Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1189)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: mojo/public/cpp/bindings/lib/bindings_serialization.h

Issue 289333002: Mojo cpp bindings: validation logic for incoming messages (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « mojo/public/cpp/bindings/lib/array_internal.cc ('k') | mojo/public/cpp/bindings/lib/bindings_serialization.cc » ('j') | mojo/public/cpp/bindings/lib/bindings_serialization.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mojo/public/cpp/bindings/lib/bindings_serialization.h
diff --git a/mojo/public/cpp/bindings/lib/bindings_serialization.h b/mojo/public/cpp/bindings/lib/bindings_serialization.h
index 818d69373910ae10067280330837390cb557bec7..f8a9f139243f845372b5c0d037ba3a65f2942d9a 100644
--- a/mojo/public/cpp/bindings/lib/bindings_serialization.h
+++ b/mojo/public/cpp/bindings/lib/bindings_serialization.h
@@ -13,9 +13,13 @@
namespace mojo {
namespace internal {
+class BoundsChecker;
+
size_t Align(size_t size);
char* AlignPointer(char* ptr);
+bool IsAligned(const void* ptr);
Tom Sepez 2014/05/22 19:39:21 nit: is aligned to what? 4? 8? maybe a better name
yzshen1 2014/05/22 20:56:22 I agree that it will be more clear as you suggeste
+
// Pointers are encoded as relative offsets. The offsets are relative to the
// address of where the offset value is stored, such that the pointer may be
// recovered with the expression:
@@ -32,6 +36,10 @@ inline void DecodePointer(const uint64_t* offset, T** ptr) {
*ptr = reinterpret_cast<T*>(const_cast<void*>(DecodePointerRaw(offset)));
}
+// Checks whether decoding the pointer will overflow and produce a poniter
Tom Sepez 2014/05/22 19:39:21 nit: sp. poniter
yzshen1 2014/05/22 20:56:22 Done.
+// smaller than |offset|.
+bool ValidateEncodedPointer(const uint64_t* offset);
+
// Check that the given pointer references memory contained within the message.
bool ValidatePointer(const void* ptr, const Message& message);
@@ -50,6 +58,8 @@ inline void Encode(T* obj, std::vector<Handle>* handles) {
EncodePointer(obj->ptr, &obj->offset);
}
+// TODO(yzshen): Remove all redundant validation during decoding. And make
+// Decode*() functions/methods return void.
template <typename T>
inline bool Decode(T* obj, Message* message) {
DecodePointer(&obj->offset, &obj->ptr);
@@ -62,6 +72,13 @@ inline bool Decode(T* obj, Message* message) {
return true;
}
+// If returns true, this function also claims the memory range of the size
+// specified in the struct header, starting from |data|.
+bool ValidateStructHeader(const void* data,
+ uint32_t min_num_bytes,
+ uint32_t min_num_fields,
+ BoundsChecker* bounds_checker);
+
} // namespace internal
} // namespace mojo
« no previous file with comments | « mojo/public/cpp/bindings/lib/array_internal.cc ('k') | mojo/public/cpp/bindings/lib/bindings_serialization.cc » ('j') | mojo/public/cpp/bindings/lib/bindings_serialization.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698