Add validation logic for non-nullable types.

mojo/public/cpp/bindings/lib/array_internal.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_ARRAY_INTERNAL_H_
 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_ARRAY_INTERNAL_H_
 
 #include <new>
 #include <vector>
 
+#include "mojo/public/c/system/macros.h"
 #include "mojo/public/cpp/bindings/lib/bindings_internal.h"
 #include "mojo/public/cpp/bindings/lib/bindings_serialization.h"
 #include "mojo/public/cpp/bindings/lib/bounds_checker.h"
 #include "mojo/public/cpp/bindings/lib/buffer.h"
+#include "mojo/public/cpp/bindings/lib/template_util.h"
 #include "mojo/public/cpp/bindings/lib/validation_errors.h"
 #include "mojo/public/cpp/environment/logging.h"
 
 namespace mojo {
 template <typename T> class Array;
 class String;
 
 namespace internal {
 
 template <typename T>
@@ skipping 78 matching lines @@
     return ((num_elements + 7) / 8);
   }
   static BitRef ToRef(StorageType* storage, size_t offset) {
     return BitRef(&storage[offset / 8], 1 << (offset % 8));
   }
   static bool ToConstRef(const StorageType* storage, size_t offset) {
     return (storage[offset / 8] & (1 << (offset % 8))) != 0;
   }
 };
 
+// Array type information needed for valdiation.
+template <uint32_t in_expected_num_elements,
+          bool in_element_nullable,
+          typename InElementValidateParams>
+class ArrayValidateParams {
+ public:
+  // Validation information for elements. It is either another specialization of
+  // ArrayValidateParams (if elements are arrays) or NoValidateParams.
+  typedef InElementValidateParams ElementValidateParams;
+
+  // If |expected_num_elements| is not 0, the array is expected to have exactly
+  // that number of elements.
+  static const uint32_t expected_num_elements = in_expected_num_elements;
+  // Whether the elements are nullable.
+  static const bool element_nullable = in_element_nullable;
+};
+
+// NoValidateParams is used to indicate the end of an ArrayValidateParams chain.
+class NoValidateParams {
+};
+
 // What follows is code to support the serialization of Array_Data<T>. There
 // are two interesting cases: arrays of primitives and arrays of objects.
 // Arrays of objects are represented as arrays of pointers to objects.
 
-template <typename T, bool kIsHandle> struct ArraySerializationHelper;
+template <typename T, bool is_handle> struct ArraySerializationHelper;
 
 template <typename T>
 struct ArraySerializationHelper<T, false> {
   typedef typename ArrayDataTraits<T>::StorageType ElementType;
 
   static void EncodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles) {
   }
 
   static void DecodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles) {
   }
 
+  template <bool element_nullable, typename ElementValidateParams>
   static bool ValidateElements(const ArrayHeader* header,
                                const ElementType* elements,
                                BoundsChecker* bounds_checker) {
+    MOJO_COMPILE_ASSERT(!element_nullable,
+                        Primitive_type_should_be_non_nullable);
+    MOJO_COMPILE_ASSERT(
+        (IsSame<ElementValidateParams, NoValidateParams>::value),
+        Primitive_type_should_not_have_array_validate_params);
     return true;
   }
 };
 
 template <>
 struct ArraySerializationHelper<Handle, true> {
   typedef ArrayDataTraits<Handle>::StorageType ElementType;
 
   static void EncodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles);
 
   static void DecodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles);
 
+  template <bool element_nullable, typename ElementValidateParams>
   static bool ValidateElements(const ArrayHeader* header,
                                const ElementType* elements,
-                               BoundsChecker* bounds_checker);
+                               BoundsChecker* bounds_checker) {
+    MOJO_COMPILE_ASSERT(
+        (IsSame<ElementValidateParams, NoValidateParams>::value),
+        Handle_type_should_not_have_array_validate_params);
+
+    for (uint32_t i = 0; i < header->num_elements; ++i) {
+      if (IsNonNullableValidationEnabled() && !element_nullable &&
+          elements[i].value() == kEncodedInvalidHandleValue) {
+        ReportValidationError(VALIDATION_ERROR_UNEXPECTED_INVALID_HANDLE);
+        return false;
+      }
+      if (!bounds_checker->ClaimHandle(elements[i])) {
+        ReportValidationError(VALIDATION_ERROR_ILLEGAL_HANDLE);
+        return false;
+      }
+    }
+    return true;
+  }
 };
 
 template <typename H>
 struct ArraySerializationHelper<H, true> {
   typedef typename ArrayDataTraits<H>::StorageType ElementType;
 
   static void EncodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles) {
     ArraySerializationHelper<Handle, true>::EncodePointersAndHandles(
         header, elements, handles);
   }
 
   static void DecodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles) {
     ArraySerializationHelper<Handle, true>::DecodePointersAndHandles(
         header, elements, handles);
   }
 
+  template <bool element_nullable, typename ElementValidateParams>
   static bool ValidateElements(const ArrayHeader* header,
                                const ElementType* elements,
                                BoundsChecker* bounds_checker) {
-    return ArraySerializationHelper<Handle, true>::ValidateElements(
-        header, elements, bounds_checker);
+    return ArraySerializationHelper<Handle, true>::
+        ValidateElements<element_nullable, ElementValidateParams>(
+            header, elements, bounds_checker);
   }
 };
 
 template <typename P>
 struct ArraySerializationHelper<P*, false> {
   typedef typename ArrayDataTraits<P*>::StorageType ElementType;
 
   static void EncodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles) {
     for (uint32_t i = 0; i < header->num_elements; ++i)
       Encode(&elements[i], handles);
   }
 
   static void DecodePointersAndHandles(const ArrayHeader* header,
                                        ElementType* elements,
                                        std::vector<Handle>* handles) {
     for (uint32_t i = 0; i < header->num_elements; ++i)
       Decode(&elements[i], handles);
   }
 
+  template <bool element_nullable, typename ElementValidateParams>
   static bool ValidateElements(const ArrayHeader* header,
                                const ElementType* elements,
                                BoundsChecker* bounds_checker) {
     for (uint32_t i = 0; i < header->num_elements; ++i) {
+      if (IsNonNullableValidationEnabled() && !element_nullable &&
+          !elements[i].offset) {
+        ReportValidationError(VALIDATION_ERROR_UNEXPECTED_NULL_POINTER);
+        return false;
+      }
       if (!ValidateEncodedPointer(&elements[i].offset)) {
         ReportValidationError(VALIDATION_ERROR_ILLEGAL_POINTER);
         return false;
       }
-      if (!P::Validate(DecodePointerRaw(&elements[i].offset), bounds_checker))
+      if (!ValidateCaller<P, ElementValidateParams>::Run(
+              DecodePointerRaw(&elements[i].offset), bounds_checker)) {
         return false;
+      }
     }
     return true;
   }
+
+ private:
+  template <typename T, typename Params>
+  struct ValidateCaller {
+    static bool Run(const void* data, BoundsChecker* bounds_checker) {
+      MOJO_COMPILE_ASSERT(
+          (IsSame<Params, NoValidateParams>::value),
+          Struct_type_should_not_have_array_validate_params);
+
+      return T::Validate(data, bounds_checker);
+    }
+  };
+
+  template <typename T, typename Params>
+  struct ValidateCaller<Array_Data<T>, Params> {
+    static bool Run(const void* data, BoundsChecker* bounds_checker) {
+      return Array_Data<T>::template Validate<Params>(data, bounds_checker);
+    }
+  };
 };
 
 template <typename T>
 class Array_Data {
  public:
   typedef ArrayDataTraits<T> Traits;
   typedef typename Traits::StorageType StorageType;
   typedef typename Traits::Ref Ref;
   typedef typename Traits::ConstRef ConstRef;
   typedef ArraySerializationHelper<T, IsHandle<T>::value> Helper;
 
   static Array_Data<T>* New(size_t num_elements, Buffer* buf) {
     size_t num_bytes = sizeof(Array_Data<T>) +
                        Traits::GetStorageSize(num_elements);
     return new (buf->Allocate(num_bytes)) Array_Data<T>(num_bytes,
                                                         num_elements);
   }
 
-  // If expected_num_elements is not zero, the actual number of elements in the
-  // header must match that value or the message is rejected.
-  static bool Validate(const void* data,
-                       BoundsChecker* bounds_checker,
-                       uint32_t expected_num_elements = 0) {
+  template <typename Params>
+  static bool Validate(const void* data, BoundsChecker* bounds_checker) {
     if (!data)
       return true;
     if (!IsAligned(data)) {
       ReportValidationError(VALIDATION_ERROR_MISALIGNED_OBJECT);
       return false;
     }
     if (!bounds_checker->IsValidRange(data, sizeof(ArrayHeader))) {
       ReportValidationError(VALIDATION_ERROR_ILLEGAL_MEMORY_RANGE);
       return false;
     }
     const ArrayHeader* header = static_cast<const ArrayHeader*>(data);
     if (header->num_bytes < (sizeof(Array_Data<T>) +
                              Traits::GetStorageSize(header->num_elements))) {
       ReportValidationError(VALIDATION_ERROR_UNEXPECTED_ARRAY_HEADER);
       return false;
     }
-    if (expected_num_elements != 0 &&
-        header->num_elements != expected_num_elements) {
+    if (Params::expected_num_elements != 0 &&
+        header->num_elements != Params::expected_num_elements) {
       ReportValidationError(VALIDATION_ERROR_UNEXPECTED_ARRAY_HEADER);
       return false;
     }
     if (!bounds_checker->ClaimMemory(data, header->num_bytes)) {
       ReportValidationError(VALIDATION_ERROR_ILLEGAL_MEMORY_RANGE);
       return false;
     }
 
     const Array_Data<T>* object = static_cast<const Array_Data<T>*>(data);
-    return Helper::ValidateElements(&object->header_, object->storage(),
-                                    bounds_checker);
+    return Helper::template ValidateElements<
+        Params::element_nullable, typename Params::ElementValidateParams>(
+            &object->header_, object->storage(), bounds_checker);
   }
 
   size_t size() const { return header_.num_elements; }
 
   Ref at(size_t offset) {
     MOJO_DCHECK(offset < static_cast<size_t>(header_.num_elements));
     return Traits::ToRef(storage(), offset);
   }
 
   ConstRef at(size_t offset) const {
@@ skipping 109 matching lines @@
 };
 
 template <> struct WrapperTraits<String, false> {
   typedef String_Data* DataType;
 };
 
 }  // namespace internal
 }  // namespace mojo
 
 #endif  // MOJO_PUBLIC_CPP_BINDINGS_LIB_ARRAY_INTERNAL_H_