| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_ | 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_ |
| 6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_ | 6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 class Message; | 21 class Message; |
| 22 | 22 |
| 23 namespace internal { | 23 namespace internal { |
| 24 | 24 |
| 25 // ValidationContext is used when validating object sizes, pointers and handle | 25 // ValidationContext is used when validating object sizes, pointers and handle |
| 26 // indices in the payload of incoming messages. | 26 // indices in the payload of incoming messages. |
| 27 class MOJO_CPP_BINDINGS_EXPORT ValidationContext { | 27 class MOJO_CPP_BINDINGS_EXPORT ValidationContext { |
| 28 public: | 28 public: |
| 29 // [data, data + data_num_bytes) specifies the initial valid memory range. | 29 // [data, data + data_num_bytes) specifies the initial valid memory range. |
| 30 // [0, num_handles) specifies the initial valid range of handle indices. | 30 // [0, num_handles) specifies the initial valid range of handle indices. |
| 31 // [0, num_associated_endpoint_handles) specifies the initial valid range of |
| 32 // associated endpoint handle indices. |
| 31 // | 33 // |
| 32 // If provided, |message| and |description| provide additional information | 34 // If provided, |message| and |description| provide additional information |
| 33 // to use when reporting validation errors. In addition if |message| is | 35 // to use when reporting validation errors. In addition if |message| is |
| 34 // provided, the MojoNotifyBadMessage API will be used to notify the system of | 36 // provided, the MojoNotifyBadMessage API will be used to notify the system of |
| 35 // such errors. | 37 // such errors. |
| 36 ValidationContext(const void* data, | 38 ValidationContext(const void* data, |
| 37 size_t data_num_bytes, | 39 size_t data_num_bytes, |
| 38 size_t num_handles, | 40 size_t num_handles, |
| 41 size_t num_associated_endpoint_handles, |
| 39 Message* message = nullptr, | 42 Message* message = nullptr, |
| 40 const base::StringPiece& description = "", | 43 const base::StringPiece& description = "", |
| 41 int stack_depth = 0); | 44 int stack_depth = 0); |
| 42 | 45 |
| 43 ~ValidationContext(); | 46 ~ValidationContext(); |
| 44 | 47 |
| 45 // Claims the specified memory range. | 48 // Claims the specified memory range. |
| 46 // The method succeeds if the range is valid to claim. (Please see | 49 // The method succeeds if the range is valid to claim. (Please see |
| 47 // the comments for IsValidRange().) | 50 // the comments for IsValidRange().) |
| 48 // On success, the valid memory range is shrinked to begin right after the end | 51 // On success, the valid memory range is shrinked to begin right after the end |
| (...skipping 21 matching lines...) Expand all Loading... |
| 70 | 73 |
| 71 if (index < handle_begin_ || index >= handle_end_) | 74 if (index < handle_begin_ || index >= handle_end_) |
| 72 return false; | 75 return false; |
| 73 | 76 |
| 74 // |index| + 1 shouldn't overflow, because |index| is not the max value of | 77 // |index| + 1 shouldn't overflow, because |index| is not the max value of |
| 75 // uint32_t (it is less than |handle_end_|). | 78 // uint32_t (it is less than |handle_end_|). |
| 76 handle_begin_ = index + 1; | 79 handle_begin_ = index + 1; |
| 77 return true; | 80 return true; |
| 78 } | 81 } |
| 79 | 82 |
| 83 // Claims the specified encoded associated endpoint handle. |
| 84 // The method succeeds if: |
| 85 // - |encoded_handle|'s value is |kEncodedInvalidHandleValue|. |
| 86 // - the handle is contained inside the valid range of associated endpoint |
| 87 // handle indices. In this case, the valid range is shinked to begin right |
| 88 // after the claimed handle. |
| 89 bool ClaimAssociatedEndpointHandle( |
| 90 const AssociatedEndpointHandle_Data& encoded_handle) { |
| 91 uint32_t index = encoded_handle.value; |
| 92 if (index == kEncodedInvalidHandleValue) |
| 93 return true; |
| 94 |
| 95 if (index < associated_endpoint_handle_begin_ || |
| 96 index >= associated_endpoint_handle_end_) |
| 97 return false; |
| 98 |
| 99 // |index| + 1 shouldn't overflow, because |index| is not the max value of |
| 100 // uint32_t (it is less than |associated_endpoint_handle_end_|). |
| 101 associated_endpoint_handle_begin_ = index + 1; |
| 102 return true; |
| 103 } |
| 104 |
| 80 // Returns true if the specified range is not empty, and the range is | 105 // Returns true if the specified range is not empty, and the range is |
| 81 // contained inside the valid memory range. | 106 // contained inside the valid memory range. |
| 82 bool IsValidRange(const void* position, uint32_t num_bytes) const { | 107 bool IsValidRange(const void* position, uint32_t num_bytes) const { |
| 83 uintptr_t begin = reinterpret_cast<uintptr_t>(position); | 108 uintptr_t begin = reinterpret_cast<uintptr_t>(position); |
| 84 uintptr_t end = begin + num_bytes; | 109 uintptr_t end = begin + num_bytes; |
| 85 | 110 |
| 86 return InternalIsValidRange(begin, end); | 111 return InternalIsValidRange(begin, end); |
| 87 } | 112 } |
| 88 | 113 |
| 89 // This object should be created on the stack once every time we recurse down | 114 // This object should be created on the stack once every time we recurse down |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 121 const base::StringPiece description_; | 146 const base::StringPiece description_; |
| 122 | 147 |
| 123 // [data_begin_, data_end_) is the valid memory range. | 148 // [data_begin_, data_end_) is the valid memory range. |
| 124 uintptr_t data_begin_; | 149 uintptr_t data_begin_; |
| 125 uintptr_t data_end_; | 150 uintptr_t data_end_; |
| 126 | 151 |
| 127 // [handle_begin_, handle_end_) is the valid handle index range. | 152 // [handle_begin_, handle_end_) is the valid handle index range. |
| 128 uint32_t handle_begin_; | 153 uint32_t handle_begin_; |
| 129 uint32_t handle_end_; | 154 uint32_t handle_end_; |
| 130 | 155 |
| 156 // [associated_endpoint_handle_begin_, associated_endpoint_handle_end_) is the |
| 157 // valid associated endpoint handle index range. |
| 158 uint32_t associated_endpoint_handle_begin_; |
| 159 uint32_t associated_endpoint_handle_end_; |
| 160 |
| 131 int stack_depth_; | 161 int stack_depth_; |
| 132 | 162 |
| 133 DISALLOW_COPY_AND_ASSIGN(ValidationContext); | 163 DISALLOW_COPY_AND_ASSIGN(ValidationContext); |
| 134 }; | 164 }; |
| 135 | 165 |
| 136 } // namespace internal | 166 } // namespace internal |
| 137 } // namespace mojo | 167 } // namespace mojo |
| 138 | 168 |
| 139 #endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_ | 169 #endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2660733002:
Mojo C++ bindings: introduce an optional array to store transferred interface IDs in messages. (Closed)
