Chromium Code Reviews Chromium Code Reviews
Issue 15841011:
Implement off-the-wire validation scheme for enum types. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: ipc/ipc_message_macros.h |
| diff --git a/ipc/ipc_message_macros.h b/ipc/ipc_message_macros.h |
| index 2993014f0468539f89afaf4c0089d6c8d2689e7f..142cccfb710a4c35ed8bd7b2f1ca70cca87822f8 100644 |
| --- a/ipc/ipc_message_macros.h |
| +++ b/ipc/ipc_message_macros.h |
| @@ -142,7 +142,19 @@ |
| // IPC_STRUCT_TRAITS_END(). |
| // |
| // Enum types are registered with a single IPC_ENUM_TRAITS() macro. There |
| -// is no need to enumerate each value to the IPC mechanism. |
| +// is no need to enumerate each value to the IPC mechanism. By default, enums |
| +// are not range-checked when they are read from the wire, and callers must |
| +// not trust values received from less privileged processes. In order for |
| +// IPC to perform validaion, enum authors must provide a specialization for |
|
aedla
2013/05/31 08:35:15
nit: 'validaion' typo
|
| +// the function template declared in base/enum_validator.h. If such a |
| +// specialization exists for the enum type, then IPC will reject messages |
| +// that fail this validation. For example: |
| +// |
| +// #include "base/enum_validator.h" |
| +// enum Color { RED, GREEN, BLUE }; |
| +// template <> inline bool IsIntValidForEnum<Color>(int x) { |
| +// return x >= RED && x <= BLUE; |
| +// } |
| // |
| // Do not place semicolons following these IPC_ macro invocations. There |
| // is no reason to expect that their expansion corresponds one-to-one with |
