Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Unified Diff: mojo/system/memory.h

Issue 304303006: Mojo: Specify/check alignment of pointers more carefully. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix msvs Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « mojo/system/data_pipe_producer_dispatcher.cc ('k') | mojo/system/memory.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mojo/system/memory.h
diff --git a/mojo/system/memory.h b/mojo/system/memory.h
index 6483e0331af9a3431a3b78087bbc5a3fdba83109..21c36eaa7182be989e3ff18f66c9e930e36042f0 100644
--- a/mojo/system/memory.h
+++ b/mojo/system/memory.h
@@ -7,39 +7,48 @@
#include <stddef.h>
+#include "mojo/public/c/system/macros.h"
#include "mojo/system/system_impl_export.h"
namespace mojo {
namespace system {
-// This is just forward-declared, with the definition and explicit
-// instantiations in the .cc file. This is used by |VerifyUserPointer<T>()|
-// below, and you should use that instead.
-template <size_t size>
-bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer,
- size_t count);
-
-// Verify that |count * sizeof(T)| bytes can be read from the user |pointer|
-// insofar as possible/necessary (note: this is done carefully since |count *
-// sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|,
-// then the size of each element is taken to be a single byte.
-//
-// For example, if running in kernel mode, this should be a full verification
-// that the given memory is owned and readable by the user process. In user
-// mode, if crashes are acceptable, this may do nothing at all (and always
-// return true).
+namespace internal {
+
+template <size_t size, size_t alignment>
+bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerHelper(const void* pointer);
+
+template <size_t size, size_t alignment>
+bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithCountHelper(
+ const void* pointer,
+ size_t count);
+
+} // namespace internal
+
+// Verify (insofar as possible/necessary) that a |T| can be read from the user
+// |pointer|.
template <typename T>
-bool VerifyUserPointer(const T* pointer, size_t count) {
- return VerifyUserPointerForSize<sizeof(T)>(pointer, count);
+bool VerifyUserPointer(const T* pointer) {
+ return internal::VerifyUserPointerHelper<sizeof(T), MOJO_ALIGNOF(T)>(pointer);
}
-// Special-case |T| equals |void| so that the size is in bytes, as indicated
-// above.
-template <>
-inline bool VerifyUserPointer<void>(const void* pointer, size_t count) {
- return VerifyUserPointerForSize<1>(pointer, count);
+// Verify (insofar as possible/necessary) that |count| |T|s can be read from the
+// user |pointer|; |count| may be zero. (This is done carefully since |count *
+// sizeof(T)| may overflow a |size_t|.)
+template <typename T>
+bool VerifyUserPointerWithCount(const T* pointer, size_t count) {
+ return internal::VerifyUserPointerWithCountHelper<sizeof(T),
+ MOJO_ALIGNOF(T)>(pointer,
+ count);
}
+// Verify that |size| bytes (which may be zero) can be read from the user
+// |pointer|, and that |pointer| has the specified |alignment| (if |size| is
+// nonzero).
+template <size_t alignment>
+bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithSize(const void* pointer,
+ size_t size);
+
} // namespace system
} // namespace mojo
« no previous file with comments | « mojo/system/data_pipe_producer_dispatcher.cc ('k') | mojo/system/memory.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698