| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // TODO(vtl): I currently potentially overflow in doing index calculations. | 5 // TODO(vtl): I currently potentially overflow in doing index calculations. |
| 6 // E.g., |start_index_| and |current_num_bytes_| fit into a |uint32_t|, but | 6 // E.g., |start_index_| and |current_num_bytes_| fit into a |uint32_t|, but |
| 7 // their sum may not. This is bad and poses a security risk. (We're currently | 7 // their sum may not. This is bad and poses a security risk. (We're currently |
| 8 // saved by the limit on capacity -- the maximum size of the buffer, checked in | 8 // saved by the limit on capacity -- the maximum size of the buffer, checked in |
| 9 // |DataPipe::ValidateOptions()|, is currently sufficiently small. | 9 // |DataPipe::ValidateOptions()|, is currently sufficiently small.) |
| 10 | 10 |
| 11 #include "mojo/system/local_data_pipe.h" | 11 #include "mojo/system/local_data_pipe.h" |
| 12 | 12 |
| 13 #include <string.h> | 13 #include <string.h> |
| 14 | 14 |
| 15 #include <algorithm> | 15 #include <algorithm> |
| 16 | 16 |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "mojo/system/constants.h" | 18 #include "mojo/system/constants.h" |
| 19 | 19 |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 164 | 164 |
| 165 void LocalDataPipe::ConsumerCloseImplNoLock() { | 165 void LocalDataPipe::ConsumerCloseImplNoLock() { |
| 166 // If the producer is around and in a two-phase write, we have to keep the | 166 // If the producer is around and in a two-phase write, we have to keep the |
| 167 // buffer around. (We then don't free it until the producer is closed. This | 167 // buffer around. (We then don't free it until the producer is closed. This |
| 168 // could be rectified, but again seems like optimizing for the uncommon case.) | 168 // could be rectified, but again seems like optimizing for the uncommon case.) |
| 169 if (!producer_open_no_lock() || !producer_in_two_phase_write_no_lock()) | 169 if (!producer_open_no_lock() || !producer_in_two_phase_write_no_lock()) |
| 170 DestroyBufferNoLock(); | 170 DestroyBufferNoLock(); |
| 171 current_num_bytes_ = 0; | 171 current_num_bytes_ = 0; |
| 172 } | 172 } |
| 173 | 173 |
| 174 MojoResult LocalDataPipe::ConsumerReadDataImplNoLock(void* elements, | 174 MojoResult LocalDataPipe::ConsumerReadDataImplNoLock( |
| 175 uint32_t* num_bytes, | 175 UserPointer<void> elements, |
| 176 bool all_or_none) { | 176 UserPointer<uint32_t> num_bytes, |
| 177 DCHECK_EQ(*num_bytes % element_num_bytes(), 0u); | 177 uint32_t max_num_bytes_to_read, |
| 178 DCHECK_GT(*num_bytes, 0u); | 178 uint32_t min_num_bytes_to_read) { |
| 179 DCHECK_EQ(max_num_bytes_to_read % element_num_bytes(), 0u); |
| 180 DCHECK_EQ(min_num_bytes_to_read % element_num_bytes(), 0u); |
| 181 DCHECK_GT(max_num_bytes_to_read, 0u); |
| 179 | 182 |
| 180 if (all_or_none && *num_bytes > current_num_bytes_) { | 183 if (min_num_bytes_to_read > current_num_bytes_) { |
| 181 // Don't return "should wait" since you can't wait for a specified amount of | 184 // Don't return "should wait" since you can't wait for a specified amount of |
| 182 // data. | 185 // data. |
| 183 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE : | 186 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE : |
| 184 MOJO_RESULT_FAILED_PRECONDITION; | 187 MOJO_RESULT_FAILED_PRECONDITION; |
| 185 } | 188 } |
| 186 | 189 |
| 187 size_t num_bytes_to_read = | 190 size_t num_bytes_to_read = |
| 188 std::min(static_cast<size_t>(*num_bytes), current_num_bytes_); | 191 std::min(static_cast<size_t>(max_num_bytes_to_read), current_num_bytes_); |
| 189 if (num_bytes_to_read == 0) { | 192 if (num_bytes_to_read == 0) { |
| 190 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT : | 193 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT : |
| 191 MOJO_RESULT_FAILED_PRECONDITION; | 194 MOJO_RESULT_FAILED_PRECONDITION; |
| 192 } | 195 } |
| 193 | 196 |
| 194 // The amount we can read in our first |memcpy()|. | 197 // The amount we can read in our first |memcpy()|. |
| 195 size_t num_bytes_to_read_first = | 198 size_t num_bytes_to_read_first = |
| 196 std::min(num_bytes_to_read, GetMaxNumBytesToReadNoLock()); | 199 std::min(num_bytes_to_read, GetMaxNumBytesToReadNoLock()); |
| 197 memcpy(elements, buffer_.get() + start_index_, num_bytes_to_read_first); | 200 elements.PutArray(buffer_.get() + start_index_, num_bytes_to_read_first); |
| 198 | 201 |
| 199 if (num_bytes_to_read_first < num_bytes_to_read) { | 202 if (num_bytes_to_read_first < num_bytes_to_read) { |
| 200 // The "second read index" is zero. | 203 // The "second read index" is zero. |
| 201 memcpy(static_cast<char*>(elements) + num_bytes_to_read_first, | 204 elements.At(num_bytes_to_read_first).PutArray( |
| 202 buffer_.get(), | 205 buffer_.get(), num_bytes_to_read - num_bytes_to_read_first); |
| 203 num_bytes_to_read - num_bytes_to_read_first); | |
| 204 } | 206 } |
| 205 | 207 |
| 206 MarkDataAsConsumedNoLock(num_bytes_to_read); | 208 MarkDataAsConsumedNoLock(num_bytes_to_read); |
| 207 *num_bytes = static_cast<uint32_t>(num_bytes_to_read); | 209 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_read)); |
| 208 return MOJO_RESULT_OK; | 210 return MOJO_RESULT_OK; |
| 209 } | 211 } |
| 210 | 212 |
| 211 MojoResult LocalDataPipe::ConsumerDiscardDataImplNoLock(uint32_t* num_bytes, | 213 MojoResult LocalDataPipe::ConsumerDiscardDataImplNoLock( |
| 212 bool all_or_none) { | 214 UserPointer<uint32_t> num_bytes, |
| 213 DCHECK_EQ(*num_bytes % element_num_bytes(), 0u); | 215 uint32_t max_num_bytes_to_discard, |
| 214 DCHECK_GT(*num_bytes, 0u); | 216 uint32_t min_num_bytes_to_discard) { |
| 217 DCHECK_EQ(max_num_bytes_to_discard % element_num_bytes(), 0u); |
| 218 DCHECK_EQ(min_num_bytes_to_discard % element_num_bytes(), 0u); |
| 219 DCHECK_GT(max_num_bytes_to_discard, 0u); |
| 215 | 220 |
| 216 if (all_or_none && *num_bytes > current_num_bytes_) { | 221 if (min_num_bytes_to_discard > current_num_bytes_) { |
| 217 // Don't return "should wait" since you can't wait for a specified amount of | 222 // Don't return "should wait" since you can't wait for a specified amount of |
| 218 // data. | 223 // data. |
| 219 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE : | 224 return producer_open_no_lock() ? MOJO_RESULT_OUT_OF_RANGE : |
| 220 MOJO_RESULT_FAILED_PRECONDITION; | 225 MOJO_RESULT_FAILED_PRECONDITION; |
| 221 } | 226 } |
| 222 | 227 |
| 223 // Be consistent with other operations; error if no data available. | 228 // Be consistent with other operations; error if no data available. |
| 224 if (current_num_bytes_ == 0) { | 229 if (current_num_bytes_ == 0) { |
| 225 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT : | 230 return producer_open_no_lock() ? MOJO_RESULT_SHOULD_WAIT : |
| 226 MOJO_RESULT_FAILED_PRECONDITION; | 231 MOJO_RESULT_FAILED_PRECONDITION; |
| 227 } | 232 } |
| 228 | 233 |
| 229 size_t num_bytes_to_discard = | 234 size_t num_bytes_to_discard = |
| 230 std::min(static_cast<size_t>(*num_bytes), current_num_bytes_); | 235 std::min(static_cast<size_t>(max_num_bytes_to_discard), |
| 236 current_num_bytes_); |
| 231 MarkDataAsConsumedNoLock(num_bytes_to_discard); | 237 MarkDataAsConsumedNoLock(num_bytes_to_discard); |
| 232 *num_bytes = static_cast<uint32_t>(num_bytes_to_discard); | 238 num_bytes.Put(static_cast<uint32_t>(num_bytes_to_discard)); |
| 233 return MOJO_RESULT_OK; | 239 return MOJO_RESULT_OK; |
| 234 } | 240 } |
| 235 | 241 |
| 236 MojoResult LocalDataPipe::ConsumerQueryDataImplNoLock(uint32_t* num_bytes) { | 242 MojoResult LocalDataPipe::ConsumerQueryDataImplNoLock( |
| 243 UserPointer<uint32_t> num_bytes) { |
| 237 // Note: This cast is safe, since the capacity fits into a |uint32_t|. | 244 // Note: This cast is safe, since the capacity fits into a |uint32_t|. |
| 238 *num_bytes = static_cast<uint32_t>(current_num_bytes_); | 245 num_bytes.Put(static_cast<uint32_t>(current_num_bytes_)); |
| 239 return MOJO_RESULT_OK; | 246 return MOJO_RESULT_OK; |
| 240 } | 247 } |
| 241 | 248 |
| 242 MojoResult LocalDataPipe::ConsumerBeginReadDataImplNoLock( | 249 MojoResult LocalDataPipe::ConsumerBeginReadDataImplNoLock( |
| 243 UserPointer<const void*> buffer, | 250 UserPointer<const void*> buffer, |
| 244 UserPointer<uint32_t> buffer_num_bytes, | 251 UserPointer<uint32_t> buffer_num_bytes, |
| 245 uint32_t min_num_bytes_to_read) { | 252 uint32_t min_num_bytes_to_read) { |
| 246 size_t max_num_bytes_to_read = GetMaxNumBytesToReadNoLock(); | 253 size_t max_num_bytes_to_read = GetMaxNumBytesToReadNoLock(); |
| 247 if (min_num_bytes_to_read > max_num_bytes_to_read) { | 254 if (min_num_bytes_to_read > max_num_bytes_to_read) { |
| 248 // Don't return "should wait" since you can't wait for a specified amount of | 255 // Don't return "should wait" since you can't wait for a specified amount of |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 323 | 330 |
| 324 void LocalDataPipe::MarkDataAsConsumedNoLock(size_t num_bytes) { | 331 void LocalDataPipe::MarkDataAsConsumedNoLock(size_t num_bytes) { |
| 325 DCHECK_LE(num_bytes, current_num_bytes_); | 332 DCHECK_LE(num_bytes, current_num_bytes_); |
| 326 start_index_ += num_bytes; | 333 start_index_ += num_bytes; |
| 327 start_index_ %= capacity_num_bytes(); | 334 start_index_ %= capacity_num_bytes(); |
| 328 current_num_bytes_ -= num_bytes; | 335 current_num_bytes_ -= num_bytes; |
| 329 } | 336 } |
| 330 | 337 |
| 331 } // namespace system | 338 } // namespace system |
| 332 } // namespace mojo | 339 } // namespace mojo |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 417113010:
Convert ReadData...() to use the new user pointer handling (see r285350). (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src