1 files changed, 23 insertions, 38 deletions
diff --git a/src/google/protobuf/io/coded_stream.h b/src/google/protobuf/io/coded_stream.h
index 02d87ea4..ec85147b 100644
--- a/src/google/protobuf/io/coded_stream.h
+++ b/src/google/protobuf/io/coded_stream.h
@@ -367,42 +367,32 @@ class LIBPROTOBUF_EXPORT CodedInputStream {
 
   // Total Bytes Limit -----------------------------------------------
   // To prevent malicious users from sending excessively large messages
-  // and causing integer overflows or memory exhaustion, CodedInputStream
-  // imposes a hard limit on the total number of bytes it will read.
+  // and causing memory exhaustion, CodedInputStream imposes a hard limit on
+  // the total number of bytes it will read.
 
   // Sets the maximum number of bytes that this CodedInputStream will read
-  // before refusing to continue.  To prevent integer overflows in the
-  // protocol buffers implementation, as well as to prevent servers from
-  // allocating enormous amounts of memory to hold parsed messages, the
-  // maximum message length should be limited to the shortest length that
-  // will not harm usability.  The theoretical shortest message that could
-  // cause integer overflows is 512MB.  The default limit is 64MB.  Apps
-  // should set shorter limits if possible.  For backwards compatibility all
-  // negative values get squashed to -1, as other negative values might have
-  // special internal meanings.  An error will always be printed to stderr if
-  // the limit is reached.
+  // before refusing to continue.  To prevent servers from allocating enormous
+  // amounts of memory to hold parsed messages, the maximum message length
+  // should be limited to the shortest length that will not harm usability.
+  // The default limit is INT_MAX (~2GB) and apps should set shorter limits
+  // if possible. An error will always be printed to stderr if the limit is
+  // reached.
   //
-  // This is unrelated to PushLimit()/PopLimit().
+  // Note: setting a limit less than the current read position is interpreted
+  // as a limit on the current position.
   //
-  // Hint:  If you are reading this because your program is printing a
-  //   warning about dangerously large protocol messages, you may be
-  //   confused about what to do next.  The best option is to change your
-  //   design such that excessively large messages are not necessary.
-  //   For example, try to design file formats to consist of many small
-  //   messages rather than a single large one.  If this is infeasible,
-  //   you will need to increase the limit.  Chances are, though, that
-  //   your code never constructs a CodedInputStream on which the limit
-  //   can be set.  You probably parse messages by calling things like
-  //   Message::ParseFromString().  In this case, you will need to change
-  //   your code to instead construct some sort of ZeroCopyInputStream
-  //   (e.g. an ArrayInputStream), construct a CodedInputStream around
-  //   that, then you can adjust the limit. Then call
-  //   Message::ParseFromCodedStream() instead. Yes, it's more work, but
-  //   you're doing something unusual.
-  void SetTotalBytesLimit(int total_bytes_limit, int warning_threshold);
-
-  // The Total Bytes Limit minus the Current Position, or -1 if there
-  // is no Total Bytes Limit.
+  // This is unrelated to PushLimit()/PopLimit().
+  void SetTotalBytesLimit(int total_bytes_limit);
+
+  PROTOBUF_RUNTIME_DEPRECATED(
+      "Please use the single parameter version of SetTotalBytesLimit(). The "
+      "second parameter is ignored.")
+  void SetTotalBytesLimit(int total_bytes_limit, int) {
+    SetTotalBytesLimit(total_bytes_limit);
+  }
+
+  // The Total Bytes Limit minus the Current Position, or -1 if the total bytes
+  // limit is INT_MAX.
   int BytesUntilTotalBytesLimit() const;
 
   // Recursion Limit -------------------------------------------------
@@ -580,8 +570,6 @@ class LIBPROTOBUF_EXPORT CodedInputStream {
   // Recursion depth limit, set by SetRecursionLimit().
   int recursion_limit_;
 
-  bool disable_strict_correctness_enforcement_;
-
   // See SetExtensionRegistry().
   const DescriptorPool* extension_pool_;
   MessageFactory* extension_factory_;
@@ -1053,8 +1041,7 @@ inline std::pair<uint32, bool> CodedInputStream::ReadTagWithCutoffNoLastTag(
     // Other hot case: cutoff >= 0x80, buffer_ has at least two bytes available,
     // and tag is two bytes.  The latter is tested by bitwise-and-not of the
     // first byte and the second byte.
-    if (cutoff >= 0x80 &&
-        GOOGLE_PREDICT_TRUE(buffer_ + 1 < buffer_end_) &&
+    if (cutoff >= 0x80 && GOOGLE_PREDICT_TRUE(buffer_ + 1 < buffer_end_) &&
         GOOGLE_PREDICT_TRUE((buffer_[0] & ~buffer_[1]) >= 0x80)) {
       const uint32 kMax2ByteVarint = (0x7f << 7) + 0x7f;
       uint32 tag = (1u << 7) * buffer_[1] + (buffer_[0] - 0x80);
@@ -1364,7 +1351,6 @@ inline CodedInputStream::CodedInputStream(ZeroCopyInputStream* input)
     total_bytes_limit_(kDefaultTotalBytesLimit),
     recursion_budget_(default_recursion_limit_),
     recursion_limit_(default_recursion_limit_),
-    disable_strict_correctness_enforcement_(true),
     extension_pool_(NULL),
     extension_factory_(NULL) {
   // Eagerly Refresh() so buffer space is immediately available.
@@ -1385,7 +1371,6 @@ inline CodedInputStream::CodedInputStream(const uint8* buffer, int size)
     total_bytes_limit_(kDefaultTotalBytesLimit),
     recursion_budget_(default_recursion_limit_),
     recursion_limit_(default_recursion_limit_),
-    disable_strict_correctness_enforcement_(true),
     extension_pool_(NULL),
     extension_factory_(NULL) {
   // Note that setting current_limit_ == size is important to prevent some