C++ bindings: A struct's Deserialize() now does validation before deserializing.

mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl

Index: mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl
diff --git a/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl b/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl
index 339f94f1bd3827271dd583aca50bca1e67d93495..3bb0479f729c3445f58df88ae6e186a542ea0ca4 100644
--- a/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl
+++ b/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl
@@ -44,19 +44,12 @@ class {{struct.name}} {
   // internal::ValidationError).
   bool Serialize(void* buf, size_t buf_size);
 
-  // Deserializes the given |buf| representing a serialized version of this
-  // struct.  Assumes that the serialized |buf| is valid.
+  // Deserializes the given |buf| of given size |buf_size| representing a
+  // serialized version of this struct. The buffer is validated before
+  // it is deserialized. Returns true on successful deserialization.
   //
-  // TODO(vardhan):
-  //  - Should we pass in how big |buf| is and validate that it is
-  //    <= GetSerializedSize()? If so, should this validation happen all the
-  //    time?
-  //  - Deserialize() will CHECK-fail if you try to deserialize something with
-  //    a bad offset, etc.  For IPC, we |Validate()| before running
-  //    deserialization if we want safety, but we probably want a recoverable
-  //    error for this API.
-  //  - What's the validation story?
-  void Deserialize(void* buf);
+  // TODO(vardhan):  Recover the validation error if there is one?
+  bool Deserialize(void* buf, size_t buf_size);
 
 {%  if struct|is_cloneable_kind %}
   {{struct.name}}Ptr Clone() const;