Don't send PP_Vars/V8 values with cycles across PostMessage

ppapi/proxy/serialized_var.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ppapi/proxy/serialized_var.h"
 
 #include "base/logging.h"
 #include "ipc/ipc_message_utils.h"
 #include "ppapi/c/pp_instance.h"
 #include "ppapi/proxy/dispatcher.h"
 #include "ppapi/proxy/interface_proxy.h"
 #include "ppapi/proxy/ppapi_param_traits.h"
 #include "ppapi/proxy/ppb_buffer_proxy.h"
 #include "ppapi/shared_impl/ppapi_globals.h"
 #include "ppapi/shared_impl/var.h"
 #include "ppapi/thunk/enter.h"
 
 namespace ppapi {
 namespace proxy {
 
+namespace {
+void DefaultHandleWriter(IPC::Message* m, const SerializedHandle& handle) {
+  IPC::ParamTraits<SerializedHandle>::Write(m, handle);
+}
+}  // namespace
+
 // SerializedVar::Inner --------------------------------------------------------
 
 SerializedVar::Inner::Inner()
     : serialization_rules_(NULL),
       var_(PP_MakeUndefined()),
       instance_(0),
-      cleanup_mode_(CLEANUP_NONE) {
+      cleanup_mode_(CLEANUP_NONE),
+      is_valid_var_(true) {
 #ifndef NDEBUG
   has_been_serialized_ = false;
   has_been_deserialized_ = false;
 #endif
 }
 
 SerializedVar::Inner::Inner(VarSerializationRules* serialization_rules)
     : serialization_rules_(serialization_rules),
       var_(PP_MakeUndefined()),
       instance_(0),
@@ skipping 62 matching lines @@
   // that returns a var. This means the message handler didn't write to the
   // output parameter, or possibly you used the wrong helper class
   // (normally SerializedVarReturnValue).
   DCHECK(serialization_rules_.get());
 
 #ifndef NDEBUG
   // We should only be serializing something once.
   DCHECK(!has_been_serialized_);
   has_been_serialized_ = true;
 #endif
-  RawVarDataGraph::Create(var_, instance_)->Write(m);
+  scoped_ptr<RawVarDataGraph> data = RawVarDataGraph::Create(var_, instance_);
+  if (data) {
+    m->WriteBool(true);  // Success.
+    data->Write(m, base::Bind(&DefaultHandleWriter));
+  } else {
+    m->WriteBool(false);  // Failure.
+  }
+}
+
+void SerializedVar::Inner::WriteDataToMessage(
+    IPC::Message* m,
+    const HandleWriter& handle_writer) const {
+  if (raw_var_data_) {
+    m->WriteBool(true);  // Success.
+    raw_var_data_->Write(m, handle_writer);
+  } else {
+    m->WriteBool(false);  // Failure.
+  }
 }
 
 bool SerializedVar::Inner::ReadFromMessage(const IPC::Message* m,
                                            PickleIterator* iter) {
 #ifndef NDEBUG
   // We should only deserialize something once or will end up with leaked
   // references.
   //
   // One place this has happened in the past is using
   // std::vector<SerializedVar>.resize(). If you're doing this manually instead
   // of using the helper classes for handling in/out vectors of vars, be
   // sure you use the same pattern as the SerializedVarVector classes.
   DCHECK(!has_been_deserialized_);
   has_been_deserialized_ = true;
 #endif
   // When reading, the dispatcher should be set when we get a Deserialize
   // call (which will supply a dispatcher).
-  raw_var_data_ = RawVarDataGraph::Read(m, iter);
-  return raw_var_data_.get() != NULL;
+  if (!m->ReadBool(iter, &is_valid_var_))
+      return false;
+  if (is_valid_var_) {
+    raw_var_data_ = RawVarDataGraph::Read(m, iter);
+    if (!raw_var_data_)
+      return false;
+  }
+
+  return true;
 }
 
 void SerializedVar::Inner::SetCleanupModeToEndSendPassRef() {
   cleanup_mode_ = END_SEND_PASS_REF;
 }
 
 void SerializedVar::Inner::SetCleanupModeToEndReceiveCallerOwned() {
   cleanup_mode_ = END_RECEIVE_CALLER_OWNED;
 }
 
@@ skipping 287 matching lines @@
     const std::string& str) {
   inner_->ForceSetVarValueForTest(StringVar::StringToPPVar(str));
 }
 
 SerializedVarTestReader::SerializedVarTestReader(const SerializedVar& var)
     : SerializedVar(var) {
 }
 
 }  // namespace proxy
 }  // namespace ppapi