| Index: mojo/public/cpp/bindings/lib/validation_context.h
|
| diff --git a/mojo/public/cpp/bindings/lib/bounds_checker.h b/mojo/public/cpp/bindings/lib/validation_context.h
|
| similarity index 60%
|
| rename from mojo/public/cpp/bindings/lib/bounds_checker.h
|
| rename to mojo/public/cpp/bindings/lib/validation_context.h
|
| index d59a68aa0347cf8996da05769d6020efec395fe6..5b02a59fdfc04c4dd308cafbd6162b3a36a036fd 100644
|
| --- a/mojo/public/cpp/bindings/lib/bounds_checker.h
|
| +++ b/mojo/public/cpp/bindings/lib/validation_context.h
|
| @@ -2,30 +2,41 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_BOUNDS_CHECKER_H_
|
| -#define MOJO_PUBLIC_CPP_BINDINGS_LIB_BOUNDS_CHECKER_H_
|
| +#ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
|
| +#define MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
|
|
|
| #include <stddef.h>
|
| #include <stdint.h>
|
|
|
| #include "base/macros.h"
|
| +#include "base/strings/string_piece.h"
|
| #include "mojo/public/cpp/bindings/lib/bindings_internal.h"
|
|
|
| namespace mojo {
|
|
|
| class Handle;
|
| +class Message;
|
|
|
| namespace internal {
|
|
|
| -// BoundsChecker is used to validate object sizes, pointers and handle indices
|
| -// for payload of incoming messages.
|
| -class BoundsChecker {
|
| +// ValidationContext is used when validating object sizes, pointers and handle
|
| +// indices in the payload of incoming messages.
|
| +class ValidationContext {
|
| public:
|
| // [data, data + data_num_bytes) specifies the initial valid memory range.
|
| // [0, num_handles) specifies the initial valid range of handle indices.
|
| - BoundsChecker(const void* data, uint32_t data_num_bytes, size_t num_handles);
|
| -
|
| - ~BoundsChecker();
|
| + //
|
| + // If provided, |message| and |description| provide additional information
|
| + // to use when reporting validation errors. In addition if |message| is
|
| + // provided, the MojoNotifyBadMessage API will be used to notify the system of
|
| + // such errors.
|
| + ValidationContext(const void* data,
|
| + uint32_t data_num_bytes,
|
| + size_t num_handles,
|
| + Message* message = nullptr,
|
| + const base::StringPiece& description = "");
|
| +
|
| + ~ValidationContext();
|
|
|
| // Claims the specified memory range.
|
| // The method succeeds if the range is valid to claim. (Please see
|
| @@ -45,9 +56,15 @@ class BoundsChecker {
|
| // contained inside the valid memory range.
|
| bool IsValidRange(const void* position, uint32_t num_bytes) const;
|
|
|
| + Message* message() const { return message_; }
|
| + const base::StringPiece& description() const { return description_; }
|
| +
|
| private:
|
| bool InternalIsValidRange(uintptr_t begin, uintptr_t end) const;
|
|
|
| + Message* const message_;
|
| + const base::StringPiece description_;
|
| +
|
| // [data_begin_, data_end_) is the valid memory range.
|
| uintptr_t data_begin_;
|
| uintptr_t data_end_;
|
| @@ -56,10 +73,10 @@ class BoundsChecker {
|
| uint32_t handle_begin_;
|
| uint32_t handle_end_;
|
|
|
| - DISALLOW_COPY_AND_ASSIGN(BoundsChecker);
|
| + DISALLOW_COPY_AND_ASSIGN(ValidationContext);
|
| };
|
|
|
| } // namespace internal
|
| } // namespace mojo
|
|
|
| -#endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_BOUNDS_CHECKER_H_
|
| +#endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
|
|
|
Chromium Code Reviews
Issue 2064903002:
Mojo: Report bindings validation errors via MojoNotifyBadMessage (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master