| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_SYSTEM_MEMORY_H_ | 5 #ifndef MOJO_SYSTEM_MEMORY_H_ |
| 6 #define MOJO_SYSTEM_MEMORY_H_ | 6 #define MOJO_SYSTEM_MEMORY_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 | 9 |
| 10 #include "mojo/public/c/system/macros.h" | |
| 11 #include "mojo/system/system_impl_export.h" | 10 #include "mojo/system/system_impl_export.h" |
| 12 | 11 |
| 13 namespace mojo { | 12 namespace mojo { |
| 14 namespace system { | 13 namespace system { |
| 15 | 14 |
| 16 namespace internal { | 15 // This is just forward-declared, with the definition and explicit |
| 16 // instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| |
| 17 // below, and you should use that instead. |
| 18 template <size_t size> |
| 19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, |
| 20 size_t count); |
| 17 | 21 |
| 18 template <size_t size, size_t alignment> | 22 // Verify that |count * sizeof(T)| bytes can be read from the user |pointer| |
| 19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerHelper(const void* pointer); | 23 // insofar as possible/necessary (note: this is done carefully since |count * |
| 20 | 24 // sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, |
| 21 template <size_t size, size_t alignment> | 25 // then the size of each element is taken to be a single byte. |
| 22 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithCountHelper( | 26 // |
| 23 const void* pointer, | 27 // For example, if running in kernel mode, this should be a full verification |
| 24 size_t count); | 28 // that the given memory is owned and readable by the user process. In user |
| 25 | 29 // mode, if crashes are acceptable, this may do nothing at all (and always |
| 26 } // namespace internal | 30 // return true). |
| 27 | |
| 28 // Verify (insofar as possible/necessary) that a |T| can be read from the user | |
| 29 // |pointer|. | |
| 30 template <typename T> | 31 template <typename T> |
| 31 bool VerifyUserPointer(const T* pointer) { | 32 bool VerifyUserPointer(const T* pointer, size_t count) { |
| 32 return internal::VerifyUserPointerHelper<sizeof(T), MOJO_ALIGNOF(T)>(pointer); | 33 return VerifyUserPointerForSize<sizeof(T)>(pointer, count); |
| 33 } | 34 } |
| 34 | 35 |
| 35 // Verify (insofar as possible/necessary) that |count| |T|s can be read from the | 36 // Special-case |T| equals |void| so that the size is in bytes, as indicated |
| 36 // user |pointer|; |count| may be zero. (This is done carefully since |count * | 37 // above. |
| 37 // sizeof(T)| may overflow a |size_t|.) | 38 template <> |
| 38 template <typename T> | 39 inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { |
| 39 bool VerifyUserPointerWithCount(const T* pointer, size_t count) { | 40 return VerifyUserPointerForSize<1>(pointer, count); |
| 40 return internal::VerifyUserPointerWithCountHelper<sizeof(T), | |
| 41 MOJO_ALIGNOF(T)>(pointer, | |
| 42 count); | |
| 43 } | 41 } |
| 44 | 42 |
| 45 // Verify that |size| bytes (which may be zero) can be read from the user | |
| 46 // |pointer|, and that |pointer| has the specified |alignment| (if |size| is | |
| 47 // nonzero). | |
| 48 template <size_t alignment> | |
| 49 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerWithSize(const void* pointer, | |
| 50 size_t size); | |
| 51 | |
| 52 } // namespace system | 43 } // namespace system |
| 53 } // namespace mojo | 44 } // namespace mojo |
| 54 | 45 |
| 55 #endif // MOJO_SYSTEM_MEMORY_H_ | 46 #endif // MOJO_SYSTEM_MEMORY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 312463002:
Revert of Mojo: Specify/check alignment of pointers more carefully. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src