1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_PICKLE_H_ 6 #define BASE_PICKLE_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <string> 12 13 #include "base/base_export.h" 14 #include "base/check_op.h" 15 #include "base/containers/span.h" 16 #include "base/gtest_prod_util.h" 17 #include "base/memory/raw_ptr_exclusion.h" 18 #include "base/memory/ref_counted.h" 19 #include "base/strings/string_piece.h" 20 #include "third_party/abseil-cpp/absl/types/optional.h" 21 22 namespace base { 23 24 class Pickle; 25 26 // PickleIterator reads data from a Pickle. The Pickle object must remain valid 27 // while the PickleIterator object is in use. 28 class BASE_EXPORT PickleIterator { 29 public: PickleIterator()30 PickleIterator() : payload_(nullptr), read_index_(0), end_index_(0) {} 31 explicit PickleIterator(const Pickle& pickle); 32 33 // Methods for reading the payload of the Pickle. To read from the start of 34 // the Pickle, create a PickleIterator from a Pickle. If successful, these 35 // methods return true. Otherwise, false is returned to indicate that the 36 // result could not be extracted. It is not possible to read from the iterator 37 // after that. 38 [[nodiscard]] bool ReadBool(bool* result); 39 [[nodiscard]] bool ReadInt(int* result); 40 [[nodiscard]] bool ReadLong(long* result); 41 [[nodiscard]] bool ReadUInt16(uint16_t* result); 42 [[nodiscard]] bool ReadUInt32(uint32_t* result); 43 [[nodiscard]] bool ReadInt64(int64_t* result); 44 [[nodiscard]] bool ReadUInt64(uint64_t* result); 45 [[nodiscard]] bool ReadFloat(float* result); 46 [[nodiscard]] bool ReadDouble(double* result); 47 [[nodiscard]] bool ReadString(std::string* result); 48 // The StringPiece data will only be valid for the lifetime of the message. 49 [[nodiscard]] bool ReadStringPiece(StringPiece* result); 50 [[nodiscard]] bool ReadString16(std::u16string* result); 51 // The StringPiece16 data will only be valid for the lifetime of the message. 52 [[nodiscard]] bool ReadStringPiece16(StringPiece16* result); 53 54 // A pointer to the data will be placed in |*data|, and the length will be 55 // placed in |*length|. The pointer placed into |*data| points into the 56 // message's buffer so it will be scoped to the lifetime of the message (or 57 // until the message data is mutated). Do not keep the pointer around! 58 [[nodiscard]] bool ReadData(const char** data, size_t* length); 59 60 // Similar, but using base::span for convenience. 61 [[nodiscard]] absl::optional<base::span<const uint8_t>> ReadData(); 62 63 // A pointer to the data will be placed in |*data|. The caller specifies the 64 // number of bytes to read, and ReadBytes will validate this length. The 65 // pointer placed into |*data| points into the message's buffer so it will be 66 // scoped to the lifetime of the message (or until the message data is 67 // mutated). Do not keep the pointer around! 68 [[nodiscard]] bool ReadBytes(const char** data, size_t length); 69 70 // A version of ReadInt() that checks for the result not being negative. Use 71 // it for reading the object sizes. ReadLength(size_t * result)72 [[nodiscard]] bool ReadLength(size_t* result) { 73 int result_int; 74 if (!ReadInt(&result_int) || result_int < 0) 75 return false; 76 *result = static_cast<size_t>(result_int); 77 return true; 78 } 79 80 // Skips bytes in the read buffer and returns true if there are at least 81 // num_bytes available. Otherwise, does nothing and returns false. SkipBytes(size_t num_bytes)82 [[nodiscard]] bool SkipBytes(size_t num_bytes) { 83 return !!GetReadPointerAndAdvance(num_bytes); 84 } 85 ReachedEnd()86 bool ReachedEnd() const { return read_index_ == end_index_; } 87 88 private: 89 // Read Type from Pickle. 90 template <typename Type> 91 bool ReadBuiltinType(Type* result); 92 93 // Advance read_index_ but do not allow it to exceed end_index_. 94 // Keeps read_index_ aligned. 95 void Advance(size_t size); 96 97 // Get read pointer for Type and advance read pointer. 98 template<typename Type> 99 const char* GetReadPointerAndAdvance(); 100 101 // Get read pointer for |num_bytes| and advance read pointer. This method 102 // checks num_bytes for wrapping. 103 const char* GetReadPointerAndAdvance(size_t num_bytes); 104 105 // Get read pointer for (num_elements * size_element) bytes and advance read 106 // pointer. This method checks for overflow and wrapping. 107 const char* GetReadPointerAndAdvance(size_t num_elements, 108 size_t size_element); 109 110 const char* payload_; // Start of our pickle's payload. 111 size_t read_index_; // Offset of the next readable byte in payload. 112 size_t end_index_; // Payload size. 113 114 FRIEND_TEST_ALL_PREFIXES(PickleTest, GetReadPointerAndAdvance); 115 }; 116 117 // This class provides facilities for basic binary value packing and unpacking. 118 // 119 // The Pickle class supports appending primitive values (ints, strings, etc.) 120 // to a pickle instance. The Pickle instance grows its internal memory buffer 121 // dynamically to hold the sequence of primitive values. The internal memory 122 // buffer is exposed as the "data" of the Pickle. This "data" can be passed 123 // to a Pickle object to initialize it for reading. 124 // 125 // When reading from a Pickle object, it is important for the consumer to know 126 // what value types to read and in what order to read them as the Pickle does 127 // not keep track of the type of data written to it. 128 // 129 // The Pickle's data has a header which contains the size of the Pickle's 130 // payload. It can optionally support additional space in the header. That 131 // space is controlled by the header_size parameter passed to the Pickle 132 // constructor. 133 // 134 class BASE_EXPORT Pickle { 135 public: 136 // Auxiliary data attached to a Pickle. Pickle must be subclassed along with 137 // this interface in order to provide a concrete implementation of support 138 // for attachments. The base Pickle implementation does not accept 139 // attachments. 140 class BASE_EXPORT Attachment : public RefCountedThreadSafe<Attachment> { 141 public: 142 Attachment(); 143 Attachment(const Attachment&) = delete; 144 Attachment& operator=(const Attachment&) = delete; 145 146 protected: 147 friend class RefCountedThreadSafe<Attachment>; 148 virtual ~Attachment(); 149 }; 150 151 // Initialize a Pickle object using the default header size. 152 Pickle(); 153 154 // Initialize a Pickle object with the specified header size in bytes, which 155 // must be greater-than-or-equal-to sizeof(Pickle::Header). The header size 156 // will be rounded up to ensure that the header size is 32bit-aligned. 157 explicit Pickle(size_t header_size); 158 159 // Initializes a Pickle from a const block of data. The data is not copied; 160 // instead the data is merely referenced by this Pickle. Only const methods 161 // should be used on the Pickle when initialized this way. The header 162 // padding size is deduced from the data length. 163 explicit Pickle(span<const uint8_t> data); 164 // TODO(crbug.com/1490484): Migrate callers of this overload to the span 165 // version. 166 Pickle(const char* data, size_t data_len); 167 168 // Initializes a Pickle as a deep copy of another Pickle. 169 Pickle(const Pickle& other); 170 171 // Note: Other classes are derived from this class, and they may well 172 // delete through this parent class, e.g. std::uniuqe_ptr<Pickle> exists 173 // in several places the code. 174 virtual ~Pickle(); 175 176 // Performs a deep copy. 177 Pickle& operator=(const Pickle& other); 178 179 // Returns the number of bytes written in the Pickle, including the header. size()180 size_t size() const { 181 return header_ ? header_size_ + header_->payload_size : 0; 182 } 183 184 // Returns the data for this Pickle. data()185 const uint8_t* data() const { 186 return reinterpret_cast<const uint8_t*>(header_); 187 } 188 189 // Handy method to simplify calling data() with a reinterpret_cast. data_as_char()190 const char* data_as_char() const { 191 return reinterpret_cast<const char*>(data()); 192 } 193 194 // Returns the effective memory capacity of this Pickle, that is, the total 195 // number of bytes currently dynamically allocated or 0 in the case of a 196 // read-only Pickle. This should be used only for diagnostic / profiling 197 // purposes. 198 size_t GetTotalAllocatedSize() const; 199 200 // Methods for adding to the payload of the Pickle. These values are 201 // appended to the end of the Pickle's payload. When reading values from a 202 // Pickle, it is important to read them in the order in which they were added 203 // to the Pickle. 204 WriteBool(bool value)205 void WriteBool(bool value) { WriteInt(value ? 1 : 0); } WriteInt(int value)206 void WriteInt(int value) { WritePOD(value); } WriteLong(long value)207 void WriteLong(long value) { 208 // Always write long as a 64-bit value to ensure compatibility between 209 // 32-bit and 64-bit processes. 210 WritePOD(static_cast<int64_t>(value)); 211 } WriteUInt16(uint16_t value)212 void WriteUInt16(uint16_t value) { WritePOD(value); } WriteUInt32(uint32_t value)213 void WriteUInt32(uint32_t value) { WritePOD(value); } WriteInt64(int64_t value)214 void WriteInt64(int64_t value) { WritePOD(value); } WriteUInt64(uint64_t value)215 void WriteUInt64(uint64_t value) { WritePOD(value); } WriteFloat(float value)216 void WriteFloat(float value) { WritePOD(value); } WriteDouble(double value)217 void WriteDouble(double value) { WritePOD(value); } 218 void WriteString(const StringPiece& value); 219 void WriteString16(const StringPiece16& value); 220 // "Data" is a blob with a length. When you read it out you will be given the 221 // length. See also WriteBytes. 222 void WriteData(const char* data, size_t length); 223 // "Bytes" is a blob with no length. The caller must specify the length both 224 // when reading and writing. It is normally used to serialize PoD types of a 225 // known size. See also WriteData. 226 void WriteBytes(const void* data, size_t length); 227 228 // WriteAttachment appends |attachment| to the pickle. It returns 229 // false iff the set is full or if the Pickle implementation does not support 230 // attachments. 231 virtual bool WriteAttachment(scoped_refptr<Attachment> attachment); 232 233 // ReadAttachment parses an attachment given the parsing state |iter| and 234 // writes it to |*attachment|. It returns true on success. 235 virtual bool ReadAttachment(base::PickleIterator* iter, 236 scoped_refptr<Attachment>* attachment) const; 237 238 // Indicates whether the pickle has any attachments. 239 virtual bool HasAttachments() const; 240 241 // Reserves space for upcoming writes when multiple writes will be made and 242 // their sizes are computed in advance. It can be significantly faster to call 243 // Reserve() before calling WriteFoo() multiple times. 244 void Reserve(size_t additional_capacity); 245 246 // Payload follows after allocation of Header (header size is customizable). 247 struct Header { 248 uint32_t payload_size; // Specifies the size of the payload. 249 }; 250 251 // Returns the header, cast to a user-specified type T. The type T must be a 252 // subclass of Header and its size must correspond to the header_size passed 253 // to the Pickle constructor. 254 template <class T> headerT()255 T* headerT() { 256 DCHECK_EQ(header_size_, sizeof(T)); 257 return static_cast<T*>(header_); 258 } 259 template <class T> headerT()260 const T* headerT() const { 261 DCHECK_EQ(header_size_, sizeof(T)); 262 return static_cast<const T*>(header_); 263 } 264 265 // The payload is the pickle data immediately following the header. payload_size()266 size_t payload_size() const { 267 return header_ ? header_->payload_size : 0; 268 } 269 payload()270 const char* payload() const { 271 return reinterpret_cast<const char*>(header_) + header_size_; 272 } 273 274 // Returns the address of the byte immediately following the currently valid 275 // header + payload. end_of_payload()276 const char* end_of_payload() const { 277 // This object may be invalid. 278 return header_ ? payload() + payload_size() : NULL; 279 } 280 281 protected: 282 // Returns size of the header, which can have default value, set by user or 283 // calculated by passed raw data. header_size()284 size_t header_size() const { return header_size_; } 285 mutable_payload()286 char* mutable_payload() { 287 return reinterpret_cast<char*>(header_) + header_size_; 288 } 289 capacity_after_header()290 size_t capacity_after_header() const { 291 return capacity_after_header_; 292 } 293 294 // Resize the capacity, note that the input value should not include the size 295 // of the header. 296 void Resize(size_t new_capacity); 297 298 // Claims |num_bytes| bytes of payload. This is similar to Reserve() in that 299 // it may grow the capacity, but it also advances the write offset of the 300 // pickle by |num_bytes|. Claimed memory, including padding, is zeroed. 301 // 302 // Returns the address of the first byte claimed. 303 void* ClaimBytes(size_t num_bytes); 304 305 // Find the end of the pickled data that starts at range_start. Returns NULL 306 // if the entire Pickle is not found in the given data range. 307 static const char* FindNext(size_t header_size, 308 const char* range_start, 309 const char* range_end); 310 311 // Parse pickle header and return total size of the pickle. Data range 312 // doesn't need to contain entire pickle. 313 // Returns true if pickle header was found and parsed. Callers must check 314 // returned |pickle_size| for sanity (against maximum message size, etc). 315 // NOTE: when function successfully parses a header, but encounters an 316 // overflow during pickle size calculation, it sets |pickle_size| to the 317 // maximum size_t value and returns true. 318 static bool PeekNext(size_t header_size, 319 const char* range_start, 320 const char* range_end, 321 size_t* pickle_size); 322 323 // The allocation granularity of the payload. 324 static const size_t kPayloadUnit; 325 326 private: 327 friend class PickleIterator; 328 329 // `header_` is not a raw_ptr<...> for performance reasons (based on analysis 330 // of sampling profiler data). 331 RAW_PTR_EXCLUSION Header* header_; 332 size_t header_size_; // Supports extra data between header and payload. 333 // Allocation size of payload (or -1 if allocation is const). Note: this 334 // doesn't count the header. 335 size_t capacity_after_header_; 336 // The offset at which we will write the next field. Note: this doesn't count 337 // the header. 338 size_t write_offset_; 339 340 // Just like WriteBytes, but with a compile-time size, for performance. 341 template<size_t length> void BASE_EXPORT WriteBytesStatic(const void* data); 342 343 // Writes a POD by copying its bytes. WritePOD(const T & data)344 template <typename T> bool WritePOD(const T& data) { 345 WriteBytesStatic<sizeof(data)>(&data); 346 return true; 347 } 348 349 inline void* ClaimUninitializedBytesInternal(size_t num_bytes); 350 inline void WriteBytesCommon(const void* data, size_t length); 351 352 FRIEND_TEST_ALL_PREFIXES(PickleTest, DeepCopyResize); 353 FRIEND_TEST_ALL_PREFIXES(PickleTest, Resize); 354 FRIEND_TEST_ALL_PREFIXES(PickleTest, PeekNext); 355 FRIEND_TEST_ALL_PREFIXES(PickleTest, PeekNextOverflow); 356 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNext); 357 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextWithIncompleteHeader); 358 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextOverflow); 359 }; 360 361 } // namespace base 362 363 #endif // BASE_PICKLE_H_ 364