• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
6 #define MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "base/macros.h"
12 #include "base/strings/string_piece.h"
13 #include "mojo/public/cpp/bindings/lib/bindings_internal.h"
14 
15 namespace mojo {
16 
17 class Handle;
18 class Message;
19 
20 namespace internal {
21 
22 // ValidationContext is used when validating object sizes, pointers and handle
23 // indices in the payload of incoming messages.
24 class ValidationContext {
25  public:
26   // [data, data + data_num_bytes) specifies the initial valid memory range.
27   // [0, num_handles) specifies the initial valid range of handle indices.
28   //
29   // If provided, |message| and |description| provide additional information
30   // to use when reporting validation errors. In addition if |message| is
31   // provided, the MojoNotifyBadMessage API will be used to notify the system of
32   // such errors.
33   ValidationContext(const void* data,
34                     size_t data_num_bytes,
35                     size_t num_handles,
36                     Message* message = nullptr,
37                     const base::StringPiece& description = "");
38 
39   ~ValidationContext();
40 
41   // Claims the specified memory range.
42   // The method succeeds if the range is valid to claim. (Please see
43   // the comments for IsValidRange().)
44   // On success, the valid memory range is shrinked to begin right after the end
45   // of the claimed range.
46   bool ClaimMemory(const void* position, uint32_t num_bytes);
47 
48   // Claims the specified encoded handle (which is basically a handle index).
49   // The method succeeds if:
50   // - |encoded_handle|'s value is |kEncodedInvalidHandleValue|.
51   // - the handle is contained inside the valid range of handle indices. In this
52   // case, the valid range is shinked to begin right after the claimed handle.
53   bool ClaimHandle(const Handle_Data& encoded_handle);
54 
55   // Returns true if the specified range is not empty, and the range is
56   // contained inside the valid memory range.
57   bool IsValidRange(const void* position, uint32_t num_bytes) const;
58 
message()59   Message* message() const { return message_; }
description()60   const base::StringPiece& description() const { return description_; }
61 
62  private:
63   bool InternalIsValidRange(uintptr_t begin, uintptr_t end) const;
64 
65   Message* const message_;
66   const base::StringPiece description_;
67 
68   // [data_begin_, data_end_) is the valid memory range.
69   uintptr_t data_begin_;
70   uintptr_t data_end_;
71 
72   // [handle_begin_, handle_end_) is the valid handle index range.
73   uint32_t handle_begin_;
74   uint32_t handle_end_;
75 
76   DISALLOW_COPY_AND_ASSIGN(ValidationContext);
77 };
78 
79 }  // namespace internal
80 }  // namespace mojo
81 
82 #endif  // MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_CONTEXT_H_
83