1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_PICKLE_H_ 6 #define BASE_PICKLE_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <string> 12 13 #include "base/base_export.h" 14 #include "base/check_op.h" 15 #include "base/containers/span.h" 16 #include "base/gtest_prod_util.h" 17 #include "base/memory/raw_ptr_exclusion.h" 18 #include "base/memory/ref_counted.h" 19 #include "base/strings/string_piece.h" 20 #include "third_party/abseil-cpp/absl/types/optional.h" 21 22 namespace base { 23 24 class Pickle; 25 26 // PickleIterator reads data from a Pickle. The Pickle object must remain valid 27 // while the PickleIterator object is in use. 28 class BASE_EXPORT PickleIterator { 29 public: PickleIterator()30 PickleIterator() : payload_(nullptr), read_index_(0), end_index_(0) {} 31 explicit PickleIterator(const Pickle& pickle); 32 33 // Methods for reading the payload of the Pickle. To read from the start of 34 // the Pickle, create a PickleIterator from a Pickle. If successful, these 35 // methods return true. Otherwise, false is returned to indicate that the 36 // result could not be extracted. It is not possible to read from the iterator 37 // after that. 38 [[nodiscard]] bool ReadBool(bool* result); 39 [[nodiscard]] bool ReadInt(int* result); 40 [[nodiscard]] bool ReadLong(long* result); 41 [[nodiscard]] bool ReadUInt16(uint16_t* result); 42 [[nodiscard]] bool ReadUInt32(uint32_t* result); 43 [[nodiscard]] bool ReadInt64(int64_t* result); 44 [[nodiscard]] bool ReadUInt64(uint64_t* result); 45 [[nodiscard]] bool ReadFloat(float* result); 46 [[nodiscard]] bool ReadDouble(double* result); 47 [[nodiscard]] bool ReadString(std::string* result); 48 // The StringPiece data will only be valid for the lifetime of the message. 49 [[nodiscard]] bool ReadStringPiece(StringPiece* result); 50 [[nodiscard]] bool ReadString16(std::u16string* result); 51 // The StringPiece16 data will only be valid for the lifetime of the message. 52 [[nodiscard]] bool ReadStringPiece16(StringPiece16* result); 53 54 // A pointer to the data will be placed in |*data|, and the length will be 55 // placed in |*length|. The pointer placed into |*data| points into the 56 // message's buffer so it will be scoped to the lifetime of the message (or 57 // until the message data is mutated). Do not keep the pointer around! 58 [[nodiscard]] bool ReadData(const char** data, size_t* length); 59 60 // Similar, but using base::span for convenience. 61 [[nodiscard]] absl::optional<base::span<const uint8_t>> ReadData(); 62 63 // A pointer to the data will be placed in |*data|. The caller specifies the 64 // number of bytes to read, and ReadBytes will validate this length. The 65 // pointer placed into |*data| points into the message's buffer so it will be 66 // scoped to the lifetime of the message (or until the message data is 67 // mutated). Do not keep the pointer around! 68 [[nodiscard]] bool ReadBytes(const char** data, size_t length); 69 70 // A version of ReadInt() that checks for the result not being negative. Use 71 // it for reading the object sizes. ReadLength(size_t * result)72 [[nodiscard]] bool ReadLength(size_t* result) { 73 int result_int; 74 if (!ReadInt(&result_int) || result_int < 0) 75 return false; 76 *result = static_cast<size_t>(result_int); 77 return true; 78 } 79 80 // Skips bytes in the read buffer and returns true if there are at least 81 // num_bytes available. Otherwise, does nothing and returns false. SkipBytes(size_t num_bytes)82 [[nodiscard]] bool SkipBytes(size_t num_bytes) { 83 return !!GetReadPointerAndAdvance(num_bytes); 84 } 85 ReachedEnd()86 bool ReachedEnd() const { return read_index_ == end_index_; } 87 88 private: 89 // Read Type from Pickle. 90 template <typename Type> 91 bool ReadBuiltinType(Type* result); 92 93 // Advance read_index_ but do not allow it to exceed end_index_. 94 // Keeps read_index_ aligned. 95 void Advance(size_t size); 96 97 // Get read pointer for Type and advance read pointer. 98 template<typename Type> 99 const char* GetReadPointerAndAdvance(); 100 101 // Get read pointer for |num_bytes| and advance read pointer. This method 102 // checks num_bytes for wrapping. 103 const char* GetReadPointerAndAdvance(size_t num_bytes); 104 105 // Get read pointer for (num_elements * size_element) bytes and advance read 106 // pointer. This method checks for overflow and wrapping. 107 const char* GetReadPointerAndAdvance(size_t num_elements, 108 size_t size_element); 109 110 const char* payload_; // Start of our pickle's payload. 111 size_t read_index_; // Offset of the next readable byte in payload. 112 size_t end_index_; // Payload size. 113 114 FRIEND_TEST_ALL_PREFIXES(PickleTest, GetReadPointerAndAdvance); 115 }; 116 117 // This class provides facilities for basic binary value packing and unpacking. 118 // 119 // The Pickle class supports appending primitive values (ints, strings, etc.) 120 // to a pickle instance. The Pickle instance grows its internal memory buffer 121 // dynamically to hold the sequence of primitive values. The internal memory 122 // buffer is exposed as the "data" of the Pickle. This "data" can be passed 123 // to a Pickle object to initialize it for reading. 124 // 125 // When reading from a Pickle object, it is important for the consumer to know 126 // what value types to read and in what order to read them as the Pickle does 127 // not keep track of the type of data written to it. 128 // 129 // The Pickle's data has a header which contains the size of the Pickle's 130 // payload. It can optionally support additional space in the header. That 131 // space is controlled by the header_size parameter passed to the Pickle 132 // constructor. 133 // 134 class BASE_EXPORT Pickle { 135 public: 136 // Auxiliary data attached to a Pickle. Pickle must be subclassed along with 137 // this interface in order to provide a concrete implementation of support 138 // for attachments. The base Pickle implementation does not accept 139 // attachments. 140 class BASE_EXPORT Attachment : public RefCountedThreadSafe<Attachment> { 141 public: 142 Attachment(); 143 Attachment(const Attachment&) = delete; 144 Attachment& operator=(const Attachment&) = delete; 145 146 protected: 147 friend class RefCountedThreadSafe<Attachment>; 148 virtual ~Attachment(); 149 }; 150 151 // Initialize a Pickle object using the default header size. 152 Pickle(); 153 154 // Initialize a Pickle object with the specified header size in bytes, which 155 // must be greater-than-or-equal-to sizeof(Pickle::Header). The header size 156 // will be rounded up to ensure that the header size is 32bit-aligned. 157 explicit Pickle(size_t header_size); 158 159 // Initializes a Pickle from a const block of data. The data is not copied; 160 // instead the data is merely referenced by this Pickle. Only const methods 161 // should be used on the Pickle when initialized this way. The header 162 // padding size is deduced from the data length. 163 Pickle(const char* data, size_t data_len); 164 165 // Initializes a Pickle as a deep copy of another Pickle. 166 Pickle(const Pickle& other); 167 168 // Note: There are no virtual methods in this class. This destructor is 169 // virtual as an element of defensive coding. Other classes have derived from 170 // this class, and there is a *chance* that they will cast into this base 171 // class before destruction. At least one such class does have a virtual 172 // destructor, suggesting at least some need to call more derived destructors. 173 virtual ~Pickle(); 174 175 // Performs a deep copy. 176 Pickle& operator=(const Pickle& other); 177 178 // Returns the number of bytes written in the Pickle, including the header. size()179 size_t size() const { 180 return header_ ? header_size_ + header_->payload_size : 0; 181 } 182 183 // Returns the data for this Pickle. data()184 const uint8_t* data() const { 185 return reinterpret_cast<const uint8_t*>(header_); 186 } 187 188 // Handy method to simplify calling data() with a reinterpret_cast. data_as_char()189 const char* data_as_char() const { 190 return reinterpret_cast<const char*>(data()); 191 } 192 193 // Returns the effective memory capacity of this Pickle, that is, the total 194 // number of bytes currently dynamically allocated or 0 in the case of a 195 // read-only Pickle. This should be used only for diagnostic / profiling 196 // purposes. 197 size_t GetTotalAllocatedSize() const; 198 199 // Methods for adding to the payload of the Pickle. These values are 200 // appended to the end of the Pickle's payload. When reading values from a 201 // Pickle, it is important to read them in the order in which they were added 202 // to the Pickle. 203 WriteBool(bool value)204 void WriteBool(bool value) { WriteInt(value ? 1 : 0); } WriteInt(int value)205 void WriteInt(int value) { WritePOD(value); } WriteLong(long value)206 void WriteLong(long value) { 207 // Always write long as a 64-bit value to ensure compatibility between 208 // 32-bit and 64-bit processes. 209 WritePOD(static_cast<int64_t>(value)); 210 } WriteUInt16(uint16_t value)211 void WriteUInt16(uint16_t value) { WritePOD(value); } WriteUInt32(uint32_t value)212 void WriteUInt32(uint32_t value) { WritePOD(value); } WriteInt64(int64_t value)213 void WriteInt64(int64_t value) { WritePOD(value); } WriteUInt64(uint64_t value)214 void WriteUInt64(uint64_t value) { WritePOD(value); } WriteFloat(float value)215 void WriteFloat(float value) { WritePOD(value); } WriteDouble(double value)216 void WriteDouble(double value) { WritePOD(value); } 217 void WriteString(const StringPiece& value); 218 void WriteString16(const StringPiece16& value); 219 // "Data" is a blob with a length. When you read it out you will be given the 220 // length. See also WriteBytes. 221 void WriteData(const char* data, size_t length); 222 // "Bytes" is a blob with no length. The caller must specify the length both 223 // when reading and writing. It is normally used to serialize PoD types of a 224 // known size. See also WriteData. 225 void WriteBytes(const void* data, size_t length); 226 227 // WriteAttachment appends |attachment| to the pickle. It returns 228 // false iff the set is full or if the Pickle implementation does not support 229 // attachments. 230 virtual bool WriteAttachment(scoped_refptr<Attachment> attachment); 231 232 // ReadAttachment parses an attachment given the parsing state |iter| and 233 // writes it to |*attachment|. It returns true on success. 234 virtual bool ReadAttachment(base::PickleIterator* iter, 235 scoped_refptr<Attachment>* attachment) const; 236 237 // Indicates whether the pickle has any attachments. 238 virtual bool HasAttachments() const; 239 240 // Reserves space for upcoming writes when multiple writes will be made and 241 // their sizes are computed in advance. It can be significantly faster to call 242 // Reserve() before calling WriteFoo() multiple times. 243 void Reserve(size_t additional_capacity); 244 245 // Payload follows after allocation of Header (header size is customizable). 246 struct Header { 247 uint32_t payload_size; // Specifies the size of the payload. 248 }; 249 250 // Returns the header, cast to a user-specified type T. The type T must be a 251 // subclass of Header and its size must correspond to the header_size passed 252 // to the Pickle constructor. 253 template <class T> headerT()254 T* headerT() { 255 DCHECK_EQ(header_size_, sizeof(T)); 256 return static_cast<T*>(header_); 257 } 258 template <class T> headerT()259 const T* headerT() const { 260 DCHECK_EQ(header_size_, sizeof(T)); 261 return static_cast<const T*>(header_); 262 } 263 264 // The payload is the pickle data immediately following the header. payload_size()265 size_t payload_size() const { 266 return header_ ? header_->payload_size : 0; 267 } 268 payload()269 const char* payload() const { 270 return reinterpret_cast<const char*>(header_) + header_size_; 271 } 272 273 // Returns the address of the byte immediately following the currently valid 274 // header + payload. end_of_payload()275 const char* end_of_payload() const { 276 // This object may be invalid. 277 return header_ ? payload() + payload_size() : NULL; 278 } 279 280 protected: 281 // Returns size of the header, which can have default value, set by user or 282 // calculated by passed raw data. header_size()283 size_t header_size() const { return header_size_; } 284 mutable_payload()285 char* mutable_payload() { 286 return reinterpret_cast<char*>(header_) + header_size_; 287 } 288 capacity_after_header()289 size_t capacity_after_header() const { 290 return capacity_after_header_; 291 } 292 293 // Resize the capacity, note that the input value should not include the size 294 // of the header. 295 void Resize(size_t new_capacity); 296 297 // Claims |num_bytes| bytes of payload. This is similar to Reserve() in that 298 // it may grow the capacity, but it also advances the write offset of the 299 // pickle by |num_bytes|. Claimed memory, including padding, is zeroed. 300 // 301 // Returns the address of the first byte claimed. 302 void* ClaimBytes(size_t num_bytes); 303 304 // Find the end of the pickled data that starts at range_start. Returns NULL 305 // if the entire Pickle is not found in the given data range. 306 static const char* FindNext(size_t header_size, 307 const char* range_start, 308 const char* range_end); 309 310 // Parse pickle header and return total size of the pickle. Data range 311 // doesn't need to contain entire pickle. 312 // Returns true if pickle header was found and parsed. Callers must check 313 // returned |pickle_size| for sanity (against maximum message size, etc). 314 // NOTE: when function successfully parses a header, but encounters an 315 // overflow during pickle size calculation, it sets |pickle_size| to the 316 // maximum size_t value and returns true. 317 static bool PeekNext(size_t header_size, 318 const char* range_start, 319 const char* range_end, 320 size_t* pickle_size); 321 322 // The allocation granularity of the payload. 323 static const size_t kPayloadUnit; 324 325 private: 326 friend class PickleIterator; 327 328 // `header_` is not a raw_ptr<...> for performance reasons (based on analysis 329 // of sampling profiler data). 330 RAW_PTR_EXCLUSION Header* header_; 331 size_t header_size_; // Supports extra data between header and payload. 332 // Allocation size of payload (or -1 if allocation is const). Note: this 333 // doesn't count the header. 334 size_t capacity_after_header_; 335 // The offset at which we will write the next field. Note: this doesn't count 336 // the header. 337 size_t write_offset_; 338 339 // Just like WriteBytes, but with a compile-time size, for performance. 340 template<size_t length> void BASE_EXPORT WriteBytesStatic(const void* data); 341 342 // Writes a POD by copying its bytes. WritePOD(const T & data)343 template <typename T> bool WritePOD(const T& data) { 344 WriteBytesStatic<sizeof(data)>(&data); 345 return true; 346 } 347 348 inline void* ClaimUninitializedBytesInternal(size_t num_bytes); 349 inline void WriteBytesCommon(const void* data, size_t length); 350 351 FRIEND_TEST_ALL_PREFIXES(PickleTest, DeepCopyResize); 352 FRIEND_TEST_ALL_PREFIXES(PickleTest, Resize); 353 FRIEND_TEST_ALL_PREFIXES(PickleTest, PeekNext); 354 FRIEND_TEST_ALL_PREFIXES(PickleTest, PeekNextOverflow); 355 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNext); 356 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextWithIncompleteHeader); 357 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextOverflow); 358 }; 359 360 } // namespace base 361 362 #endif // BASE_PICKLE_H_ 363