Convert BeginWriteData...() to use the new user pointer handling (see r285350).

mojo/system/local_data_pipe.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // TODO(vtl): I currently potentially overflow in doing index calculations.
 // E.g., |start_index_| and |current_num_bytes_| fit into a |uint32_t|, but
 // their sum may not. This is bad and poses a security risk. (We're currently
 // saved by the limit on capacity -- the maximum size of the buffer, checked in
 // |DataPipe::ValidateOptions()|, is currently sufficiently small.
 
@@ skipping 83 matching lines @@
            num_bytes_to_write - num_bytes_to_write_first);
   }
 
   current_num_bytes_ += num_bytes_to_write;
   DCHECK_LE(current_num_bytes_, capacity_num_bytes());
   *num_bytes = static_cast<uint32_t>(num_bytes_to_write);
   return MOJO_RESULT_OK;
 }
 
 MojoResult LocalDataPipe::ProducerBeginWriteDataImplNoLock(
-    void** buffer,
-    uint32_t* buffer_num_bytes,
-    bool all_or_none) {
+    UserPointer<void*> buffer,
+    UserPointer<uint32_t> buffer_num_bytes,
+    uint32_t min_num_bytes_to_write) {
   DCHECK(consumer_open_no_lock());
 
   // The index we need to start writing at.
   size_t write_index =
       (start_index_ + current_num_bytes_) % capacity_num_bytes();
 
   size_t max_num_bytes_to_write = GetMaxNumBytesToWriteNoLock();
-  if (all_or_none && *buffer_num_bytes > max_num_bytes_to_write) {
+  if (min_num_bytes_to_write > max_num_bytes_to_write) {
     // In "may discard" mode, we can always write from the write index to the
     // end of the buffer.
     if (may_discard() &&
-        *buffer_num_bytes <= capacity_num_bytes() - write_index) {
+        min_num_bytes_to_write <= capacity_num_bytes() - write_index) {
       // To do so, we need to discard an appropriate amount of data.
       // We should only reach here if the start index is after the write index!
       DCHECK_GE(start_index_, write_index);
-      DCHECK_GT(*buffer_num_bytes - max_num_bytes_to_write, 0u);
-      MarkDataAsConsumedNoLock(*buffer_num_bytes - max_num_bytes_to_write);
-      max_num_bytes_to_write = *buffer_num_bytes;
+      DCHECK_GT(min_num_bytes_to_write - max_num_bytes_to_write, 0u);
+      MarkDataAsConsumedNoLock(min_num_bytes_to_write - max_num_bytes_to_write);
+      max_num_bytes_to_write = min_num_bytes_to_write;
     } else {
       // Don't return "should wait" since you can't wait for a specified amount
       // of data.
       return MOJO_RESULT_OUT_OF_RANGE;
     }
   }
 
   // Don't go into a two-phase write if there's no room.
   if (max_num_bytes_to_write == 0)
     return MOJO_RESULT_SHOULD_WAIT;
 
   EnsureBufferNoLock();
-  *buffer = buffer_.get() + write_index;
-  *buffer_num_bytes = static_cast<uint32_t>(max_num_bytes_to_write);
+  buffer.Put(buffer_.get() + write_index);
+  buffer_num_bytes.Put(static_cast<uint32_t>(max_num_bytes_to_write));
   set_producer_two_phase_max_num_bytes_written_no_lock(
       static_cast<uint32_t>(max_num_bytes_to_write));
   return MOJO_RESULT_OK;
 }
 
 MojoResult LocalDataPipe::ProducerEndWriteDataImplNoLock(
     uint32_t num_bytes_written) {
   DCHECK_LE(num_bytes_written,
             producer_two_phase_max_num_bytes_written_no_lock());
   current_num_bytes_ += num_bytes_written;
@@ skipping 174 matching lines @@
 
 void LocalDataPipe::MarkDataAsConsumedNoLock(size_t num_bytes) {
   DCHECK_LE(num_bytes, current_num_bytes_);
   start_index_ += num_bytes;
   start_index_ %= capacity_num_bytes();
   current_num_bytes_ -= num_bytes;
 }
 
 }  // namespace system
 }  // namespace mojo