Home | History | Annotate | Download | only in lib 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_BOUNDS_CHECKER_H_
      6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_BOUNDS_CHECKER_H_
      7 
      8 #include <stdint.h>
      9 
     10 #include "mojo/public/cpp/system/macros.h"
     11 
     12 namespace mojo {
     13 
     14 class Handle;
     15 
     16 namespace internal {
     17 
     18 // BoundsChecker is used to validate object sizes, pointers and handle indices
     19 // for payload of incoming messages.
     20 class BoundsChecker {
     21  public:
     22   // [data, data + data_num_bytes) specifies the initial valid memory range.
     23   // [0, num_handles) specifies the initial valid range of handle indices.
     24   BoundsChecker(const void* data, uint32_t data_num_bytes,
     25                 size_t num_handles);
     26 
     27   ~BoundsChecker();
     28 
     29   // Claims the specified memory range.
     30   // The method succeeds if the range is valid to claim. (Please see
     31   // the comments for IsValidRange().)
     32   // On success, the valid memory range is shrinked to begin right after the end
     33   // of the claimed range.
     34   bool ClaimMemory(const void* position, uint32_t num_bytes);
     35 
     36   // Claims the specified encoded handle (which is basically a handle index).
     37   // The method succeeds if:
     38   // - |encoded_handle|'s value is |kEncodedInvalidHandleValue|.
     39   // - the handle is contained inside the valid range of handle indices. In this
     40   // case, the valid range is shinked to begin right after the claimed handle.
     41   bool ClaimHandle(const Handle& encoded_handle);
     42 
     43   // Returns true if the specified range is not empty, and the range is
     44   // contained inside the valid memory range.
     45   bool IsValidRange(const void* position, uint32_t num_bytes) const;
     46 
     47  private:
     48   bool InternalIsValidRange(uintptr_t begin, uintptr_t end) const;
     49 
     50   // [data_begin_, data_end_) is the valid memory range.
     51   uintptr_t data_begin_;
     52   uintptr_t data_end_;
     53 
     54   // [handle_begin_, handle_end_) is the valid handle index range.
     55   uint32_t handle_begin_;
     56   uint32_t handle_end_;
     57 
     58   MOJO_DISALLOW_COPY_AND_ASSIGN(BoundsChecker);
     59 };
     60 
     61 }  // namespace internal
     62 }  // namespace mojo
     63 
     64 #endif  // MOJO_PUBLIC_CPP_BINDINGS_LIB_BOUNDS_CHECKER_H_
     65