1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef MOJO_SYSTEM_MEMORY_H_ 6 #define MOJO_SYSTEM_MEMORY_H_ 7 8 #include <stddef.h> 9 10 #include "mojo/system/system_impl_export.h" 11 12 namespace mojo { 13 namespace system { 14 15 // This is just forward-declared, with the definition and explicit 16 // instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| 17 // below, and you should use that instead. 18 template <size_t size> 19 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, 20 size_t count); 21 22 // A non-templatized version of the above, for when the element size isn't 23 // fixed. 24 bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, 25 size_t size, 26 size_t count); 27 28 // Verify that |count * sizeof(T)| bytes can be read from the user |pointer| 29 // insofar as possible/necessary (note: this is done carefully since |count * 30 // sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, 31 // then the size of each element is taken to be a single byte. 32 // 33 // For example, if running in kernel mode, this should be a full verification 34 // that the given memory is owned and readable by the user process. In user 35 // mode, if crashes are acceptable, this may do nothing at all (and always 36 // return true). 37 template <typename T> 38 bool VerifyUserPointer(const T* pointer, size_t count) { 39 return VerifyUserPointerForSize<sizeof(T)>(pointer, count); 40 } 41 42 // Special-case |T| equals |void| so that the size is in bytes, as indicated 43 // above. 44 template <> 45 inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { 46 return VerifyUserPointerForSize<1>(pointer, count); 47 } 48 49 } // namespace system 50 } // namespace mojo 51 52 #endif // MOJO_SYSTEM_MEMORY_H_ 53
