base/pickle.cc

   1 // Copyright 2012 The Chromium Authors
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/pickle.h"
   6
   7 #include <algorithm>
   8 #include <cstdlib>
   9 #include <limits>
  10 #include <ostream>
  11 #include <type_traits>
  12
  13 #include "base/bits.h"
  14 #include "base/numerics/safe_conversions.h"
  15 #include "base/numerics/safe_math.h"
  16 #include "build/build_config.h"
  17
  18 namespace base {
  19
  20 // static
  21 const size_t Pickle::kPayloadUnit = 64;
  22
  23 static const size_t kCapacityReadOnly = static_cast<size_t>(-1);
  24
  25 PickleIterator::PickleIterator(const Pickle& pickle)
  26     : payload_(pickle.payload()),
  27       read_index_(0),
  28       end_index_(pickle.payload_size()) {}
  29
  30 template <typename Type>
  31 inline bool PickleIterator::ReadBuiltinType(Type* result) {
  32   static_assert(
  33       std::is_integral_v<Type> && !std::is_same_v<Type, bool>,
  34       "This method is only safe with to use with types without padding bits.");
  35   const char* read_from = GetReadPointerAndAdvance<Type>();
  36   if (!read_from)
  37     return false;
  38   memcpy(result, read_from, sizeof(*result));
  39   return true;
  40 }
  41
  42 inline void PickleIterator::Advance(size_t size) {
  43   size_t aligned_size = bits::AlignUp(size, sizeof(uint32_t));
  44   if (end_index_ - read_index_ < aligned_size) {
  45     read_index_ = end_index_;
  46   } else {
  47     read_index_ += aligned_size;
  48   }
  49 }
  50
  51 template <typename Type>
  52 inline const char* PickleIterator::GetReadPointerAndAdvance() {
  53   if (sizeof(Type) > end_index_ - read_index_) {
  54     read_index_ = end_index_;
  55     return nullptr;
  56   }
  57   const char* current_read_ptr = payload_ + read_index_;
  58   Advance(sizeof(Type));
  59   return current_read_ptr;
  60 }
  61
  62 const char* PickleIterator::GetReadPointerAndAdvance(size_t num_bytes) {
  63   if (num_bytes > end_index_ - read_index_) {
  64     read_index_ = end_index_;
  65     return nullptr;
  66   }
  67   const char* current_read_ptr = payload_ + read_index_;
  68   Advance(num_bytes);
  69   return current_read_ptr;
  70 }
  71
  72 inline const char* PickleIterator::GetReadPointerAndAdvance(
  73     size_t num_elements,
  74     size_t size_element) {
  75   // Check for size_t overflow.
  76   size_t num_bytes;
  77   if (!CheckMul(num_elements, size_element).AssignIfValid(&num_bytes))
  78     return nullptr;
  79   return GetReadPointerAndAdvance(num_bytes);
  80 }
  81
  82 bool PickleIterator::ReadBool(bool* result) {
  83   // Not all bit patterns are valid bools. Avoid undefined behavior by reading a
  84   // type with no padding bits, then converting to bool.
  85   uint8_t v;
  86   if (!ReadBuiltinType(&v)) {
  87     return false;
  88   }
  89   *result = v != 0;
  90   return true;
  91 }
  92
  93 bool PickleIterator::ReadInt(int* result) {
  94   return ReadBuiltinType(result);
  95 }
  96
  97 bool PickleIterator::ReadLong(long* result) {
  98   // Always read long as a 64-bit value to ensure compatibility between 32-bit
  99   // and 64-bit processes.
 100   int64_t result_int64 = 0;
 101   if (!ReadBuiltinType(&result_int64))
 102     return false;
 103   if (!IsValueInRangeForNumericType<long>(result_int64))
 104     return false;
 105   *result = static_cast<long>(result_int64);
 106   return true;
 107 }
 108
 109 bool PickleIterator::ReadUInt16(uint16_t* result) {
 110   return ReadBuiltinType(result);
 111 }
 112
 113 bool PickleIterator::ReadUInt32(uint32_t* result) {
 114   return ReadBuiltinType(result);
 115 }
 116
 117 bool PickleIterator::ReadInt64(int64_t* result) {
 118   return ReadBuiltinType(result);
 119 }
 120
 121 bool PickleIterator::ReadUInt64(uint64_t* result) {
 122   return ReadBuiltinType(result);
 123 }
 124
 125 bool PickleIterator::ReadFloat(float* result) {
 126   // crbug.com/315213
 127   // The source data may not be properly aligned, and unaligned float reads
 128   // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
 129   // into the result.
 130   const char* read_from = GetReadPointerAndAdvance<float>();
 131   if (!read_from)
 132     return false;
 133   memcpy(result, read_from, sizeof(*result));
 134   return true;
 135 }
 136
 137 bool PickleIterator::ReadDouble(double* result) {
 138   // crbug.com/315213
 139   // The source data may not be properly aligned, and unaligned double reads
 140   // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
 141   // into the result.
 142   const char* read_from = GetReadPointerAndAdvance<double>();
 143   if (!read_from)
 144     return false;
 145   memcpy(result, read_from, sizeof(*result));
 146   return true;
 147 }
 148
 149 bool PickleIterator::ReadString(std::string* result) {
 150   size_t len;
 151   if (!ReadLength(&len))
 152     return false;
 153   const char* read_from = GetReadPointerAndAdvance(len);
 154   if (!read_from)
 155     return false;
 156
 157   result->assign(read_from, len);
 158   return true;
 159 }
 160
 161 bool PickleIterator::ReadStringPiece(StringPiece* result) {
 162   size_t len;
 163   if (!ReadLength(&len))
 164     return false;
 165   const char* read_from = GetReadPointerAndAdvance(len);
 166   if (!read_from)
 167     return false;
 168
 169   *result = StringPiece(read_from, len);
 170   return true;
 171 }
 172
 173 bool PickleIterator::ReadString16(std::u16string* result) {
 174   size_t len;
 175   if (!ReadLength(&len))
 176     return false;
 177   const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16_t));
 178   if (!read_from)
 179     return false;
 180
 181   result->assign(reinterpret_cast<const char16_t*>(read_from), len);
 182   return true;
 183 }
 184
 185 bool PickleIterator::ReadStringPiece16(StringPiece16* result) {
 186   size_t len;
 187   if (!ReadLength(&len))
 188     return false;
 189   const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16_t));
 190   if (!read_from)
 191     return false;
 192
 193   *result = StringPiece16(reinterpret_cast<const char16_t*>(read_from), len);
 194   return true;
 195 }
 196
 197 bool PickleIterator::ReadData(const char** data, size_t* length) {
 198   *length = 0;
 199   *data = nullptr;
 200
 201   if (!ReadLength(length))
 202     return false;
 203
 204   return ReadBytes(data, *length);
 205 }
 206
 207 absl::optional<base::span<const uint8_t>> PickleIterator::ReadData() {
 208   const char* ptr;
 209   size_t length;
 210
 211   if (!ReadData(&ptr, &length))
 212     return absl::nullopt;
 213
 214   return base::as_bytes(base::make_span(ptr, length));
 215 }
 216
 217 bool PickleIterator::ReadBytes(const char** data, size_t length) {
 218   const char* read_from = GetReadPointerAndAdvance(length);
 219   if (!read_from)
 220     return false;
 221   *data = read_from;
 222   return true;
 223 }
 224
 225 Pickle::Attachment::Attachment() = default;
 226
 227 Pickle::Attachment::~Attachment() = default;
 228
 229 // Payload is uint32_t aligned.
 230
 231 Pickle::Pickle()
 232     : header_(nullptr),
 233       header_size_(sizeof(Header)),
 234       capacity_after_header_(0),
 235       write_offset_(0) {
 236   static_assert(base::bits::IsPowerOfTwo(Pickle::kPayloadUnit),
 237                 "Pickle::kPayloadUnit must be a power of two");
 238   Resize(kPayloadUnit);
 239   header_->payload_size = 0;
 240 }
 241
 242 Pickle::Pickle(size_t header_size)
 243     : header_(nullptr),
 244       header_size_(bits::AlignUp(header_size, sizeof(uint32_t))),
 245       capacity_after_header_(0),
 246       write_offset_(0) {
 247   DCHECK_GE(header_size, sizeof(Header));
 248   DCHECK_LE(header_size, kPayloadUnit);
 249   Resize(kPayloadUnit);
 250   header_->payload_size = 0;
 251 }
 252
 253 Pickle::Pickle(span<const uint8_t> data)
 254     : Pickle(reinterpret_cast<const char*>(data.data()), data.size()) {}
 255
 256 Pickle::Pickle(const char* data, size_t data_len)
 257     : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
 258       header_size_(0),
 259       capacity_after_header_(kCapacityReadOnly),
 260       write_offset_(0) {
 261   if (data_len >= sizeof(Header))
 262     header_size_ = data_len - header_->payload_size;
 263
 264   if (header_size_ > data_len)
 265     header_size_ = 0;
 266
 267   if (header_size_ != bits::AlignUp(header_size_, sizeof(uint32_t)))
 268     header_size_ = 0;
 269
 270   // If there is anything wrong with the data, we're not going to use it.
 271   if (!header_size_)
 272     header_ = nullptr;
 273 }
 274
 275 Pickle::Pickle(const Pickle& other)
 276     : header_(nullptr),
 277       header_size_(other.header_size_),
 278       capacity_after_header_(0),
 279       write_offset_(other.write_offset_) {
 280   if (other.header_) {
 281     Resize(other.header_->payload_size);
 282     memcpy(header_, other.header_, header_size_ + other.header_->payload_size);
 283   }
 284 }
 285
 286 Pickle::~Pickle() {
 287   if (capacity_after_header_ != kCapacityReadOnly)
 288     free(header_);
 289 }
 290
 291 Pickle& Pickle::operator=(const Pickle& other) {
 292   if (this == &other) {
 293     return *this;
 294   }
 295   if (capacity_after_header_ == kCapacityReadOnly) {
 296     header_ = nullptr;
 297     capacity_after_header_ = 0;
 298   }
 299   if (header_size_ != other.header_size_) {
 300     free(header_);
 301     header_ = nullptr;
 302     header_size_ = other.header_size_;
 303   }
 304   if (other.header_) {
 305     Resize(other.header_->payload_size);
 306     memcpy(header_, other.header_,
 307            other.header_size_ + other.header_->payload_size);
 308     write_offset_ = other.write_offset_;
 309   }
 310   return *this;
 311 }
 312
 313 void Pickle::WriteString(const StringPiece& value) {
 314   WriteData(value.data(), value.size());
 315 }
 316
 317 void Pickle::WriteString16(const StringPiece16& value) {
 318   WriteInt(checked_cast<int>(value.size()));
 319   WriteBytes(value.data(), value.size() * sizeof(char16_t));
 320 }
 321
 322 void Pickle::WriteData(const char* data, size_t length) {
 323   WriteInt(checked_cast<int>(length));
 324   WriteBytes(data, length);
 325 }
 326
 327 void Pickle::WriteBytes(const void* data, size_t length) {
 328   WriteBytesCommon(data, length);
 329 }
 330
 331 void Pickle::Reserve(size_t length) {
 332   size_t data_len = bits::AlignUp(length, sizeof(uint32_t));
 333   DCHECK_GE(data_len, length);
 334 #ifdef ARCH_CPU_64_BITS
 335   DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
 336 #endif
 337   DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
 338   size_t new_size = write_offset_ + data_len;
 339   if (new_size > capacity_after_header_)
 340     Resize(capacity_after_header_ * 2 + new_size);
 341 }
 342
 343 bool Pickle::WriteAttachment(scoped_refptr<Attachment> attachment) {
 344   return false;
 345 }
 346
 347 bool Pickle::ReadAttachment(base::PickleIterator* iter,
 348                             scoped_refptr<Attachment>* attachment) const {
 349   return false;
 350 }
 351
 352 bool Pickle::HasAttachments() const {
 353   return false;
 354 }
 355
 356 void Pickle::Resize(size_t new_capacity) {
 357   CHECK_NE(capacity_after_header_, kCapacityReadOnly);
 358   capacity_after_header_ = bits::AlignUp(new_capacity, kPayloadUnit);
 359   void* p = realloc(header_, GetTotalAllocatedSize());
 360   CHECK(p);
 361   header_ = reinterpret_cast<Header*>(p);
 362 }
 363
 364 void* Pickle::ClaimBytes(size_t num_bytes) {
 365   void* p = ClaimUninitializedBytesInternal(num_bytes);
 366   CHECK(p);
 367   memset(p, 0, num_bytes);
 368   return p;
 369 }
 370
 371 size_t Pickle::GetTotalAllocatedSize() const {
 372   if (capacity_after_header_ == kCapacityReadOnly)
 373     return 0;
 374   return header_size_ + capacity_after_header_;
 375 }
 376
 377 // static
 378 const char* Pickle::FindNext(size_t header_size,
 379                              const char* start,
 380                              const char* end) {
 381   size_t pickle_size = 0;
 382   if (!PeekNext(header_size, start, end, &pickle_size))
 383     return nullptr;
 384
 385   if (pickle_size > static_cast<size_t>(end - start))
 386     return nullptr;
 387
 388   return start + pickle_size;
 389 }
 390
 391 // static
 392 bool Pickle::PeekNext(size_t header_size,
 393                       const char* start,
 394                       const char* end,
 395                       size_t* pickle_size) {
 396   DCHECK_EQ(header_size, bits::AlignUp(header_size, sizeof(uint32_t)));
 397   DCHECK_GE(header_size, sizeof(Header));
 398   DCHECK_LE(header_size, static_cast<size_t>(kPayloadUnit));
 399
 400   size_t length = static_cast<size_t>(end - start);
 401   if (length < sizeof(Header))
 402     return false;
 403
 404   const Header* hdr = reinterpret_cast<const Header*>(start);
 405   if (length < header_size)
 406     return false;
 407
 408   // If payload_size causes an overflow, we return maximum possible
 409   // pickle size to indicate that.
 410   *pickle_size = ClampAdd(header_size, hdr->payload_size);
 411   return true;
 412 }
 413
 414 template <size_t length>
 415 void Pickle::WriteBytesStatic(const void* data) {
 416   WriteBytesCommon(data, length);
 417 }
 418
 419 template void Pickle::WriteBytesStatic<2>(const void* data);
 420 template void Pickle::WriteBytesStatic<4>(const void* data);
 421 template void Pickle::WriteBytesStatic<8>(const void* data);
 422
 423 inline void* Pickle::ClaimUninitializedBytesInternal(size_t length) {
 424   DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
 425       << "oops: pickle is readonly";
 426   size_t data_len = bits::AlignUp(length, sizeof(uint32_t));
 427   DCHECK_GE(data_len, length);
 428 #ifdef ARCH_CPU_64_BITS
 429   DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
 430 #endif
 431   DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
 432   size_t new_size = write_offset_ + data_len;
 433   if (new_size > capacity_after_header_) {
 434     size_t new_capacity = capacity_after_header_ * 2;
 435     const size_t kPickleHeapAlign = 4096;
 436     if (new_capacity > kPickleHeapAlign) {
 437       new_capacity =
 438           bits::AlignUp(new_capacity, kPickleHeapAlign) - kPayloadUnit;
 439     }
 440     Resize(std::max(new_capacity, new_size));
 441   }
 442
 443   char* write = mutable_payload() + write_offset_;
 444   std::fill(write + length, write + data_len, 0);  // Always initialize padding
 445   header_->payload_size = static_cast<uint32_t>(new_size);
 446   write_offset_ = new_size;
 447   return write;
 448 }
 449
 450 inline void Pickle::WriteBytesCommon(const void* data, size_t length) {
 451   DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
 452       << "oops: pickle is readonly";
 453   MSAN_CHECK_MEM_IS_INITIALIZED(data, length);
 454   void* write = ClaimUninitializedBytesInternal(length);
 455   std::copy(static_cast<const char*>(data),
 456             static_cast<const char*>(data) + length, static_cast<char*>(write));
 457 }
 458
 459 }  // namespace base