| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_BINDINGS_SERIALIZATION_H_ | 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_BINDINGS_SERIALIZATION_H_ |
| 6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_BINDINGS_SERIALIZATION_H_ | 6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_BINDINGS_SERIALIZATION_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "mojo/public/cpp/bindings/message.h" | 10 #include "mojo/public/cpp/bindings/message.h" |
| 11 | 11 |
| 12 namespace mojo { | 12 namespace mojo { |
| 13 namespace internal { | 13 namespace internal { |
| 14 | 14 |
| 15 class BoundsChecker; |
| 16 |
| 17 // Please note that this is a different value than |mojo::kInvalidHandleValue|, |
| 18 // which is the "decoded" invalid handle. |
| 19 const MojoHandle kEncodedInvalidHandleValue = static_cast<MojoHandle>(-1); |
| 20 |
| 15 size_t Align(size_t size); | 21 size_t Align(size_t size); |
| 16 char* AlignPointer(char* ptr); | 22 char* AlignPointer(char* ptr); |
| 17 | 23 |
| 24 bool IsAligned(const void* ptr); |
| 25 |
| 18 // Pointers are encoded as relative offsets. The offsets are relative to the | 26 // Pointers are encoded as relative offsets. The offsets are relative to the |
| 19 // address of where the offset value is stored, such that the pointer may be | 27 // address of where the offset value is stored, such that the pointer may be |
| 20 // recovered with the expression: | 28 // recovered with the expression: |
| 21 // | 29 // |
| 22 // ptr = reinterpret_cast<char*>(offset) + *offset | 30 // ptr = reinterpret_cast<char*>(offset) + *offset |
| 23 // | 31 // |
| 24 // A null pointer is encoded as an offset value of 0. | 32 // A null pointer is encoded as an offset value of 0. |
| 25 // | 33 // |
| 26 void EncodePointer(const void* ptr, uint64_t* offset); | 34 void EncodePointer(const void* ptr, uint64_t* offset); |
| 27 const void* DecodePointerRaw(const uint64_t* offset); | 35 const void* DecodePointerRaw(const uint64_t* offset); |
| 28 | 36 |
| 29 template <typename T> | 37 template <typename T> |
| 30 inline void DecodePointer(const uint64_t* offset, T** ptr) { | 38 inline void DecodePointer(const uint64_t* offset, T** ptr) { |
| 31 *ptr = reinterpret_cast<T*>(const_cast<void*>(DecodePointerRaw(offset))); | 39 *ptr = reinterpret_cast<T*>(const_cast<void*>(DecodePointerRaw(offset))); |
| 32 } | 40 } |
| 33 | 41 |
| 42 // Checks whether decoding the pointer will overflow and produce a pointer |
| 43 // smaller than |offset|. |
| 44 bool ValidateEncodedPointer(const uint64_t* offset); |
| 45 |
| 34 // Check that the given pointer references memory contained within the message. | 46 // Check that the given pointer references memory contained within the message. |
| 35 bool ValidatePointer(const void* ptr, const Message& message); | 47 bool ValidatePointer(const void* ptr, const Message& message); |
| 36 | 48 |
| 37 // Handles are encoded as indices into a vector of handles. These functions | 49 // Handles are encoded as indices into a vector of handles. These functions |
| 38 // manipulate the value of |handle|, mapping it to and from an index. | 50 // manipulate the value of |handle|, mapping it to and from an index. |
| 39 void EncodeHandle(Handle* handle, std::vector<Handle>* handles); | 51 void EncodeHandle(Handle* handle, std::vector<Handle>* handles); |
| 40 bool DecodeHandle(Handle* handle, std::vector<Handle>* handles); | 52 bool DecodeHandle(Handle* handle, std::vector<Handle>* handles); |
| 41 | 53 |
| 42 // The following 2 functions are used to encode/decode all objects (structs and | 54 // The following 2 functions are used to encode/decode all objects (structs and |
| 43 // arrays) in a consistent manner. | 55 // arrays) in a consistent manner. |
| 44 | 56 |
| 45 template <typename T> | 57 template <typename T> |
| 46 inline void Encode(T* obj, std::vector<Handle>* handles) { | 58 inline void Encode(T* obj, std::vector<Handle>* handles) { |
| 47 if (obj->ptr) | 59 if (obj->ptr) |
| 48 obj->ptr->EncodePointersAndHandles(handles); | 60 obj->ptr->EncodePointersAndHandles(handles); |
| 49 EncodePointer(obj->ptr, &obj->offset); | 61 EncodePointer(obj->ptr, &obj->offset); |
| 50 } | 62 } |
| 51 | 63 |
| 64 // TODO(yzshen): Remove all redundant validation during decoding. And make |
| 65 // Decode*() functions/methods return void. |
| 52 template <typename T> | 66 template <typename T> |
| 53 inline bool Decode(T* obj, Message* message) { | 67 inline bool Decode(T* obj, Message* message) { |
| 54 DecodePointer(&obj->offset, &obj->ptr); | 68 DecodePointer(&obj->offset, &obj->ptr); |
| 55 if (obj->ptr) { | 69 if (obj->ptr) { |
| 56 if (!ValidatePointer(obj->ptr, *message)) | 70 if (!ValidatePointer(obj->ptr, *message)) |
| 57 return false; | 71 return false; |
| 58 if (!obj->ptr->DecodePointersAndHandles(message)) | 72 if (!obj->ptr->DecodePointersAndHandles(message)) |
| 59 return false; | 73 return false; |
| 60 } | 74 } |
| 61 return true; | 75 return true; |
| 62 } | 76 } |
| 63 | 77 |
| 78 // If returns true, this function also claims the memory range of the size |
| 79 // specified in the struct header, starting from |data|. |
| 80 bool ValidateStructHeader(const void* data, |
| 81 uint32_t min_num_bytes, |
| 82 uint32_t min_num_fields, |
| 83 BoundsChecker* bounds_checker); |
| 84 |
| 64 } // namespace internal | 85 } // namespace internal |
| 65 } // namespace mojo | 86 } // namespace mojo |
| 66 | 87 |
| 67 #endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_BINDINGS_SERIALIZATION_H_ | 88 #endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_BINDINGS_SERIALIZATION_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 289333002:
Mojo cpp bindings: validation logic for incoming messages (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src