Index: mojo/system/memory.h |
diff --git a/mojo/system/memory.h b/mojo/system/memory.h |
index 6483e0331af9a3431a3b78087bbc5a3fdba83109..21c36eaa7182be989e3ff18f66c9e930e36042f0 100644 |
--- a/mojo/system/memory.h |
+++ b/mojo/system/memory.h |
@@ -7,39 +7,48 @@ |
#include <stddef.h> |
+#include "mojo/public/c/system/macros.h" |
#include "mojo/system/system_impl_export.h" |
namespace mojo { |
namespace system { |
-// This is just forward-declared, with the definition and explicit |
-// instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| |
-// below, and you should use that instead. |
-template <size_t size> |
-bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, |
- size_t count); |
- |
-// Verify that |count * sizeof(T)| bytes can be read from the user |pointer| |
-// insofar as possible/necessary (note: this is done carefully since |count * |
-// sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, |
-// then the size of each element is taken to be a single byte. |
-// |
-// For example, if running in kernel mode, this should be a full verification |
-// that the given memory is owned and readable by the user process. In user |
-// mode, if crashes are acceptable, this may do nothing at all (and always |
-// return true). |
+namespace internal { |
+ |
+template <size_t size, size_t alignment> |
+bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerHelper(const void* pointer); |
+ |
+template <size_t size, size_t alignment> |
+bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithCountHelper( |
+ const void* pointer, |
+ size_t count); |
+ |
+} // namespace internal |
+ |
+// Verify (insofar as possible/necessary) that a |T| can be read from the user |
+// |pointer|. |
template <typename T> |
-bool VerifyUserPointer(const T* pointer, size_t count) { |
- return VerifyUserPointerForSize<sizeof(T)>(pointer, count); |
+bool VerifyUserPointer(const T* pointer) { |
+ return internal::VerifyUserPointerHelper<sizeof(T), MOJO_ALIGNOF(T)>(pointer); |
} |
-// Special-case |T| equals |void| so that the size is in bytes, as indicated |
-// above. |
-template <> |
-inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { |
- return VerifyUserPointerForSize<1>(pointer, count); |
+// Verify (insofar as possible/necessary) that |count| |T|s can be read from the |
+// user |pointer|; |count| may be zero. (This is done carefully since |count * |
+// sizeof(T)| may overflow a |size_t|.) |
+template <typename T> |
+bool VerifyUserPointerWithCount(const T* pointer, size_t count) { |
+ return internal::VerifyUserPointerWithCountHelper<sizeof(T), |
+ MOJO_ALIGNOF(T)>(pointer, |
+ count); |
} |
+// Verify that |size| bytes (which may be zero) can be read from the user |
+// |pointer|, and that |pointer| has the specified |alignment| (if |size| is |
+// nonzero). |
+template <size_t alignment> |
+bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithSize(const void* pointer, |
+ size_t size); |
+ |
} // namespace system |
} // namespace mojo |