| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_SYSTEM_MEMORY_H_ | 5 #ifndef MOJO_SYSTEM_MEMORY_H_ |
| 6 #define MOJO_SYSTEM_MEMORY_H_ | 6 #define MOJO_SYSTEM_MEMORY_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 | 9 |
| 10 #include "mojo/public/c/system/macros.h" |
| 10 #include "mojo/system/system_impl_export.h" | 11 #include "mojo/system/system_impl_export.h" |
| 11 | 12 |
| 12 namespace mojo { | 13 namespace mojo { |
| 13 namespace system { | 14 namespace system { |
| 14 | 15 |
| 15 // This is just forward-declared, with the definition and explicit | 16 namespace internal { |
| 16 // instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| | |
| 17 // below, and you should use that instead. | |
| 18 template <size_t size> | |
| 19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, | |
| 20 size_t count); | |
| 21 | 17 |
| 22 // Verify that |count * sizeof(T)| bytes can be read from the user |pointer| | 18 template <size_t size, size_t alignment> |
| 23 // insofar as possible/necessary (note: this is done carefully since |count * | 19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerHelper(const void* pointer); |
| 24 // sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, | 20 |
| 25 // then the size of each element is taken to be a single byte. | 21 template <size_t size, size_t alignment> |
| 26 // | 22 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithCountHelper( |
| 27 // For example, if running in kernel mode, this should be a full verification | 23 const void* pointer, |
| 28 // that the given memory is owned and readable by the user process. In user | 24 size_t count); |
| 29 // mode, if crashes are acceptable, this may do nothing at all (and always | 25 |
| 30 // return true). | 26 } // namespace internal |
| 27 |
| 28 // Verify (insofar as possible/necessary) that a |T| can be read from the user |
| 29 // |pointer|. |
| 31 template <typename T> | 30 template <typename T> |
| 32 bool VerifyUserPointer(const T* pointer, size_t count) { | 31 bool VerifyUserPointer(const T* pointer) { |
| 33 return VerifyUserPointerForSize<sizeof(T)>(pointer, count); | 32 return internal::VerifyUserPointerHelper<sizeof(T), MOJO_ALIGNOF(T)>(pointer); |
| 34 } | 33 } |
| 35 | 34 |
| 36 // Special-case |T| equals |void| so that the size is in bytes, as indicated | 35 // Verify (insofar as possible/necessary) that |count| |T|s can be read from the |
| 37 // above. | 36 // user |pointer|; |count| may be zero. (This is done carefully since |count * |
| 38 template <> | 37 // sizeof(T)| may overflow a |size_t|.) |
| 39 inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { | 38 template <typename T> |
| 40 return VerifyUserPointerForSize<1>(pointer, count); | 39 bool VerifyUserPointerWithCount(const T* pointer, size_t count) { |
| 40 return internal::VerifyUserPointerWithCountHelper<sizeof(T), |
| 41 MOJO_ALIGNOF(T)>(pointer, |
| 42 count); |
| 41 } | 43 } |
| 42 | 44 |
| 45 // Verify that |size| bytes (which may be zero) can be read from the user |
| 46 // |pointer|, and that |pointer| has the specified |alignment| (if |size| is |
| 47 // nonzero). |
| 48 template <size_t alignment> |
| 49 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithSize(const void* pointer, |
| 50 size_t size); |
| 51 |
| 43 } // namespace system | 52 } // namespace system |
| 44 } // namespace mojo | 53 } // namespace mojo |
| 45 | 54 |
| 46 #endif // MOJO_SYSTEM_MEMORY_H_ | 55 #endif // MOJO_SYSTEM_MEMORY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 304303006:
Mojo: Specify/check alignment of pointers more carefully. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src