| OLD | NEW |
|---|
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 #include "vm/bigint_operations.h" |
| 5 #include "vm/dart_api_message.h" | 6 #include "vm/dart_api_message.h" |
| 6 #include "vm/object.h" | 7 #include "vm/object.h" |
| 7 #include "vm/snapshot_ids.h" | 8 #include "vm/snapshot_ids.h" |
| 8 #include "vm/symbols.h" | 9 #include "vm/symbols.h" |
| 9 #include "vm/unicode.h" | 10 #include "vm/unicode.h" |
| 10 | 11 |
| 11 namespace dart { | 12 namespace dart { |
| 12 | 13 |
| 13 static const int kNumInitialReferences = 4; | 14 static const int kNumInitialReferences = 4; |
| 14 | 15 |
| (...skipping 865 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 880 | 881 |
| 881 bool ApiMessageWriter::WriteCObject(Dart_CObject* object) { | 882 bool ApiMessageWriter::WriteCObject(Dart_CObject* object) { |
| 882 if (IsCObjectMarked(object)) { | 883 if (IsCObjectMarked(object)) { |
| 883 intptr_t object_id = GetMarkedCObjectMark(object); | 884 intptr_t object_id = GetMarkedCObjectMark(object); |
| 884 WriteIndexedObject(kMaxPredefinedObjectIds + object_id); | 885 WriteIndexedObject(kMaxPredefinedObjectIds + object_id); |
| 885 return true; | 886 return true; |
| 886 } | 887 } |
| 887 | 888 |
| 888 Dart_CObject_Type type = object->type; | 889 Dart_CObject_Type type = object->type; |
| 889 if (type == Dart_CObject_kArray) { | 890 if (type == Dart_CObject_kArray) { |
| 891 const intptr_t array_length = object->value.as_array.length; |
| 892 if (array_length < 0 || |
| 893 array_length > Array::kMaxElements) { |
| 894 return false; |
| 895 } |
| 896 |
| 890 // Write out the serialization header value for this object. | 897 // Write out the serialization header value for this object. |
| 891 WriteInlinedHeader(object); | 898 WriteInlinedHeader(object); |
| 892 // Write out the class and tags information. | 899 // Write out the class and tags information. |
| 893 WriteIndexedObject(kArrayCid); | 900 WriteIndexedObject(kArrayCid); |
| 894 WriteIntptrValue(0); | 901 WriteIntptrValue(0); |
| 895 | 902 // Write out the length information. |
| 896 WriteSmi(object->value.as_array.length); | 903 WriteSmi(array_length); |
| 897 // Write out the type arguments. | 904 // Write out the type arguments. |
| 898 WriteNullObject(); | 905 WriteNullObject(); |
| 899 // Write out array elements. | 906 // Write out array elements. |
| 900 for (int i = 0; i < object->value.as_array.length; i++) { | 907 for (int i = 0; i < array_length; i++) { |
| 901 bool success = WriteCObjectRef(object->value.as_array.values[i]); | 908 bool success = WriteCObjectRef(object->value.as_array.values[i]); |
| 902 if (!success) return false; | 909 if (!success) return false; |
| 903 } | 910 } |
| 904 return true; | 911 return true; |
| 905 } | 912 } |
| 906 return WriteCObjectInlined(object, type); | 913 return WriteCObjectInlined(object, type); |
| 907 } | 914 } |
| 908 | 915 |
| 909 | 916 |
| 910 bool ApiMessageWriter::WriteCObjectRef(Dart_CObject* object) { | 917 bool ApiMessageWriter::WriteCObjectRef(Dart_CObject* object) { |
| 911 if (IsCObjectMarked(object)) { | 918 if (IsCObjectMarked(object)) { |
| 912 intptr_t object_id = GetMarkedCObjectMark(object); | 919 intptr_t object_id = GetMarkedCObjectMark(object); |
| 913 WriteIndexedObject(kMaxPredefinedObjectIds + object_id); | 920 WriteIndexedObject(kMaxPredefinedObjectIds + object_id); |
| 914 return true; | 921 return true; |
| 915 } | 922 } |
| 916 | 923 |
| 917 Dart_CObject_Type type = object->type; | 924 Dart_CObject_Type type = object->type; |
| 918 if (type == Dart_CObject_kArray) { | 925 if (type == Dart_CObject_kArray) { |
| 926 const intptr_t array_length = object->value.as_array.length; |
| 927 if (array_length < 0 || |
| 928 array_length > Array::kMaxElements) { |
| 929 return false; |
| 930 } |
| 919 // Write out the serialization header value for this object. | 931 // Write out the serialization header value for this object. |
| 920 WriteInlinedHeader(object); | 932 WriteInlinedHeader(object); |
| 921 // Write out the class information. | 933 // Write out the class information. |
| 922 WriteIndexedObject(kArrayCid); | 934 WriteIndexedObject(kArrayCid); |
| 923 // Write out the length information. | 935 // Write out the length information. |
| 924 WriteSmi(object->value.as_array.length); | 936 WriteSmi(array_length); |
| 925 // Add object to forward list so that this object is serialized later. | 937 // Add object to forward list so that this object is serialized later. |
| 926 AddToForwardList(object); | 938 AddToForwardList(object); |
| 927 return true; | 939 return true; |
| 928 } | 940 } |
| 929 return WriteCObjectInlined(object, type); | 941 return WriteCObjectInlined(object, type); |
| 930 } | 942 } |
| 931 | 943 |
| 932 | 944 |
| 933 bool ApiMessageWriter::WriteForwardedCObject(Dart_CObject* object) { | 945 bool ApiMessageWriter::WriteForwardedCObject(Dart_CObject* object) { |
| 934 ASSERT(IsCObjectMarked(object)); | 946 ASSERT(IsCObjectMarked(object)); |
| 935 Dart_CObject_Type type = | 947 Dart_CObject_Type type = |
| 936 static_cast<Dart_CObject_Type>(object->type & kDartCObjectTypeMask); | 948 static_cast<Dart_CObject_Type>(object->type & kDartCObjectTypeMask); |
| 937 ASSERT(type == Dart_CObject_kArray); | 949 ASSERT(type == Dart_CObject_kArray); |
| 950 const intptr_t array_length = object->value.as_array.length; |
| 951 if (array_length < 0 || |
| 952 array_length > Array::kMaxElements) { |
| 953 return false; |
| 954 } |
| 938 | 955 |
| 939 // Write out the serialization header value for this object. | 956 // Write out the serialization header value for this object. |
| 940 intptr_t object_id = GetMarkedCObjectMark(object); | 957 intptr_t object_id = GetMarkedCObjectMark(object); |
| 941 WriteInlinedObjectHeader(kMaxPredefinedObjectIds + object_id); | 958 WriteInlinedObjectHeader(kMaxPredefinedObjectIds + object_id); |
| 942 // Write out the class and tags information. | 959 // Write out the class and tags information. |
| 943 WriteIndexedObject(kArrayCid); | 960 WriteIndexedObject(kArrayCid); |
| 944 WriteIntptrValue(0); | 961 WriteIntptrValue(0); |
| 945 | 962 // Write out the length information. |
| 946 WriteSmi(object->value.as_array.length); | 963 WriteSmi(array_length); |
| 947 // Write out the type arguments. | 964 // Write out the type arguments. |
| 948 WriteNullObject(); | 965 WriteNullObject(); |
| 949 // Write out array elements. | 966 // Write out array elements. |
| 950 for (int i = 0; i < object->value.as_array.length; i++) { | 967 for (int i = 0; i < array_length; i++) { |
| 951 bool success = WriteCObjectRef(object->value.as_array.values[i]); | 968 bool success = WriteCObjectRef(object->value.as_array.values[i]); |
| 952 if (!success) return false; | 969 if (!success) return false; |
| 953 } | 970 } |
| 954 return true; | 971 return true; |
| 955 } | 972 } |
| 956 | 973 |
| 957 | 974 |
| 958 bool ApiMessageWriter::WriteCObjectInlined(Dart_CObject* object, | 975 bool ApiMessageWriter::WriteCObjectInlined(Dart_CObject* object, |
| 959 Dart_CObject_Type type) { | 976 Dart_CObject_Type type) { |
| 960 switch (type) { | 977 switch (type) { |
| 961 case Dart_CObject_kNull: | 978 case Dart_CObject_kNull: |
| 962 WriteNullObject(); | 979 WriteNullObject(); |
| 963 break; | 980 break; |
| 964 case Dart_CObject_kBool: | 981 case Dart_CObject_kBool: |
| 965 if (object->value.as_bool) { | 982 if (object->value.as_bool) { |
| 966 WriteVMIsolateObject(kTrueValue); | 983 WriteVMIsolateObject(kTrueValue); |
| 967 } else { | 984 } else { |
| 968 WriteVMIsolateObject(kFalseValue); | 985 WriteVMIsolateObject(kFalseValue); |
| 969 } | 986 } |
| 970 break; | 987 break; |
| 971 case Dart_CObject_kInt32: | 988 case Dart_CObject_kInt32: |
| 972 WriteInt32(object); | 989 WriteInt32(object); |
| 973 break; | 990 break; |
| 974 case Dart_CObject_kInt64: | 991 case Dart_CObject_kInt64: |
| 975 WriteInt64(object); | 992 WriteInt64(object); |
| 976 break; | 993 break; |
| 977 case Dart_CObject_kBigint: { | 994 case Dart_CObject_kBigint: { |
| 995 char* hex_string = object->value.as_bigint; |
| 996 const intptr_t chunk_len = |
| 997 BigintOperations::ComputeChunkLength(hex_string); |
| 998 if (chunk_len < 0 || |
| 999 chunk_len > Bigint::kMaxElements) { |
| 1000 return false; |
| 1001 } |
| 978 // Write out the serialization header value for this object. | 1002 // Write out the serialization header value for this object. |
| 979 WriteInlinedHeader(object); | 1003 WriteInlinedHeader(object); |
| 980 // Write out the class and tags information. | 1004 // Write out the class and tags information. |
| 981 WriteIndexedObject(kBigintCid); | 1005 WriteIndexedObject(kBigintCid); |
| 982 WriteIntptrValue(0); | 1006 WriteIntptrValue(0); |
| 983 // Write hex string length and content | 1007 // Write hex string length and content |
| 984 char* hex_string = object->value.as_bigint; | |
| 985 intptr_t len = strlen(hex_string); | 1008 intptr_t len = strlen(hex_string); |
| 986 WriteIntptrValue(len); | 1009 WriteIntptrValue(len); |
| 987 for (intptr_t i = 0; i < len; i++) { | 1010 for (intptr_t i = 0; i < len; i++) { |
| 988 Write<uint8_t>(hex_string[i]); | 1011 Write<uint8_t>(hex_string[i]); |
| 989 } | 1012 } |
| 990 break; | 1013 break; |
| 991 } | 1014 } |
| 992 case Dart_CObject_kDouble: | 1015 case Dart_CObject_kDouble: |
| 993 // Write out the serialization header value for this object. | 1016 // Write out the serialization header value for this object. |
| 994 WriteInlinedHeader(object); | 1017 WriteInlinedHeader(object); |
| 995 // Write out the class and tags information. | 1018 // Write out the class and tags information. |
| 996 WriteIndexedObject(kDoubleCid); | 1019 WriteIndexedObject(kDoubleCid); |
| 997 WriteIntptrValue(0); | 1020 WriteIntptrValue(0); |
| 998 // Write double value. | 1021 // Write double value. |
| 999 Write<double>(object->value.as_double); | 1022 Write<double>(object->value.as_double); |
| 1000 break; | 1023 break; |
| 1001 case Dart_CObject_kString: { | 1024 case Dart_CObject_kString: { |
| 1002 const uint8_t* utf8_str = | 1025 const uint8_t* utf8_str = |
| 1003 reinterpret_cast<const uint8_t*>(object->value.as_string); | 1026 reinterpret_cast<const uint8_t*>(object->value.as_string); |
| 1004 intptr_t utf8_len = strlen(object->value.as_string); | 1027 intptr_t utf8_len = strlen(object->value.as_string); |
| 1005 if (!Utf8::IsValid(utf8_str, utf8_len)) { | 1028 if (!Utf8::IsValid(utf8_str, utf8_len)) { |
| 1006 return false; | 1029 return false; |
| 1007 } | 1030 } |
| 1008 | 1031 |
| 1009 Utf8::Type type; | 1032 Utf8::Type type; |
| 1010 intptr_t len = Utf8::CodeUnitCount(utf8_str, utf8_len, &type); | 1033 intptr_t len = Utf8::CodeUnitCount(utf8_str, utf8_len, &type); |
| 1034 ASSERT(len > 0); |
| 1035 if (len > String::kMaxElements) { |
| 1036 return false; |
| 1037 } |
| 1011 | 1038 |
| 1012 // Write out the serialization header value for this object. | 1039 // Write out the serialization header value for this object. |
| 1013 WriteInlinedHeader(object); | 1040 WriteInlinedHeader(object); |
| 1014 // Write out the class and tags information. | 1041 // Write out the class and tags information. |
| 1015 WriteIndexedObject(type == Utf8::kLatin1 ? kOneByteStringCid | 1042 WriteIndexedObject(type == Utf8::kLatin1 ? kOneByteStringCid |
| 1016 : kTwoByteStringCid); | 1043 : kTwoByteStringCid); |
| 1017 WriteIntptrValue(0); | 1044 WriteIntptrValue(0); |
| 1018 // Write string length, hash and content | 1045 // Write string length, hash and content |
| 1019 WriteSmi(len); | 1046 WriteSmi(len); |
| 1020 WriteSmi(0); // TODO(sgjesse): Hash - not written. | 1047 WriteSmi(0); // TODO(sgjesse): Hash - not written. |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1052 class_id = kTypedDataInt8ArrayCid; | 1079 class_id = kTypedDataInt8ArrayCid; |
| 1053 break; | 1080 break; |
| 1054 case Dart_TypedData_kUint8: | 1081 case Dart_TypedData_kUint8: |
| 1055 class_id = kTypedDataUint8ArrayCid; | 1082 class_id = kTypedDataUint8ArrayCid; |
| 1056 break; | 1083 break; |
| 1057 default: | 1084 default: |
| 1058 class_id = kTypedDataUint8ArrayCid; | 1085 class_id = kTypedDataUint8ArrayCid; |
| 1059 UNIMPLEMENTED(); | 1086 UNIMPLEMENTED(); |
| 1060 } | 1087 } |
| 1061 | 1088 |
| 1089 intptr_t len = object->value.as_typed_data.length; |
| 1090 if (len < 0 || |
| 1091 len > TypedData::MaxElements(class_id)) { |
| 1092 return false; |
| 1093 } |
| 1094 |
| 1062 WriteIndexedObject(class_id); | 1095 WriteIndexedObject(class_id); |
| 1063 WriteIntptrValue(RawObject::ClassIdTag::update(class_id, 0)); | 1096 WriteIntptrValue(RawObject::ClassIdTag::update(class_id, 0)); |
| 1097 WriteSmi(len); |
| 1064 uint8_t* bytes = object->value.as_typed_data.values; | 1098 uint8_t* bytes = object->value.as_typed_data.values; |
| 1065 intptr_t len = object->value.as_typed_data.length; | |
| 1066 WriteSmi(len); | |
| 1067 for (intptr_t i = 0; i < len; i++) { | 1099 for (intptr_t i = 0; i < len; i++) { |
| 1068 Write<uint8_t>(bytes[i]); | 1100 Write<uint8_t>(bytes[i]); |
| 1069 } | 1101 } |
| 1070 break; | 1102 break; |
| 1071 } | 1103 } |
| 1072 case Dart_CObject_kExternalTypedData: { | 1104 case Dart_CObject_kExternalTypedData: { |
| 1073 // TODO(ager): we are writing C pointers into the message in | 1105 // TODO(ager): we are writing C pointers into the message in |
| 1074 // order to post external arrays through ports. We need to make | 1106 // order to post external arrays through ports. We need to make |
| 1075 // sure that messages containing pointers can never be posted | 1107 // sure that messages containing pointers can never be posted |
| 1076 // to other processes. | 1108 // to other processes. |
| 1077 | 1109 |
| 1078 // Write out serialization header value for this object. | 1110 // Write out serialization header value for this object. |
| 1079 WriteInlinedHeader(object); | 1111 WriteInlinedHeader(object); |
| 1080 // Write out the class and tag information. | 1112 // Write out the class and tag information. |
| 1081 WriteIndexedObject(kExternalTypedDataUint8ArrayCid); | 1113 WriteIndexedObject(kExternalTypedDataUint8ArrayCid); |
| 1082 WriteIntptrValue(RawObject::ClassIdTag::update( | 1114 WriteIntptrValue(RawObject::ClassIdTag::update( |
| 1083 kExternalTypedDataUint8ArrayCid, 0)); | 1115 kExternalTypedDataUint8ArrayCid, 0)); |
| 1084 int length = object->value.as_external_typed_data.length; | 1116 intptr_t length = object->value.as_external_typed_data.length; |
| 1117 if (length < 0 || |
| 1118 length > ExternalTypedData::MaxElements( |
| 1119 kExternalTypedDataUint8ArrayCid)) { |
| 1120 return false; |
| 1121 } |
| 1085 uint8_t* data = object->value.as_external_typed_data.data; | 1122 uint8_t* data = object->value.as_external_typed_data.data; |
| 1086 void* peer = object->value.as_external_typed_data.peer; | 1123 void* peer = object->value.as_external_typed_data.peer; |
| 1087 Dart_WeakPersistentHandleFinalizer callback = | 1124 Dart_WeakPersistentHandleFinalizer callback = |
| 1088 object->value.as_external_typed_data.callback; | 1125 object->value.as_external_typed_data.callback; |
| 1089 WriteSmi(length); | 1126 WriteSmi(length); |
| 1090 WriteIntptrValue(reinterpret_cast<intptr_t>(data)); | 1127 WriteIntptrValue(reinterpret_cast<intptr_t>(data)); |
| 1091 WriteIntptrValue(reinterpret_cast<intptr_t>(peer)); | 1128 WriteIntptrValue(reinterpret_cast<intptr_t>(peer)); |
| 1092 WriteIntptrValue(reinterpret_cast<intptr_t>(callback)); | 1129 WriteIntptrValue(reinterpret_cast<intptr_t>(callback)); |
| 1093 break; | 1130 break; |
| 1094 } | 1131 } |
| (...skipping 19 matching lines...) Expand all Loading... |
| 1114 if (!success) { | 1151 if (!success) { |
| 1115 UnmarkAllCObjects(object); | 1152 UnmarkAllCObjects(object); |
| 1116 return false; | 1153 return false; |
| 1117 } | 1154 } |
| 1118 } | 1155 } |
| 1119 UnmarkAllCObjects(object); | 1156 UnmarkAllCObjects(object); |
| 1120 return true; | 1157 return true; |
| 1121 } | 1158 } |
| 1122 | 1159 |
| 1123 } // namespace dart | 1160 } // namespace dart |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 23479010:
Add length checks to ApiMessageWriter. (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart