OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef MOJO_SYSTEM_MEMORY_H_ | 5 #ifndef MOJO_SYSTEM_MEMORY_H_ |
6 #define MOJO_SYSTEM_MEMORY_H_ | 6 #define MOJO_SYSTEM_MEMORY_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 | 9 |
10 #include "mojo/system/system_impl_export.h" | 10 #include "mojo/system/system_impl_export.h" |
11 | 11 |
12 namespace mojo { | 12 namespace mojo { |
13 namespace system { | 13 namespace system { |
14 | 14 |
15 // This is just forward-declared, with the definition and explicit | 15 // This is just forward-declared, with the definition and explicit |
16 // instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| | 16 // instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| |
17 // below, and you should use that instead. | 17 // below, and you should use that instead. |
18 template <size_t size> | 18 template <size_t size> |
19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, | 19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, |
20 size_t count); | 20 size_t count); |
21 | 21 |
| 22 // A non-templatized version of the above, for when the element size isn't |
| 23 // fixed. |
| 24 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, |
| 25 size_t size, |
| 26 size_t count); |
| 27 |
22 // Verify that |count * sizeof(T)| bytes can be read from the user |pointer| | 28 // Verify that |count * sizeof(T)| bytes can be read from the user |pointer| |
23 // insofar as possible/necessary (note: this is done carefully since |count * | 29 // insofar as possible/necessary (note: this is done carefully since |count * |
24 // sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, | 30 // sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, |
25 // then the size of each element is taken to be a single byte. | 31 // then the size of each element is taken to be a single byte. |
26 // | 32 // |
27 // For example, if running in kernel mode, this should be a full verification | 33 // For example, if running in kernel mode, this should be a full verification |
28 // that the given memory is owned and readable by the user process. In user | 34 // that the given memory is owned and readable by the user process. In user |
29 // mode, if crashes are acceptable, this may do nothing at all (and always | 35 // mode, if crashes are acceptable, this may do nothing at all (and always |
30 // return true). | 36 // return true). |
31 template <typename T> | 37 template <typename T> |
32 bool VerifyUserPointer(const T* pointer, size_t count) { | 38 bool VerifyUserPointer(const T* pointer, size_t count) { |
33 return VerifyUserPointerForSize<sizeof(T)>(pointer, count); | 39 return VerifyUserPointerForSize<sizeof(T)>(pointer, count); |
34 } | 40 } |
35 | 41 |
36 // Special-case |T| equals |void| so that the size is in bytes, as indicated | 42 // Special-case |T| equals |void| so that the size is in bytes, as indicated |
37 // above. | 43 // above. |
38 template <> | 44 template <> |
39 inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { | 45 inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { |
40 return VerifyUserPointerForSize<1>(pointer, count); | 46 return VerifyUserPointerForSize<1>(pointer, count); |
41 } | 47 } |
42 | 48 |
43 } // namespace system | 49 } // namespace system |
44 } // namespace mojo | 50 } // namespace mojo |
45 | 51 |
46 #endif // MOJO_SYSTEM_MEMORY_H_ | 52 #endif // MOJO_SYSTEM_MEMORY_H_ |
OLD | NEW |