Make SafeBrowsingDatabase's PrefixSets only updatable by swapping a new one in.

chrome/browser/safe_browsing/prefix_set.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/safe_browsing/prefix_set.h"
 
 #include <algorithm>
 
 #include "base/files/file_util.h"
 #include "base/files/scoped_file.h"
@@ skipping 139 matching lines @@
     SBPrefix current = index_[ii].first;
     prefixes->push_back(current);
     for (size_t di = index_[ii].second; di < deltas_end; ++di) {
       current += deltas_[di];
       prefixes->push_back(current);
     }
   }
 }
 
 // static
-scoped_ptr<PrefixSet> PrefixSet::LoadFile(const base::FilePath& filter_name) {
+scoped_ptr<const PrefixSet> PrefixSet::LoadFile(
+    const base::FilePath& filter_name) {
   int64 size_64;
   if (!base::GetFileSize(filter_name, &size_64))
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();

[mattm, 2014/12/03 23:08:19]

can these all be changed to "return nullptr;"?

[gab, 2014/12/04 20:30:20]

Yep :)

   using base::MD5Digest;
   if (size_64 < static_cast<int64>(sizeof(FileHeader) + sizeof(MD5Digest)))
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   base::ScopedFILE file(base::OpenFile(filter_name, "rb"));
   if (!file.get())
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   FileHeader header;
   size_t read = fread(&header, sizeof(header), 1, file.get());
   if (read != 1)
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   // The file looks valid, start building the digest.
   base::MD5Context context;
   base::MD5Init(&context);
   base::MD5Update(&context, base::StringPiece(reinterpret_cast<char*>(&header),
                                               sizeof(header)));
 
   if (header.magic != kMagic)
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   // Track version read to inform removal of support for older versions.
   UMA_HISTOGRAM_SPARSE_SLOWLY("SB2.PrefixSetVersionRead", header.version);
 
   if (header.version <= kDeprecatedVersion) {
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
   } else if (header.version != kVersion) {
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
   }
 
   IndexVector index;
   const size_t index_bytes = sizeof(index[0]) * header.index_size;
 
   std::vector<uint16> deltas;
   const size_t deltas_bytes = sizeof(deltas[0]) * header.deltas_size;
 
   std::vector<SBFullHash> full_hashes;
   const size_t full_hashes_bytes =
       sizeof(full_hashes[0]) * header.full_hashes_size;
 
   // Check for bogus sizes before allocating any space.
   const size_t expected_bytes = sizeof(header) +
       index_bytes + deltas_bytes + full_hashes_bytes + sizeof(MD5Digest);
   if (static_cast<int64>(expected_bytes) != size_64)
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   // Read the index vector.  Herb Sutter indicates that vectors are
   // guaranteed to be contiuguous, so reading to where element 0 lives
   // is valid.
   if (header.index_size) {
     index.resize(header.index_size);
     read = fread(&(index[0]), sizeof(index[0]), index.size(), file.get());
     if (read != index.size())
-      return scoped_ptr<PrefixSet>();
+      return scoped_ptr<const PrefixSet>();
     base::MD5Update(&context,
                     base::StringPiece(reinterpret_cast<char*>(&(index[0])),
                                       index_bytes));
   }
 
   // Read vector of deltas.
   if (header.deltas_size) {
     deltas.resize(header.deltas_size);
     read = fread(&(deltas[0]), sizeof(deltas[0]), deltas.size(), file.get());
     if (read != deltas.size())
-      return scoped_ptr<PrefixSet>();
+      return scoped_ptr<const PrefixSet>();
     base::MD5Update(&context,
                     base::StringPiece(reinterpret_cast<char*>(&(deltas[0])),
                                       deltas_bytes));
   }
 
   // Read vector of full hashes.
   if (header.full_hashes_size) {
     full_hashes.resize(header.full_hashes_size);
     read = fread(&(full_hashes[0]), sizeof(full_hashes[0]), full_hashes.size(),
                  file.get());
     if (read != full_hashes.size())
-      return scoped_ptr<PrefixSet>();
+      return scoped_ptr<const PrefixSet>();
     base::MD5Update(&context,
                     base::StringPiece(
                         reinterpret_cast<char*>(&(full_hashes[0])),
                         full_hashes_bytes));
   }
 
   base::MD5Digest calculated_digest;
   base::MD5Final(&calculated_digest, &context);
 
   base::MD5Digest file_digest;
   read = fread(&file_digest, sizeof(file_digest), 1, file.get());
   if (read != 1)
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   if (0 != memcmp(&file_digest, &calculated_digest, sizeof(file_digest)))
-    return scoped_ptr<PrefixSet>();
+    return scoped_ptr<const PrefixSet>();
 
   // Steals vector contents using swap().
-  return scoped_ptr<PrefixSet>(new PrefixSet(&index, &deltas, &full_hashes));
+  return scoped_ptr<const PrefixSet>(

[mattm, 2014/12/03 23:08:19]

does make_scoped_ptr work here?

[gab, 2014/12/04 20:30:20]

Surprisingly, yes :-)!

(I expected it to fail as it typically can't cast, but it looks like it can deal
with const)

+      new PrefixSet(&index, &deltas, &full_hashes));
 }
 
 bool PrefixSet::WriteFile(const base::FilePath& filter_name) const {
   FileHeader header;
   header.magic = kMagic;
   header.version = kVersion;
   header.index_size = static_cast<uint32>(index_.size());
   header.deltas_size = static_cast<uint32>(deltas_.size());
   header.full_hashes_size = static_cast<uint32>(full_hashes_.size());
 
@@ skipping 91 matching lines @@
 PrefixSetBuilder::PrefixSetBuilder(const std::vector<SBPrefix>& prefixes)
     : prefix_set_(new PrefixSet()) {
   for (size_t i = 0; i < prefixes.size(); ++i) {
     AddPrefix(prefixes[i]);
   }
 }
 
 PrefixSetBuilder::~PrefixSetBuilder() {
 }
 
-scoped_ptr<PrefixSet> PrefixSetBuilder::GetPrefixSet(
+scoped_ptr<const PrefixSet> PrefixSetBuilder::GetPrefixSet(
     const std::vector<SBFullHash>& hashes) {
   DCHECK(prefix_set_.get());
 
   // Flush runs until buffered data is gone.
   while (!buffer_.empty()) {
     EmitRun();
   }
 
   // Precisely size |index_| for read-only.  It's 50k-60k, so minor savings, but
   // they're almost free.
   PrefixSet::IndexVector(prefix_set_->index_).swap(prefix_set_->index_);
 
   prefix_set_->full_hashes_ = hashes;
   std::sort(prefix_set_->full_hashes_.begin(), prefix_set_->full_hashes_.end(),
             SBFullHashLess);
 
   return prefix_set_.Pass();
 }
 
-scoped_ptr<PrefixSet> PrefixSetBuilder::GetPrefixSetNoHashes() {
+scoped_ptr<const PrefixSet> PrefixSetBuilder::GetPrefixSetNoHashes() {
   return GetPrefixSet(std::vector<SBFullHash>()).Pass();
 }
 
 void PrefixSetBuilder::EmitRun() {
   DCHECK(prefix_set_.get());
 
   SBPrefix prev_prefix = buffer_[0];
   uint16 run[PrefixSet::kMaxRun];
   size_t run_pos = 0;
 
@@ skipping 34 matching lines @@
   }
   buffer_.push_back(prefix);
 
   // Flush buffer when a run can be constructed.  +1 for the index item, and +1
   // to leave at least one item in the buffer for dropping duplicates.
   if (buffer_.size() > PrefixSet::kMaxRun + 2)
     EmitRun();
 }
 
 }  // namespace safe_browsing