1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/pickle.h"
6
7 #include <stdlib.h>
8
9 #include <algorithm> // for max()
10 #include <limits>
11
12 #include "base/bits.h"
13 #include "base/macros.h"
14 #include "base/numerics/safe_conversions.h"
15 #include "build/build_config.h"
16
17 namespace base {
18
19 // static
20 const int Pickle::kPayloadUnit = 64;
21
22 static const size_t kCapacityReadOnly = static_cast<size_t>(-1);
23
PickleIterator(const Pickle & pickle)24 PickleIterator::PickleIterator(const Pickle& pickle)
25 : payload_(pickle.payload()),
26 read_index_(0),
27 end_index_(pickle.payload_size()) {
28 }
29
30 template <typename Type>
ReadBuiltinType(Type * result)31 inline bool PickleIterator::ReadBuiltinType(Type* result) {
32 const char* read_from = GetReadPointerAndAdvance<Type>();
33 if (!read_from)
34 return false;
35 if (sizeof(Type) > sizeof(uint32_t))
36 memcpy(result, read_from, sizeof(*result));
37 else
38 *result = *reinterpret_cast<const Type*>(read_from);
39 return true;
40 }
41
Advance(size_t size)42 inline void PickleIterator::Advance(size_t size) {
43 size_t aligned_size = bits::Align(size, sizeof(uint32_t));
44 if (end_index_ - read_index_ < aligned_size) {
45 read_index_ = end_index_;
46 } else {
47 read_index_ += aligned_size;
48 }
49 }
50
51 template<typename Type>
GetReadPointerAndAdvance()52 inline const char* PickleIterator::GetReadPointerAndAdvance() {
53 if (sizeof(Type) > end_index_ - read_index_) {
54 read_index_ = end_index_;
55 return NULL;
56 }
57 const char* current_read_ptr = payload_ + read_index_;
58 Advance(sizeof(Type));
59 return current_read_ptr;
60 }
61
GetReadPointerAndAdvance(int num_bytes)62 const char* PickleIterator::GetReadPointerAndAdvance(int num_bytes) {
63 if (num_bytes < 0 ||
64 end_index_ - read_index_ < static_cast<size_t>(num_bytes)) {
65 read_index_ = end_index_;
66 return NULL;
67 }
68 const char* current_read_ptr = payload_ + read_index_;
69 Advance(num_bytes);
70 return current_read_ptr;
71 }
72
GetReadPointerAndAdvance(int num_elements,size_t size_element)73 inline const char* PickleIterator::GetReadPointerAndAdvance(
74 int num_elements,
75 size_t size_element) {
76 // Check for int32_t overflow.
77 int64_t num_bytes = static_cast<int64_t>(num_elements) * size_element;
78 int num_bytes32 = static_cast<int>(num_bytes);
79 if (num_bytes != static_cast<int64_t>(num_bytes32))
80 return NULL;
81 return GetReadPointerAndAdvance(num_bytes32);
82 }
83
ReadBool(bool * result)84 bool PickleIterator::ReadBool(bool* result) {
85 return ReadBuiltinType(result);
86 }
87
ReadInt(int * result)88 bool PickleIterator::ReadInt(int* result) {
89 return ReadBuiltinType(result);
90 }
91
ReadLong(long * result)92 bool PickleIterator::ReadLong(long* result) {
93 // Always read long as a 64-bit value to ensure compatibility between 32-bit
94 // and 64-bit processes.
95 int64_t result_int64 = 0;
96 if (!ReadBuiltinType(&result_int64))
97 return false;
98 // CHECK if the cast truncates the value so that we know to change this IPC
99 // parameter to use int64_t.
100 *result = base::checked_cast<long>(result_int64);
101 return true;
102 }
103
ReadUInt16(uint16_t * result)104 bool PickleIterator::ReadUInt16(uint16_t* result) {
105 return ReadBuiltinType(result);
106 }
107
ReadUInt32(uint32_t * result)108 bool PickleIterator::ReadUInt32(uint32_t* result) {
109 return ReadBuiltinType(result);
110 }
111
ReadInt64(int64_t * result)112 bool PickleIterator::ReadInt64(int64_t* result) {
113 return ReadBuiltinType(result);
114 }
115
ReadUInt64(uint64_t * result)116 bool PickleIterator::ReadUInt64(uint64_t* result) {
117 return ReadBuiltinType(result);
118 }
119
ReadFloat(float * result)120 bool PickleIterator::ReadFloat(float* result) {
121 // crbug.com/315213
122 // The source data may not be properly aligned, and unaligned float reads
123 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
124 // into the result.
125 const char* read_from = GetReadPointerAndAdvance<float>();
126 if (!read_from)
127 return false;
128 memcpy(result, read_from, sizeof(*result));
129 return true;
130 }
131
ReadDouble(double * result)132 bool PickleIterator::ReadDouble(double* result) {
133 // crbug.com/315213
134 // The source data may not be properly aligned, and unaligned double reads
135 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
136 // into the result.
137 const char* read_from = GetReadPointerAndAdvance<double>();
138 if (!read_from)
139 return false;
140 memcpy(result, read_from, sizeof(*result));
141 return true;
142 }
143
ReadString(std::string * result)144 bool PickleIterator::ReadString(std::string* result) {
145 int len;
146 if (!ReadInt(&len))
147 return false;
148 const char* read_from = GetReadPointerAndAdvance(len);
149 if (!read_from)
150 return false;
151
152 result->assign(read_from, len);
153 return true;
154 }
155
ReadStringPiece(StringPiece * result)156 bool PickleIterator::ReadStringPiece(StringPiece* result) {
157 int len;
158 if (!ReadInt(&len))
159 return false;
160 const char* read_from = GetReadPointerAndAdvance(len);
161 if (!read_from)
162 return false;
163
164 *result = StringPiece(read_from, len);
165 return true;
166 }
167
ReadString16(string16 * result)168 bool PickleIterator::ReadString16(string16* result) {
169 int len;
170 if (!ReadInt(&len))
171 return false;
172 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16));
173 if (!read_from)
174 return false;
175
176 result->assign(reinterpret_cast<const char16*>(read_from), len);
177 return true;
178 }
179
ReadStringPiece16(StringPiece16 * result)180 bool PickleIterator::ReadStringPiece16(StringPiece16* result) {
181 int len;
182 if (!ReadInt(&len))
183 return false;
184 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16));
185 if (!read_from)
186 return false;
187
188 *result = StringPiece16(reinterpret_cast<const char16*>(read_from), len);
189 return true;
190 }
191
ReadData(const char ** data,int * length)192 bool PickleIterator::ReadData(const char** data, int* length) {
193 *length = 0;
194 *data = 0;
195
196 if (!ReadInt(length))
197 return false;
198
199 return ReadBytes(data, *length);
200 }
201
ReadBytes(const char ** data,int length)202 bool PickleIterator::ReadBytes(const char** data, int length) {
203 const char* read_from = GetReadPointerAndAdvance(length);
204 if (!read_from)
205 return false;
206 *data = read_from;
207 return true;
208 }
209
PickleSizer()210 PickleSizer::PickleSizer() {}
211
~PickleSizer()212 PickleSizer::~PickleSizer() {}
213
AddString(const StringPiece & value)214 void PickleSizer::AddString(const StringPiece& value) {
215 AddInt();
216 AddBytes(static_cast<int>(value.size()));
217 }
218
AddString16(const StringPiece16 & value)219 void PickleSizer::AddString16(const StringPiece16& value) {
220 AddInt();
221 AddBytes(static_cast<int>(value.size() * sizeof(char16)));
222 }
223
AddData(int length)224 void PickleSizer::AddData(int length) {
225 CHECK_GE(length, 0);
226 AddInt();
227 AddBytes(length);
228 }
229
AddBytes(int length)230 void PickleSizer::AddBytes(int length) {
231 payload_size_ += bits::Align(length, sizeof(uint32_t));
232 }
233
AddAttachment()234 void PickleSizer::AddAttachment() {
235 // From IPC::Message::WriteAttachment
236 AddInt();
237 }
238
AddBytesStatic()239 template <size_t length> void PickleSizer::AddBytesStatic() {
240 DCHECK_LE(length, static_cast<size_t>(std::numeric_limits<int>::max()));
241 AddBytes(length);
242 }
243
244 template void PickleSizer::AddBytesStatic<2>();
245 template void PickleSizer::AddBytesStatic<4>();
246 template void PickleSizer::AddBytesStatic<8>();
247
Attachment()248 Pickle::Attachment::Attachment() {}
249
~Attachment()250 Pickle::Attachment::~Attachment() {}
251
252 // Payload is uint32_t aligned.
253
Pickle()254 Pickle::Pickle()
255 : header_(NULL),
256 header_size_(sizeof(Header)),
257 capacity_after_header_(0),
258 write_offset_(0) {
259 static_assert((Pickle::kPayloadUnit & (Pickle::kPayloadUnit - 1)) == 0,
260 "Pickle::kPayloadUnit must be a power of two");
261 Resize(kPayloadUnit);
262 header_->payload_size = 0;
263 }
264
Pickle(int header_size)265 Pickle::Pickle(int header_size)
266 : header_(NULL),
267 header_size_(bits::Align(header_size, sizeof(uint32_t))),
268 capacity_after_header_(0),
269 write_offset_(0) {
270 DCHECK_GE(static_cast<size_t>(header_size), sizeof(Header));
271 DCHECK_LE(header_size, kPayloadUnit);
272 Resize(kPayloadUnit);
273 header_->payload_size = 0;
274 }
275
Pickle(const char * data,int data_len)276 Pickle::Pickle(const char* data, int data_len)
277 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
278 header_size_(0),
279 capacity_after_header_(kCapacityReadOnly),
280 write_offset_(0) {
281 if (data_len >= static_cast<int>(sizeof(Header)))
282 header_size_ = data_len - header_->payload_size;
283
284 if (header_size_ > static_cast<unsigned int>(data_len))
285 header_size_ = 0;
286
287 if (header_size_ != bits::Align(header_size_, sizeof(uint32_t)))
288 header_size_ = 0;
289
290 // If there is anything wrong with the data, we're not going to use it.
291 if (!header_size_)
292 header_ = NULL;
293 }
294
Pickle(const Pickle & other)295 Pickle::Pickle(const Pickle& other)
296 : header_(NULL),
297 header_size_(other.header_size_),
298 capacity_after_header_(0),
299 write_offset_(other.write_offset_) {
300 Resize(other.header_->payload_size);
301 memcpy(header_, other.header_, header_size_ + other.header_->payload_size);
302 }
303
~Pickle()304 Pickle::~Pickle() {
305 if (capacity_after_header_ != kCapacityReadOnly)
306 free(header_);
307 }
308
operator =(const Pickle & other)309 Pickle& Pickle::operator=(const Pickle& other) {
310 if (this == &other) {
311 NOTREACHED();
312 return *this;
313 }
314 if (capacity_after_header_ == kCapacityReadOnly) {
315 header_ = NULL;
316 capacity_after_header_ = 0;
317 }
318 if (header_size_ != other.header_size_) {
319 free(header_);
320 header_ = NULL;
321 header_size_ = other.header_size_;
322 }
323 Resize(other.header_->payload_size);
324 memcpy(header_, other.header_,
325 other.header_size_ + other.header_->payload_size);
326 write_offset_ = other.write_offset_;
327 return *this;
328 }
329
WriteString(const StringPiece & value)330 bool Pickle::WriteString(const StringPiece& value) {
331 if (!WriteInt(static_cast<int>(value.size())))
332 return false;
333
334 return WriteBytes(value.data(), static_cast<int>(value.size()));
335 }
336
WriteString16(const StringPiece16 & value)337 bool Pickle::WriteString16(const StringPiece16& value) {
338 if (!WriteInt(static_cast<int>(value.size())))
339 return false;
340
341 return WriteBytes(value.data(),
342 static_cast<int>(value.size()) * sizeof(char16));
343 }
344
WriteData(const char * data,int length)345 bool Pickle::WriteData(const char* data, int length) {
346 return length >= 0 && WriteInt(length) && WriteBytes(data, length);
347 }
348
WriteBytes(const void * data,int length)349 bool Pickle::WriteBytes(const void* data, int length) {
350 WriteBytesCommon(data, length);
351 return true;
352 }
353
Reserve(size_t length)354 void Pickle::Reserve(size_t length) {
355 size_t data_len = bits::Align(length, sizeof(uint32_t));
356 DCHECK_GE(data_len, length);
357 #ifdef ARCH_CPU_64_BITS
358 DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
359 #endif
360 DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
361 size_t new_size = write_offset_ + data_len;
362 if (new_size > capacity_after_header_)
363 Resize(capacity_after_header_ * 2 + new_size);
364 }
365
WriteAttachment(scoped_refptr<Attachment> attachment)366 bool Pickle::WriteAttachment(scoped_refptr<Attachment> attachment) {
367 return false;
368 }
369
ReadAttachment(base::PickleIterator * iter,scoped_refptr<Attachment> * attachment) const370 bool Pickle::ReadAttachment(base::PickleIterator* iter,
371 scoped_refptr<Attachment>* attachment) const {
372 return false;
373 }
374
HasAttachments() const375 bool Pickle::HasAttachments() const {
376 return false;
377 }
378
Resize(size_t new_capacity)379 void Pickle::Resize(size_t new_capacity) {
380 CHECK_NE(capacity_after_header_, kCapacityReadOnly);
381 capacity_after_header_ = bits::Align(new_capacity, kPayloadUnit);
382 void* p = realloc(header_, GetTotalAllocatedSize());
383 CHECK(p);
384 header_ = reinterpret_cast<Header*>(p);
385 }
386
ClaimBytes(size_t num_bytes)387 void* Pickle::ClaimBytes(size_t num_bytes) {
388 void* p = ClaimUninitializedBytesInternal(num_bytes);
389 CHECK(p);
390 memset(p, 0, num_bytes);
391 return p;
392 }
393
GetTotalAllocatedSize() const394 size_t Pickle::GetTotalAllocatedSize() const {
395 if (capacity_after_header_ == kCapacityReadOnly)
396 return 0;
397 return header_size_ + capacity_after_header_;
398 }
399
400 // static
FindNext(size_t header_size,const char * start,const char * end)401 const char* Pickle::FindNext(size_t header_size,
402 const char* start,
403 const char* end) {
404 size_t pickle_size = 0;
405 if (!PeekNext(header_size, start, end, &pickle_size))
406 return NULL;
407
408 if (pickle_size > static_cast<size_t>(end - start))
409 return NULL;
410
411 return start + pickle_size;
412 }
413
414 // static
PeekNext(size_t header_size,const char * start,const char * end,size_t * pickle_size)415 bool Pickle::PeekNext(size_t header_size,
416 const char* start,
417 const char* end,
418 size_t* pickle_size) {
419 DCHECK_EQ(header_size, bits::Align(header_size, sizeof(uint32_t)));
420 DCHECK_GE(header_size, sizeof(Header));
421 DCHECK_LE(header_size, static_cast<size_t>(kPayloadUnit));
422
423 size_t length = static_cast<size_t>(end - start);
424 if (length < sizeof(Header))
425 return false;
426
427 const Header* hdr = reinterpret_cast<const Header*>(start);
428 if (length < header_size)
429 return false;
430
431 if (hdr->payload_size > std::numeric_limits<size_t>::max() - header_size) {
432 // If payload_size causes an overflow, we return maximum possible
433 // pickle size to indicate that.
434 *pickle_size = std::numeric_limits<size_t>::max();
435 } else {
436 *pickle_size = header_size + hdr->payload_size;
437 }
438 return true;
439 }
440
WriteBytesStatic(const void * data)441 template <size_t length> void Pickle::WriteBytesStatic(const void* data) {
442 WriteBytesCommon(data, length);
443 }
444
445 template void Pickle::WriteBytesStatic<2>(const void* data);
446 template void Pickle::WriteBytesStatic<4>(const void* data);
447 template void Pickle::WriteBytesStatic<8>(const void* data);
448
ClaimUninitializedBytesInternal(size_t length)449 inline void* Pickle::ClaimUninitializedBytesInternal(size_t length) {
450 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
451 << "oops: pickle is readonly";
452 size_t data_len = bits::Align(length, sizeof(uint32_t));
453 DCHECK_GE(data_len, length);
454 #ifdef ARCH_CPU_64_BITS
455 DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
456 #endif
457 DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
458 size_t new_size = write_offset_ + data_len;
459 if (new_size > capacity_after_header_) {
460 size_t new_capacity = capacity_after_header_ * 2;
461 const size_t kPickleHeapAlign = 4096;
462 if (new_capacity > kPickleHeapAlign)
463 new_capacity = bits::Align(new_capacity, kPickleHeapAlign) - kPayloadUnit;
464 Resize(std::max(new_capacity, new_size));
465 }
466
467 char* write = mutable_payload() + write_offset_;
468 memset(write + length, 0, data_len - length); // Always initialize padding
469 header_->payload_size = static_cast<uint32_t>(new_size);
470 write_offset_ = new_size;
471 return write;
472 }
473
WriteBytesCommon(const void * data,size_t length)474 inline void Pickle::WriteBytesCommon(const void* data, size_t length) {
475 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
476 << "oops: pickle is readonly";
477 MSAN_CHECK_MEM_IS_INITIALIZED(data, length);
478 void* write = ClaimUninitializedBytesInternal(length);
479 memcpy(write, data, length);
480 }
481
482 } // namespace base
483