mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl - Issue 1800753005: C++ bindings: A struct's Deserialize() now does validation before deserializing.

Unified Diff: mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl

Issue 1800753005: C++ bindings: A struct's Deserialize() now does validation before deserializing. (Closed) Base URL: https://github.com/domokit/mojo.git@master

Patch Set: Address comments. DeserializeWithoutValidation returns void, doesn't take in buf_size. Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« mojo/public/tools/bindings/generators/cpp_templates/struct_serialization_definition.tmpl ('K') | « mojo/public/tools/bindings/generators/cpp_templates/struct_serialization_definition.tmpl ('k') | services/authentication/accounts_db_manager.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl

diff --git a/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl b/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl

index 339f94f1bd3827271dd583aca50bca1e67d93495..1b976cf7088adad9e8694dfd30c533918ae33ca4 100644

--- a/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl

+++ b/mojo/public/tools/bindings/generators/cpp_templates/wrapper_class_declaration.tmpl

@@ -35,28 +35,27 @@ class {{struct.name}} {

// Returns the number of bytes it would take to serialize this struct's data.

size_t GetSerializedSize() const;

- // Returns true on successful serialization. On failure, part of the data may

+ // Returns true on successful serialization. On failure, part of the data may

// be serialized, until the point of failure. This API does not support

- // serializing handles.

+ // serializing handles. If not null, |bytes_written| is set to the number of

+ // bytes written to |buf|, even if this function return false.

// TODO(vardhan): For now, we return true for success. Should we define a

- // public error type for serialization? (we shouldn't reuse

- // internal::ValidationError).

- bool Serialize(void* buf, size_t buf_size);

+ // public error type for serialization? Should we open up

+ // internal::ValidationError?

+ bool Serialize(void* buf, size_t buf_size, size_t* bytes_written = nullptr);

+ // Deserializes the given |buf| of size |buf_size| representing a serialized

+ // version of this struct. The buffer is validated before it is deserialized.

+ // Returns true on successful deserialization.

+ // TODO(vardhan): Recover the validation error if there is one?

+ bool Deserialize(void* buf, size_t buf_size);

// Deserializes the given |buf| representing a serialized version of this

- // struct. Assumes that the serialized |buf| is valid.

- //

- // TODO(vardhan):

- // - Should we pass in how big |buf| is and validate that it is

- // <= GetSerializedSize()? If so, should this validation happen all the

- // time?

- // - Deserialize() will CHECK-fail if you try to deserialize something with

- // a bad offset, etc. For IPC, we |Validate()| before running

- // deserialization if we want safety, but we probably want a recoverable

- // error for this API.

- // - What's the validation story?

- void Deserialize(void* buf);

+ // struct. The buffer is NOT validated before it is deserialized, so the user

+ // must be confident of its validity and that |buf| points to enough data to

+ // finish deserializing.

+ void DeserializeWithoutValidation(void* buf);

{% if struct|is_cloneable_kind %}

{{struct.name}}Ptr Clone() const;