ipc: Update Message::FindNext to parse brokered attachments.

ipc/ipc_message.cc

Index: ipc/ipc_message.cc
diff --git a/ipc/ipc_message.cc b/ipc/ipc_message.cc
index e9e1dcbab24c57abb49ab7a180a298d3f0b83447..a4d6ea487d881d4d0568ef7fee96681a1c262d27 100644
--- a/ipc/ipc_message.cc
+++ b/ipc/ipc_message.cc
@@ -133,6 +133,60 @@ void Message::set_received_time(int64 time) const {
 }
 #endif
 
+Message::NextMessageInfo::NextMessageInfo()
+    : message_found(false),
+      parsing_error(false),
+      pickle_end(nullptr),
+      message_end(nullptr) {}
+Message::NextMessageInfo::~NextMessageInfo() {}
+
+// static
+Message::NextMessageInfo Message::FindNext(const char* range_start,
+                                           const char* range_end) {
+  NextMessageInfo info;
+  const char* pickle_end =
+      base::Pickle::FindNext(sizeof(Header), range_start, range_end);
+  if (pickle_end == nullptr)

[Tom Sepez, 2015/09/01 18:01:54]

nit: if (!pickle_end)

[erikchen, 2015/09/04 02:13:39]

Done.

+    return info;
+  info.pickle_end = pickle_end;
+
+#if USE_ATTACHMENT_BROKER
+  // The data is not copied.
+  size_t pickle_len = static_cast<size_t>(pickle_end - range_start);
+  Message message(range_start, static_cast<int>(pickle_len));
+  int num_attachments = message.header()->num_brokered_attachments;
+
+  // Each brokered attachment adds kNonceSize bytes of data to the message. We
+  // want to avoid overflows in our computations, so we limit the number of
+  // brokerable attachments to 100.
+  if (num_attachments > 100) {

[Tom Sepez, 2015/09/01 18:01:54]

nit: this should be a constant kSomethingOrOther in a header file.

[erikchen, 2015/09/04 02:13:39]

The previous code didn't actually prevent overflows. I've updated the logic to
correctly check for overflows, which also doesn't rely on an arbitrary constant.

I also removed the field parsing_error in NextMessageInfo, since there's no
point in providing different behavior for certain overflows (too many
attachments) from the existing behavior for a message with an unreasonable
pickle size.

+    info.parsing_error = true;
+    return info;
+  }
+
+  // Check whether the range includes the attachments.
+  size_t attachment_length = num_attachments * BrokerableAttachment::kNonceSize;
+  size_t buffer_length = static_cast<size_t>(range_end - range_start);
+  if (buffer_length < attachment_length + pickle_len)
+    return info;
+
+  for (int i = 0; i < num_attachments; ++i) {
+    const char* attachment_start =
+        pickle_end + i * (BrokerableAttachment::kNonceSize);

[Tom Sepez, 2015/09/01 18:01:54]

nit: unnecessary ()

[erikchen, 2015/09/04 02:13:39]

removed

+    BrokerableAttachment::AttachmentId id(attachment_start,
+                                          BrokerableAttachment::kNonceSize);
+    info.attachment_ids.push_back(id);
+  }
+  info.message_end =
+      pickle_end + num_attachments * BrokerableAttachment::kNonceSize;
+#else
+  info.message_end = pickle_end;
+#endif  // USE_ATTACHMENT_BROKER
+
+  info.message_found = true;
+  return info;
+}
+
 bool Message::WriteAttachment(scoped_refptr<MessageAttachment> attachment) {
   // We write the index of the descriptor so that we don't have to
   // keep the current descriptor as extra decoding state when deserialising.