, or for debug purposes. To acquire a reference
 * to a variant that might be floating, always use g_variant_ref_sink()
 * or g_variant_take_ref().
 *
 * See g_variant_ref_sink() for more information about floating reference
 * counts.
 *
 * Returns: whether @value is floating
 *
 * Since: 2.26
 **/
gboolean
g_variant_is_floating (GVariant *value)
{
  g_return_val_if_fail (value != NULL, FALSE);

  return (value->state & STATE_FLOATING) != 0;
}

/**
 * g_variant_get_size:
 * @value: a #GVariant instance
 *
 * Determines the number of bytes that would be required to store @value
 * with g_variant_store().
 *
 * If @value has a fixed-sized type then this function always returned
 * that fixed size.
 *
 * In the case that @value is already in serialised form or the size has
 * already been calculated (ie: this function has been called before)
 * then this function is O(1).  Otherwise, the size is calculated, an
 * operation which is approximately O(n) in the number of values
 * involved.
 *
 * Returns: the serialised size of @value
 *
 * Since: 2.24
 **/
gsize
g_variant_get_size (GVariant *value)
{
  return value->size;
}

/**
 * g_variant_get_data:
 * @value: a #GVariant instance
 *
 * Returns a pointer to the serialised form of a #GVariant instance.
 * The returned data may not be in fully-normalised form if read from an
 * untrusted source.  The returned data must not be freed; it remains
 * valid for as long as @value exists.
 *
 * If @value is a fixed-sized value that was deserialised from a
 * corrupted serialised container then %NULL may be returned.  In this
 * case, the proper thing to do is typically to use the appropriate
 * number of nul bytes in place of @value.  If @value is not fixed-sized
 * then %NULL is never returned.
 *
 * In the case that @value is already in serialised form, this function
 * is O(1).  If the value is not already in serialised form,
 * serialisation occurs implicitly and is approximately O(n) in the size
 * of the result.
 *
 * To deserialise the data returned by this function, in addition to the
 * serialised data, you must know the type of the #GVariant, and (if the
 * machine might be different) the endianness of the machine that stored
 * it. As a result, file formats or network messages that incorporate
 * serialised #GVariants must include this information either
 * implicitly (for instance "the file always contains a
 * %G_VARIANT_TYPE_VARIANT and it is always in little-endian order") or
 * explicitly (by storing the type and/or endianness in addition to the
 * serialised data).
 *
 * Returns: (transfer none): the serialised form of @value, or %NULL
 *
 * Since: 2.24
 **/
gconstpointer
g_variant_get_data (GVariant *value)
{
  g_variant_ensure_serialised (value);

  return value->contents.serialised.data;
}


/**
 * g_variant_n_children:
 * @value: a container #GVariant
 *
 * Determines the number of children in a container #GVariant instance.
 * This includes variants, maybes, arrays, tuples and dictionary
 * entries.  It is an error to call this function on any other type of
 * #GVariant.
 *
 * For variants, the return value is always 1.  For values with maybe
 * types, it is always zero or one.  For arrays, it is the length of the
 * array.  For tuples it is the number of tuple items (which depends
 * only on the type).  For dictionary entries, it is always 2
 *
 * This function is O(1).
 *
 * Returns: the number of children in the container
 *
 * Since: 2.24
 **/
gsize
g_variant_n_children (GVariant *value)
{
  gsize n_children;

  if (g_variant_lock_in_tree_form (value))
    {
      n_children = value->contents.tree.n_children;
      g_variant_unlock (value);
    }
  else
    {
      GVariantSerialised serialised = {
        value->type_info,
        (gpointer) value->contents.serialised.data,
        value->size
      };

      n_children = g_variant_serialised_n_children (serialised);
    }

  return n_children;
}

/**
 * g_variant_get_child_value:
 * @value: a container #GVariant
 * @index_: the index of the child to fetch
 *
 * Reads a child item out of a container #GVariant instance.  This
 * includes variants, maybes, arrays, tuples and dictionary
 * entries.  It is an error to call this function on any other type of
 * #GVariant.
 *
 * It is an error if @index_ is greater than the number of child items
 * in the container.  See g_variant_n_children().
 *
 * The returned value is never floating.  You should free it with
 * g_variant_unref() when you're done with it.
 *
 * This function is O(1).
 *
 * Returns: (transfer full): the child at the specified index
 *
 * Since: 2.24
 **/
GVariant *
g_variant_get_child_value (GVariant *value,
                           gsize     index_)
{
  GVariant *child;

  g_return_val_if_fail (index_ < g_variant_n_children (value), NULL);

  if (g_variant_lock_in_tree_form (value))
    {

      child = g_variant_ref (value->contents.tree.children[index_]);
      g_variant_unlock (value);
    }
  else
    {
      GVariantSerialised serialised = {
        value->type_info,
        (gpointer) value->contents.serialised.data,
        value->size
      };
      GVariantSerialised s_child;

      /* get the serialiser to extract the serialised data for the child
       * from the serialised data for the container
       */
      s_child = g_variant_serialised_get_child (serialised, index_);

      /* create a new serialised instance out of it */
      child = g_variant_new_serialised (s_child.type_info,
                                        g_bytes_ref (value->contents.serialised.bytes),
                                        s_child.data, s_child.size,
                                        value->state & STATE_TRUSTED);
      child->state &= ~STATE_FLOATING;
    }

  return child;
}

/**
 * g_variant_store:
 * @value: the #GVariant to store
 * @data: the location to store the serialised data at
 *
 * Stores the serialised form of @value at @data.  @data should be
 * large enough.  See g_variant_get_size().
 *
 * The stored data is in machine native byte order but may not be in
 * fully-normalised form if read from an untrusted source.  See
 * g_variant_get_normal_form() for a solution.
 *
 * As with g_variant_get_data(), to be able to deserialise the
 * serialised variant successfully, its type and (if the destination
 * machine might be different) its endianness must also be available.
 *
 * This function is approximately O(n) in the size of @data.
 *
 * Since: 2.24
 **/
void
g_variant_store (GVariant *value,
                 gpointer  data)
{
  if (g_variant_lock_in_tree_form (value))
    {
      g_variant_serialise (value, data);
      g_variant_unlock (value);
    }
  else
    {
      if (value->contents.serialised.data != NULL)
        memcpy (data, value->contents.serialised.data, value->size);
      else
        memset (data, 0, value->size);
    }
}

/**
 * g_variant_is_normal_form:
 * @value: a #GVariant instance
 *
 * Checks if @value is in normal form.
 *
 * The main reason to do this is to detect if a given chunk of
 * serialised data is in normal form: load the data into a #GVariant
 * using g_variant_new_from_data() and then use this function to
 * check.
 *
 * If @value is found to be in normal form then it will be marked as
 * being trusted.  If the value was already marked as being trusted then
 * this function will immediately return %TRUE.
 *
 * Returns: %TRUE if @value is in normal form
 *
 * Since: 2.24
 **/
gboolean
g_variant_is_normal_form (GVariant *value)
{
  if (g_atomic_int_get (&value->state) & STATE_TRUSTED)
    return TRUE;

  /* We always take the lock here because we expect to find that the
   * value is in normal form and in that case, we need to update the
   * state, which requires holding the lock.
   */
  g_variant_lock (value);

  if (value->state & STATE_SERIALISED)
    {
      GVariantSerialised serialised = {
        value->type_info,
        (gpointer) value->contents.serialised.data,
        value->size
      };

      if (g_variant_serialised_is_normal (serialised))
        value->state |= STATE_TRUSTED;
    }
  else
    {
      gboolean normal = TRUE;
      gsize i;

      for (i = 0; i < value->contents.tree.n_children; i++)
        normal &= g_variant_is_normal_form (value->contents.tree.children[i]);

      if (normal)
        value->state |= STATE_TRUSTED;
    }

  g_variant_unlock (value);

  return (value->state & STATE_TRUSTED) != 0;
}