Mojo: Report bindings validation errors via MojoNotifyBadMessage

mojo/public/cpp/bindings/lib/connector.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/public/cpp/bindings/lib/connector.h"
 
 #include <stdint.h>
 #include <utility>
 
 #include "base/bind.h"
@@ skipping 69 matching lines @@
 }
 
 ScopedMessagePipeHandle Connector::PassMessagePipe() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   CancelWait();
   MayAutoLock locker(lock_.get());
   return std::move(message_pipe_);
 }
 
-void Connector::RaiseError() {
+void Connector::RaiseError(Result error) {
   DCHECK(thread_checker_.CalledOnValidThread());
+  DCHECK(!error.Succeeded());
+
+  // If this was a message validation error, notify the system of a bad message.
+  if (error.type() == Result::Type::BAD_MESSAGE)
+    error.message().NotifyBadMessage(error.details());
 
   HandleError(true, true);
 }
 
 bool Connector::WaitForIncomingMessage(MojoDeadline deadline) {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   if (error_)
     return false;
 
@@ skipping 26 matching lines @@
 void Connector::ResumeIncomingMethodCallProcessing() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   if (!paused_)
     return;
 
   paused_ = false;
   WaitToReadMore();
 }
 
-bool Connector::Accept(Message* message) {
+MessageReceiver::Result Connector::Accept(Message* message) {
   DCHECK(lock_ || thread_checker_.CalledOnValidThread());
 
   // It shouldn't hurt even if |error_| may be changed by a different thread at
   // the same time. The outcome is that we may write into |message_pipe_| after
   // encountering an error, which should be fine.
   if (error_)
-    return false;
+    return Result(Result::Type::SEND_FAILED);
 
   MayAutoLock locker(lock_.get());
 
   if (!message_pipe_.is_valid() || drop_writes_)
-    return true;
+    return Result::ForSuccess();
 
   MojoResult rv =
       WriteMessageNew(message_pipe_.get(), message->TakeMojoMessage(),
                       MOJO_WRITE_MESSAGE_FLAG_NONE);
 
   switch (rv) {
     case MOJO_RESULT_OK:
       break;
     case MOJO_RESULT_FAILED_PRECONDITION:
       // There's no point in continuing to write to this pipe since the other
       // end is gone. Avoid writing any future messages. Hide write failures
       // from the caller since we'd like them to continue consuming any backlog
       // of incoming messages before regarding the message pipe as closed.
       drop_writes_ = true;
       break;
     case MOJO_RESULT_BUSY:
       // We'd get a "busy" result if one of the message's handles is:
       //   - |message_pipe_|'s own handle;
       //   - simultaneously being used on another thread; or
       //   - in a "busy" state that prohibits it from being transferred (e.g.,
       //     a data pipe handle in the middle of a two-phase read/write,
       //     regardless of which thread that two-phase read/write is happening
       //     on).
       // TODO(vtl): I wonder if this should be a |DCHECK()|. (But, until
       // crbug.com/389666, etc. are resolved, this will make tests fail quickly
       // rather than hanging.)
       CHECK(false) << "Race condition or other bug detected";
-      return false;
+      return Result(Result::Type::SEND_FAILED);
     default:
       // This particular write was rejected, presumably because of bad input.
       // The pipe is not necessarily in a bad state.
-      return false;
+      return Result(Result::Type::SEND_FAILED);
   }
-  return true;
+  return Result::ForSuccess();
 }
 
 void Connector::AllowWokenUpBySyncWatchOnSameThread() {
   DCHECK(thread_checker_.CalledOnValidThread());
 
   allow_woken_up_by_others_ = true;
 
   EnsureSyncWatcherExists();
   sync_watcher_->AllowWokenUpBySyncWatchOnSameThread();
 }
@@ skipping 54 matching lines @@
 
   if (allow_woken_up_by_others_) {
     EnsureSyncWatcherExists();
     sync_watcher_->AllowWokenUpBySyncWatchOnSameThread();
   }
 }
 
 bool Connector::ReadSingleMessage(MojoResult* read_result) {
   CHECK(!paused_);
 
-  bool receiver_result = false;
+  bool received_message = false;
 
   // Detect if |this| was destroyed during message dispatch. Allow for the
   // possibility of re-entering ReadMore() through message dispatch.
   base::WeakPtr<Connector> weak_self = weak_self_;
 
   Message message;
   const MojoResult rv = ReadMessage(message_pipe_.get(), &message);
   *read_result = rv;
 
-  if (rv == MOJO_RESULT_OK) {
-    receiver_result =
-        incoming_receiver_ && incoming_receiver_->Accept(&message);
+  if (rv == MOJO_RESULT_OK && incoming_receiver_) {
+    Result result = incoming_receiver_->Accept(&message);
+    if (result.type() == Result::Type::BAD_MESSAGE)
+      result.message().NotifyBadMessage(result.details());
+    received_message = result.Succeeded();
   }
 
   if (!weak_self)
     return false;
 
   if (rv == MOJO_RESULT_SHOULD_WAIT)
     return true;
 
   if (rv != MOJO_RESULT_OK) {
     HandleError(rv != MOJO_RESULT_FAILED_PRECONDITION, false);
     return false;
   }
 
-  if (enforce_errors_from_incoming_receiver_ && !receiver_result) {
+  if (enforce_errors_from_incoming_receiver_ && !received_message) {
     HandleError(true, false);
     return false;
   }
   return true;
 }
 
 void Connector::ReadAllAvailableMessages() {
   while (!error_) {
     MojoResult rv;
 
@@ skipping 51 matching lines @@
   if (sync_watcher_)
     return;
   sync_watcher_.reset(new SyncHandleWatcher(
       message_pipe_.get(), MOJO_HANDLE_SIGNAL_READABLE,
       base::Bind(&Connector::OnSyncHandleWatcherHandleReady,
                  base::Unretained(this))));
 }
 
 }  // namespace internal
 }  // namespace mojo