1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_PICKLE_H_ 6 #define BASE_PICKLE_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <string> 12 13 #include "base/base_export.h" 14 #include "base/compiler_specific.h" 15 #include "base/gtest_prod_util.h" 16 #include "base/logging.h" 17 #include "base/strings/string16.h" 18 #include "base/strings/string_piece.h" 19 20 namespace base { 21 22 class Pickle; 23 24 // PickleIterator reads data from a Pickle. The Pickle object must remain valid 25 // while the PickleIterator object is in use. 26 class BASE_EXPORT PickleIterator { 27 public: PickleIterator()28 PickleIterator() : payload_(NULL), read_index_(0), end_index_(0) {} 29 explicit PickleIterator(const Pickle& pickle); 30 31 // Methods for reading the payload of the Pickle. To read from the start of 32 // the Pickle, create a PickleIterator from a Pickle. If successful, these 33 // methods return true. Otherwise, false is returned to indicate that the 34 // result could not be extracted. It is not possible to read from the iterator 35 // after that. 36 bool ReadBool(bool* result) WARN_UNUSED_RESULT; 37 bool ReadInt(int* result) WARN_UNUSED_RESULT; 38 bool ReadLong(long* result) WARN_UNUSED_RESULT; 39 bool ReadUInt16(uint16_t* result) WARN_UNUSED_RESULT; 40 bool ReadUInt32(uint32_t* result) WARN_UNUSED_RESULT; 41 bool ReadInt64(int64_t* result) WARN_UNUSED_RESULT; 42 bool ReadUInt64(uint64_t* result) WARN_UNUSED_RESULT; 43 bool ReadSizeT(size_t* result) WARN_UNUSED_RESULT; 44 bool ReadFloat(float* result) WARN_UNUSED_RESULT; 45 bool ReadDouble(double* result) WARN_UNUSED_RESULT; 46 bool ReadString(std::string* result) WARN_UNUSED_RESULT; 47 // The StringPiece data will only be valid for the lifetime of the message. 48 bool ReadStringPiece(StringPiece* result) WARN_UNUSED_RESULT; 49 bool ReadString16(string16* result) WARN_UNUSED_RESULT; 50 // The StringPiece16 data will only be valid for the lifetime of the message. 51 bool ReadStringPiece16(StringPiece16* result) WARN_UNUSED_RESULT; 52 53 // A pointer to the data will be placed in |*data|, and the length will be 54 // placed in |*length|. The pointer placed into |*data| points into the 55 // message's buffer so it will be scoped to the lifetime of the message (or 56 // until the message data is mutated). Do not keep the pointer around! 57 bool ReadData(const char** data, int* length) WARN_UNUSED_RESULT; 58 59 // A pointer to the data will be placed in |*data|. The caller specifies the 60 // number of bytes to read, and ReadBytes will validate this length. The 61 // pointer placed into |*data| points into the message's buffer so it will be 62 // scoped to the lifetime of the message (or until the message data is 63 // mutated). Do not keep the pointer around! 64 bool ReadBytes(const char** data, int length) WARN_UNUSED_RESULT; 65 66 // A safer version of ReadInt() that checks for the result not being negative. 67 // Use it for reading the object sizes. ReadLength(int * result)68 bool ReadLength(int* result) WARN_UNUSED_RESULT { 69 return ReadInt(result) && *result >= 0; 70 } 71 72 // Skips bytes in the read buffer and returns true if there are at least 73 // num_bytes available. Otherwise, does nothing and returns false. SkipBytes(int num_bytes)74 bool SkipBytes(int num_bytes) WARN_UNUSED_RESULT { 75 return !!GetReadPointerAndAdvance(num_bytes); 76 } 77 78 private: 79 // Read Type from Pickle. 80 template <typename Type> 81 bool ReadBuiltinType(Type* result); 82 83 // Advance read_index_ but do not allow it to exceed end_index_. 84 // Keeps read_index_ aligned. 85 void Advance(size_t size); 86 87 // Get read pointer for Type and advance read pointer. 88 template<typename Type> 89 const char* GetReadPointerAndAdvance(); 90 91 // Get read pointer for |num_bytes| and advance read pointer. This method 92 // checks num_bytes for negativity and wrapping. 93 const char* GetReadPointerAndAdvance(int num_bytes); 94 95 // Get read pointer for (num_elements * size_element) bytes and advance read 96 // pointer. This method checks for int overflow, negativity and wrapping. 97 const char* GetReadPointerAndAdvance(int num_elements, 98 size_t size_element); 99 100 const char* payload_; // Start of our pickle's payload. 101 size_t read_index_; // Offset of the next readable byte in payload. 102 size_t end_index_; // Payload size. 103 104 FRIEND_TEST_ALL_PREFIXES(PickleTest, GetReadPointerAndAdvance); 105 }; 106 107 // This class provides facilities for basic binary value packing and unpacking. 108 // 109 // The Pickle class supports appending primitive values (ints, strings, etc.) 110 // to a pickle instance. The Pickle instance grows its internal memory buffer 111 // dynamically to hold the sequence of primitive values. The internal memory 112 // buffer is exposed as the "data" of the Pickle. This "data" can be passed 113 // to a Pickle object to initialize it for reading. 114 // 115 // When reading from a Pickle object, it is important for the consumer to know 116 // what value types to read and in what order to read them as the Pickle does 117 // not keep track of the type of data written to it. 118 // 119 // The Pickle's data has a header which contains the size of the Pickle's 120 // payload. It can optionally support additional space in the header. That 121 // space is controlled by the header_size parameter passed to the Pickle 122 // constructor. 123 // 124 class BASE_EXPORT Pickle { 125 public: 126 // Initialize a Pickle object using the default header size. 127 Pickle(); 128 129 // Initialize a Pickle object with the specified header size in bytes, which 130 // must be greater-than-or-equal-to sizeof(Pickle::Header). The header size 131 // will be rounded up to ensure that the header size is 32bit-aligned. 132 explicit Pickle(int header_size); 133 134 // Initializes a Pickle from a const block of data. The data is not copied; 135 // instead the data is merely referenced by this Pickle. Only const methods 136 // should be used on the Pickle when initialized this way. The header 137 // padding size is deduced from the data length. 138 Pickle(const char* data, int data_len); 139 140 // Initializes a Pickle as a deep copy of another Pickle. 141 Pickle(const Pickle& other); 142 143 // Note: There are no virtual methods in this class. This destructor is 144 // virtual as an element of defensive coding. Other classes have derived from 145 // this class, and there is a *chance* that they will cast into this base 146 // class before destruction. At least one such class does have a virtual 147 // destructor, suggesting at least some need to call more derived destructors. 148 virtual ~Pickle(); 149 150 // Performs a deep copy. 151 Pickle& operator=(const Pickle& other); 152 153 // Returns the number of bytes written in the Pickle, including the header. size()154 size_t size() const { return header_size_ + header_->payload_size; } 155 156 // Returns the data for this Pickle. data()157 const void* data() const { return header_; } 158 159 // Returns the effective memory capacity of this Pickle, that is, the total 160 // number of bytes currently dynamically allocated or 0 in the case of a 161 // read-only Pickle. This should be used only for diagnostic / profiling 162 // purposes. 163 size_t GetTotalAllocatedSize() const; 164 165 // Methods for adding to the payload of the Pickle. These values are 166 // appended to the end of the Pickle's payload. When reading values from a 167 // Pickle, it is important to read them in the order in which they were added 168 // to the Pickle. 169 WriteBool(bool value)170 bool WriteBool(bool value) { 171 return WriteInt(value ? 1 : 0); 172 } WriteInt(int value)173 bool WriteInt(int value) { 174 return WritePOD(value); 175 } 176 // WARNING: DO NOT USE THIS METHOD IF PICKLES ARE PERSISTED IN ANY WAY. 177 // It will write whatever a "long" is on this architecture. On 32-bit 178 // platforms, it is 32 bits. On 64-bit platforms, it is 64 bits. If persisted 179 // pickles are still around after upgrading to 64-bit, or if they are copied 180 // between dissimilar systems, YOUR PICKLES WILL HAVE GONE BAD. WriteLongUsingDangerousNonPortableLessPersistableForm(long value)181 bool WriteLongUsingDangerousNonPortableLessPersistableForm(long value) { 182 return WritePOD(value); 183 } WriteUInt16(uint16_t value)184 bool WriteUInt16(uint16_t value) { return WritePOD(value); } WriteUInt32(uint32_t value)185 bool WriteUInt32(uint32_t value) { return WritePOD(value); } WriteInt64(int64_t value)186 bool WriteInt64(int64_t value) { return WritePOD(value); } WriteUInt64(uint64_t value)187 bool WriteUInt64(uint64_t value) { return WritePOD(value); } WriteSizeT(size_t value)188 bool WriteSizeT(size_t value) { 189 // Always write size_t as a 64-bit value to ensure compatibility between 190 // 32-bit and 64-bit processes. 191 return WritePOD(static_cast<uint64_t>(value)); 192 } WriteFloat(float value)193 bool WriteFloat(float value) { 194 return WritePOD(value); 195 } WriteDouble(double value)196 bool WriteDouble(double value) { 197 return WritePOD(value); 198 } 199 bool WriteString(const StringPiece& value); 200 bool WriteString16(const StringPiece16& value); 201 // "Data" is a blob with a length. When you read it out you will be given the 202 // length. See also WriteBytes. 203 bool WriteData(const char* data, int length); 204 // "Bytes" is a blob with no length. The caller must specify the length both 205 // when reading and writing. It is normally used to serialize PoD types of a 206 // known size. See also WriteData. 207 bool WriteBytes(const void* data, int length); 208 209 // Reserves space for upcoming writes when multiple writes will be made and 210 // their sizes are computed in advance. It can be significantly faster to call 211 // Reserve() before calling WriteFoo() multiple times. 212 void Reserve(size_t additional_capacity); 213 214 // Payload follows after allocation of Header (header size is customizable). 215 struct Header { 216 uint32_t payload_size; // Specifies the size of the payload. 217 }; 218 219 // Returns the header, cast to a user-specified type T. The type T must be a 220 // subclass of Header and its size must correspond to the header_size passed 221 // to the Pickle constructor. 222 template <class T> headerT()223 T* headerT() { 224 DCHECK_EQ(header_size_, sizeof(T)); 225 return static_cast<T*>(header_); 226 } 227 template <class T> headerT()228 const T* headerT() const { 229 DCHECK_EQ(header_size_, sizeof(T)); 230 return static_cast<const T*>(header_); 231 } 232 233 // The payload is the pickle data immediately following the header. payload_size()234 size_t payload_size() const { 235 return header_ ? header_->payload_size : 0; 236 } 237 payload()238 const char* payload() const { 239 return reinterpret_cast<const char*>(header_) + header_size_; 240 } 241 242 // Returns the address of the byte immediately following the currently valid 243 // header + payload. end_of_payload()244 const char* end_of_payload() const { 245 // This object may be invalid. 246 return header_ ? payload() + payload_size() : NULL; 247 } 248 249 protected: mutable_payload()250 char* mutable_payload() { 251 return reinterpret_cast<char*>(header_) + header_size_; 252 } 253 capacity_after_header()254 size_t capacity_after_header() const { 255 return capacity_after_header_; 256 } 257 258 // Resize the capacity, note that the input value should not include the size 259 // of the header. 260 void Resize(size_t new_capacity); 261 262 // Claims |num_bytes| bytes of payload. This is similar to Reserve() in that 263 // it may grow the capacity, but it also advances the write offset of the 264 // pickle by |num_bytes|. Claimed memory, including padding, is zeroed. 265 // 266 // Returns the address of the first byte claimed. 267 void* ClaimBytes(size_t num_bytes); 268 269 // Find the end of the pickled data that starts at range_start. Returns NULL 270 // if the entire Pickle is not found in the given data range. 271 static const char* FindNext(size_t header_size, 272 const char* range_start, 273 const char* range_end); 274 275 // Parse pickle header and return total size of the pickle. Data range 276 // doesn't need to contain entire pickle. 277 // Returns true if pickle header was found and parsed. Callers must check 278 // returned |pickle_size| for sanity (against maximum message size, etc). 279 // NOTE: when function successfully parses a header, but encounters an 280 // overflow during pickle size calculation, it sets |pickle_size| to the 281 // maximum size_t value and returns true. 282 static bool PeekNext(size_t header_size, 283 const char* range_start, 284 const char* range_end, 285 size_t* pickle_size); 286 287 // The allocation granularity of the payload. 288 static const int kPayloadUnit; 289 290 private: 291 friend class PickleIterator; 292 293 Header* header_; 294 size_t header_size_; // Supports extra data between header and payload. 295 // Allocation size of payload (or -1 if allocation is const). Note: this 296 // doesn't count the header. 297 size_t capacity_after_header_; 298 // The offset at which we will write the next field. Note: this doesn't count 299 // the header. 300 size_t write_offset_; 301 302 // Just like WriteBytes, but with a compile-time size, for performance. 303 template<size_t length> void BASE_EXPORT WriteBytesStatic(const void* data); 304 305 // Writes a POD by copying its bytes. WritePOD(const T & data)306 template <typename T> bool WritePOD(const T& data) { 307 WriteBytesStatic<sizeof(data)>(&data); 308 return true; 309 } 310 311 inline void* ClaimUninitializedBytesInternal(size_t num_bytes); 312 inline void WriteBytesCommon(const void* data, size_t length); 313 314 FRIEND_TEST_ALL_PREFIXES(PickleTest, DeepCopyResize); 315 FRIEND_TEST_ALL_PREFIXES(PickleTest, Resize); 316 FRIEND_TEST_ALL_PREFIXES(PickleTest, PeekNext); 317 FRIEND_TEST_ALL_PREFIXES(PickleTest, PeekNextOverflow); 318 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNext); 319 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextWithIncompleteHeader); 320 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextOverflow); 321 }; 322 323 } // namespace base 324 325 #endif // BASE_PICKLE_H_ 326