Home | History | Annotate | Download | only in lib 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
      6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
      7 
      8 #include <stddef.h>
      9 #include <stdint.h>
     10 
     11 #include "base/macros.h"
     12 #include "base/strings/string_piece.h"
     13 #include "mojo/public/cpp/bindings/lib/bindings_internal.h"
     14 
     15 namespace mojo {
     16 
     17 class Handle;
     18 class Message;
     19 
     20 namespace internal {
     21 
     22 // ValidationContext is used when validating object sizes, pointers and handle
     23 // indices in the payload of incoming messages.
     24 class ValidationContext {
     25  public:
     26   // [data, data + data_num_bytes) specifies the initial valid memory range.
     27   // [0, num_handles) specifies the initial valid range of handle indices.
     28   //
     29   // If provided, |message| and |description| provide additional information
     30   // to use when reporting validation errors. In addition if |message| is
     31   // provided, the MojoNotifyBadMessage API will be used to notify the system of
     32   // such errors.
     33   ValidationContext(const void* data,
     34                     size_t data_num_bytes,
     35                     size_t num_handles,
     36                     Message* message = nullptr,
     37                     const base::StringPiece& description = "");
     38 
     39   ~ValidationContext();
     40 
     41   // Claims the specified memory range.
     42   // The method succeeds if the range is valid to claim. (Please see
     43   // the comments for IsValidRange().)
     44   // On success, the valid memory range is shrinked to begin right after the end
     45   // of the claimed range.
     46   bool ClaimMemory(const void* position, uint32_t num_bytes);
     47 
     48   // Claims the specified encoded handle (which is basically a handle index).
     49   // The method succeeds if:
     50   // - |encoded_handle|'s value is |kEncodedInvalidHandleValue|.
     51   // - the handle is contained inside the valid range of handle indices. In this
     52   // case, the valid range is shinked to begin right after the claimed handle.
     53   bool ClaimHandle(const Handle_Data& encoded_handle);
     54 
     55   // Returns true if the specified range is not empty, and the range is
     56   // contained inside the valid memory range.
     57   bool IsValidRange(const void* position, uint32_t num_bytes) const;
     58 
     59   Message* message() const { return message_; }
     60   const base::StringPiece& description() const { return description_; }
     61 
     62  private:
     63   bool InternalIsValidRange(uintptr_t begin, uintptr_t end) const;
     64 
     65   Message* const message_;
     66   const base::StringPiece description_;
     67 
     68   // [data_begin_, data_end_) is the valid memory range.
     69   uintptr_t data_begin_;
     70   uintptr_t data_end_;
     71 
     72   // [handle_begin_, handle_end_) is the valid handle index range.
     73   uint32_t handle_begin_;
     74   uint32_t handle_end_;
     75 
     76   DISALLOW_COPY_AND_ASSIGN(ValidationContext);
     77 };
     78 
     79 }  // namespace internal
     80 }  // namespace mojo
     81 
     82 #endif  // MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
     83