Associated Message Validation

mojo/public/js/validator.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 define("mojo/public/js/validator", [
   "mojo/public/js/codec",
-], function(codec) {
+  "mojo/public/js/interface_types",
+], function(codec, types) {
 
   var validationError = {
     NONE: 'VALIDATION_ERROR_NONE',
     MISALIGNED_OBJECT: 'VALIDATION_ERROR_MISALIGNED_OBJECT',
     ILLEGAL_MEMORY_RANGE: 'VALIDATION_ERROR_ILLEGAL_MEMORY_RANGE',
     UNEXPECTED_STRUCT_HEADER: 'VALIDATION_ERROR_UNEXPECTED_STRUCT_HEADER',
     UNEXPECTED_ARRAY_HEADER: 'VALIDATION_ERROR_UNEXPECTED_ARRAY_HEADER',
     ILLEGAL_HANDLE: 'VALIDATION_ERROR_ILLEGAL_HANDLE',
     UNEXPECTED_INVALID_HANDLE: 'VALIDATION_ERROR_UNEXPECTED_INVALID_HANDLE',
     ILLEGAL_POINTER: 'VALIDATION_ERROR_ILLEGAL_POINTER',
     UNEXPECTED_NULL_POINTER: 'VALIDATION_ERROR_UNEXPECTED_NULL_POINTER',
+    ILLEGAL_INTERFACE_ID: 'VALIDATION_ERROR_ILLEGAL_INTERFACE_ID',
+    UNEXPECTED_INVALID_INTERFACE_ID:
+        'VALIDATION_ERROR_UNEXPECTED_INVALID_INTERFACE_ID',
     MESSAGE_HEADER_INVALID_FLAGS:
         'VALIDATION_ERROR_MESSAGE_HEADER_INVALID_FLAGS',
     MESSAGE_HEADER_MISSING_REQUEST_ID:
         'VALIDATION_ERROR_MESSAGE_HEADER_MISSING_REQUEST_ID',
     DIFFERENT_SIZED_ARRAYS_IN_MAP:
         'VALIDATION_ERROR_DIFFERENT_SIZED_ARRAYS_IN_MAP',
     INVALID_UNION_SIZE: 'VALIDATION_ERROR_INVALID_UNION_SIZE',
     UNEXPECTED_NULL_UNION: 'VALIDATION_ERROR_UNEXPECTED_NULL_UNION',
     UNKNOWN_ENUM_VALUE: 'VALIDATION_ERROR_UNKNOWN_ENUM_VALUE',
   };
@@ skipping 57 matching lines @@
 
   function isInterfaceClass(cls) {
     return cls instanceof codec.Interface;
   }
 
   function isInterfaceRequestClass(cls) {
     return cls === codec.InterfaceRequest ||
         cls === codec.NullableInterfaceRequest;
   }
 
+  function isAssociatedInterfaceClass(cls) {
+    return cls === codec.AssociatedInterfacePtrInfo ||
+        cls === codec.NullableAssociatedInterfacePtrInfo;
+  }
+
+  function isAssociatedInterfaceRequestClass(cls) {
+    return cls === codec.AssociatedInterfaceRequest ||
+        cls === codec.NullableAssociatedInterfaceRequest;
+  }
+
   function isNullable(type) {
     return type === codec.NullableString || type === codec.NullableHandle ||
         type === codec.NullableInterface ||
         type === codec.NullableInterfaceRequest ||
         type instanceof codec.NullableArrayOf ||
         type instanceof codec.NullablePointerTo;
   }
 
   function Validator(message) {
     this.message = message;
     this.offset = 0;
     this.handleIndex = 0;
+    this.associatedEndpointHandleIndex = 0;
   }
 
   Object.defineProperty(Validator.prototype, "offsetLimit", {
     get: function() { return this.message.buffer.byteLength; }
   });
 
   Object.defineProperty(Validator.prototype, "handleIndexLimit", {
     get: function() { return this.message.handles.length; }
   });
 
+  Object.defineProperty(Validator.prototype, "associatedHandleIndexLimit", {
+    get: function() { return this.message.getPayloadInterfaceIds().length; }

[yzshen1, 2017/04/11 06:23:11]

getPayloadInterfaceIds() may throw exception (if message version < 2) or return
null (if message version == 2 but the message has a null interface ids array)
which also cause exception.

Does it make sense to return 0 for both this cases?
That would be more consistent because the validation code doesn't throw
exceptions for validation errors.

(Please also see my comment on line 180)

[wangjimmy, 2017/04/12 00:26:17]

Done.

+  });
+
   // True if we can safely allocate a block of bytes from start to
   // to start + numBytes.
   Validator.prototype.isValidRange = function(start, numBytes) {
     // Only positive JavaScript integers that are less than 2^53
     // (Number.MAX_SAFE_INTEGER) can be represented exactly.
     if (start < this.offset || numBytes <= 0 ||
         !Number.isSafeInteger(start) ||
         !Number.isSafeInteger(numBytes))
       return false;
 
@@ skipping 17 matching lines @@
       return true;
 
     if (index < this.handleIndex || index >= this.handleIndexLimit)
       return false;
 
     // This is safe because handle indices are uint32.
     this.handleIndex = index + 1;
     return true;
   };
 
+  Validator.prototype.claimAssociatedEndpointHandle = function(index) {
+    if (index === codec.kEncodedInvalidHandleValue) {
+      return true;
+    }
+
+    if (index < this.associatedEndpointHandleIndex ||
+        index >= this.associatedHandleIndexLimit) {

[yzshen1, 2017/04/11 06:23:11]

Imagine the message has a null payload interface IDs array, and it has an
associated interface/request field which has the index value 0. In this case,
this method is supposed to return false, instead of throwing exception by
associatedHandleIndexLimit.

[wangjimmy, 2017/04/12 00:26:17]

Acknowledged.

+      return false;
+    }
+
+    // This is safe because handle indices are uint32.
+    this.associatedEndpointHandleIndex = index + 1;
+    return true;
+  };
+
   Validator.prototype.validateEnum = function(offset, enumClass) {
     // Note: Assumes that enums are always 32 bits! But this matches
     // mojom::generate::pack::PackedField::GetSizeForKind, so it should be okay.
     var value = this.message.buffer.getInt32(offset);
     return enumClass.validate(value);
   }
 
   Validator.prototype.validateHandle = function(offset, nullable) {
     var index = this.message.buffer.getUint32(offset);
 
     if (index === codec.kEncodedInvalidHandleValue)
       return nullable ?
           validationError.NONE : validationError.UNEXPECTED_INVALID_HANDLE;
 
     if (!this.claimHandle(index))
       return validationError.ILLEGAL_HANDLE;
 
     return validationError.NONE;
   };
 
+  Validator.prototype.validateAssociatedEndpointHandle = function(offset,
+      nullable) {
+    var index = this.message.buffer.getUint32(offset);
+
+    if (index === codec.kEncodedInvalidHandleValue) {
+      return nullable ? validationError.NONE :
+          validationError.UNEXPECTED_INVALID_INTERFACE_ID;
+    }
+
+    if (!this.claimAssociatedEndpointHandle(index)) {
+      return validationError.ILLEGAL_INTERFACE_ID;
+    }
+
+    return validationError.NONE;
+  };
+
   Validator.prototype.validateInterface = function(offset, nullable) {
     return this.validateHandle(offset, nullable);
   };
 
   Validator.prototype.validateInterfaceRequest = function(offset, nullable) {
     return this.validateHandle(offset, nullable);
   };
 
+  Validator.prototype.validateAssociatedInterface = function(offset,
+      nullable) {
+    return this.validateAssociatedEndpointHandle(offset, nullable);
+  };
+
+  Validator.prototype.validateAssociatedInterfaceRequest = function(
+      offset, nullable) {
+    return this.validateAssociatedEndpointHandle(offset, nullable);
+  };
+
   Validator.prototype.validateStructHeader = function(offset, minNumBytes) {
     if (!codec.isAligned(offset))
       return validationError.MISALIGNED_OBJECT;
 
     if (!this.isValidRange(offset, codec.kStructHeaderSize))
       return validationError.ILLEGAL_MEMORY_RANGE;
 
     var numBytes = this.message.buffer.getUint32(offset);
 
     if (numBytes < minNumBytes)
@@ skipping 23 matching lines @@
     }
 
     return validationError.NONE;
   };
 
   Validator.prototype.isFieldInStructVersion = function(offset, fieldVersion) {
     var structVersion = this.message.buffer.getUint32(offset + 4);
     return fieldVersion <= structVersion;
   };
 
-  // TODO(wangjimmy): Add support for v2 messages.
   Validator.prototype.validateMessageHeader = function() {
 
     var err = this.validateStructHeader(0, codec.kMessageHeaderSize);
     if (err != validationError.NONE)
       return err;
 
     var numBytes = this.message.getHeaderNumBytes();
     var version = this.message.getHeaderVersion();
 
     var validVersionAndNumBytes =
         (version == 0 && numBytes == codec.kMessageHeaderSize) ||
         (version == 1 &&
          numBytes == codec.kMessageWithRequestIDHeaderSize) ||
         (version > 1 &&

[yzshen1, 2017/04/11 06:23:11]

To be exact:
... ||
(version == 2 && numBytes == codec.kMessageV2HeaderSize) ||
(version > 2 && numBytes >= codec.kMessageV2HeaderSize)

[wangjimmy, 2017/04/12 00:26:17]

Done.

-         numBytes >= codec.kMessageWithRequestIDHeaderSize);
+         numBytes >= codec.kMessageV2HeaderSize);
     if (!validVersionAndNumBytes)
       return validationError.UNEXPECTED_STRUCT_HEADER;
 
     var expectsResponse = this.message.expectsResponse();
     var isResponse = this.message.isResponse();
 
     if (version == 0 && (expectsResponse || isResponse))
       return validationError.MESSAGE_HEADER_MISSING_REQUEST_ID;
 
     if (isResponse && expectsResponse)
       return validationError.MESSAGE_HEADER_INVALID_FLAGS;
 
+    if (version < 2) {
+      return validationError.NONE;
+    }
+
+    if (this.message.getPayloadInterfaceIds()) {

[yzshen1, 2017/04/11 06:23:11]

- I think you need to validate the array because trying to decode it?
An example of how to do the validation:
https://cs.chromium.org/chromium/src/out/Debug/gen/mojo/public/interfaces/bin...

- Instead of calling getPayloadInterfaceIds() multiple times, please cache the
result.

[wangjimmy, 2017/04/12 00:26:17]

Done.

+      for (var interfaceId of this.message.getPayloadInterfaceIds()) {
+        if (!types.isValidInterfaceId(interfaceId) ||
+            types.isMasterInterfaceId(interfaceId)) {
+          return validationError.ILLEGAL_INTERFACE_ID;
+        }
+      }
+    }
+
     return validationError.NONE;
   };
 
   Validator.prototype.validateMessageIsRequestWithoutResponse = function() {
     if (this.message.isResponse() || this.message.expectsResponse()) {
       return validationError.MESSAGE_HEADER_INVALID_FLAGS;
     }
     return validationError.NONE;
   };
 
@@ skipping 180 matching lines @@
     var nullable = isNullable(elementType);
 
     if (isHandleClass(elementType))
       return this.validateHandleElements(elementsOffset, numElements, nullable);
     if (isInterfaceClass(elementType))
       return this.validateInterfaceElements(
           elementsOffset, numElements, nullable);
     if (isInterfaceRequestClass(elementType))
       return this.validateInterfaceRequestElements(
           elementsOffset, numElements, nullable);
+    if (isAssociatedInterfaceClass(elementType))
+      return this.validateAssociatedInterfaceElements(
+          elementsOffset, numElements, nullable);
+    if (isAssociatedInterfaceRequestClass(elementType))
+      return this.validateAssociatedInterfaceRequestElements(
+          elementsOffset, numElements, nullable);
     if (isStringClass(elementType))
       return this.validateArrayElements(
           elementsOffset, numElements, codec.Uint8, nullable, [0], 0);
     if (elementType instanceof codec.PointerTo)
       return this.validateStructElements(
           elementsOffset, numElements, elementType.cls, nullable);
     if (elementType instanceof codec.ArrayOf)
       return this.validateArrayElements(
           elementsOffset, numElements, elementType.cls, nullable,
           expectedDimensionSizes, currentDimension + 1);
@@ skipping 37 matching lines @@
     var elementSize = codec.InterfaceRequest.encodedSize;
     for (var i = 0; i < numElements; i++) {
       var elementOffset = offset + i * elementSize;
       var err = this.validateInterfaceRequest(elementOffset, nullable);
       if (err != validationError.NONE)
         return err;
     }
     return validationError.NONE;
   };
 
+  Validator.prototype.validateAssociatedInterfaceElements =
+      function(offset, numElements, nullable) {
+    var elementSize = codec.AssociatedInterfacePtrInfo.prototype.encodedSize;
+    for (var i = 0; i < numElements; i++) {
+      var elementOffset = offset + i * elementSize;
+      var err = this.validateAssociatedInterface(elementOffset, nullable);
+      if (err != validationError.NONE) {
+        return err;
+      }
+    }
+    return validationError.NONE;
+  };
+
+  Validator.prototype.validateAssociatedInterfaceRequestElements =
+      function(offset, numElements, nullable) {
+    var elementSize = codec.AssociatedInterfaceRequest.encodedSize;
+    for (var i = 0; i < numElements; i++) {
+      var elementOffset = offset + i * elementSize;
+      var err = this.validateAssociatedInterfaceRequest(elementOffset,
+          nullable);
+      if (err != validationError.NONE) {
+        return err;
+      }
+    }
+    return validationError.NONE;
+  };
+
   // The elementClass parameter is the element type of the element arrays.
   Validator.prototype.validateArrayElements =
       function(offset, numElements, elementClass, nullable,
                expectedDimensionSizes, currentDimension) {
     var elementSize = codec.PointerTo.prototype.encodedSize;
     for (var i = 0; i < numElements; i++) {
       var elementOffset = offset + i * elementSize;
       var err = this.validateArrayPointer(
           elementOffset, elementClass.encodedSize, elementClass, nullable,
           expectedDimensionSizes, currentDimension);
@@ skipping 30 matching lines @@
 
   var exports = {};
   exports.validationError = validationError;
   exports.Validator = Validator;
   exports.ValidationErrorObserverForTesting = ValidationErrorObserverForTesting;
   exports.reportValidationError = reportValidationError;
   exports.isTestingMode = isTestingMode;
   exports.clearTestingMode = clearTestingMode;
   return exports;
 });