mojo/public/cpp/bindings/lib/bindings_serialization.h - Issue 289333002: Mojo cpp bindings: validation logic for incoming messages

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: mojo/public/cpp/bindings/lib/bindings_serialization.h

Issue 289333002: Mojo cpp bindings: validation logic for incoming messages (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: rebase Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: mojo/public/cpp/bindings/lib/bindings_serialization.h

diff --git a/mojo/public/cpp/bindings/lib/bindings_serialization.h b/mojo/public/cpp/bindings/lib/bindings_serialization.h

index 77d061a3a98c105f64a6acd237259382093666ff..acb5575396d060cf9e7b1ecbbd823add0e2d4152 100644

--- a/mojo/public/cpp/bindings/lib/bindings_serialization.h

+++ b/mojo/public/cpp/bindings/lib/bindings_serialization.h

@@ -12,9 +12,17 @@

namespace mojo {

namespace internal {

+class BoundsChecker;

+// Please note that this is a different value than |mojo::kInvalidHandleValue|,

+// which is the "decoded" invalid handle.

+const MojoHandle kEncodedInvalidHandleValue = static_cast<MojoHandle>(-1);

size_t Align(size_t size);

char* AlignPointer(char* ptr);

+bool IsAligned(const void* ptr);

// Pointers are encoded as relative offsets. The offsets are relative to the

// address of where the offset value is stored, such that the pointer may be

// recovered with the expression:

@@ -31,6 +39,10 @@ inline void DecodePointer(const uint64_t* offset, T** ptr) {

*ptr = reinterpret_cast<T*>(const_cast<void*>(DecodePointerRaw(offset)));

}

+// Checks whether decoding the pointer will overflow and produce a pointer

+// smaller than |offset|.

+bool ValidateEncodedPointer(const uint64_t* offset);

// Check that the given pointer references memory contained within the message.

bool ValidatePointer(const void* ptr, const Message& message);

@@ -49,6 +61,8 @@ inline void Encode(T* obj, std::vector<Handle>* handles) {

EncodePointer(obj->ptr, &obj->offset);

}

+// TODO(yzshen): Remove all redundant validation during decoding. And make

+// Decode*() functions/methods return void.

template <typename T>

inline bool Decode(T* obj, Message* message) {

DecodePointer(&obj->offset, &obj->ptr);

@@ -61,6 +75,13 @@ inline bool Decode(T* obj, Message* message) {

return true;

}

+// If returns true, this function also claims the memory range of the size

+// specified in the struct header, starting from |data|.

+bool ValidateStructHeader(const void* data,

+ uint32_t min_num_bytes,

+ uint32_t min_num_fields,

+ BoundsChecker* bounds_checker);

} // namespace internal

} // namespace mojo

« no previous file with comments | « mojo/public/cpp/bindings/lib/array_internal.cc ('k') | mojo/public/cpp/bindings/lib/bindings_serialization.cc » ('j') | no next file with comments »