1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/pickle.h"
11 #include <type_traits>
13 #include "base/bits.h"
14 #include "base/numerics/safe_conversions.h"
15 #include "base/numerics/safe_math.h"
16 #include "build/build_config.h"
21 const size_t Pickle::kPayloadUnit = 64;
23 static const size_t kCapacityReadOnly = static_cast<size_t>(-1);
25 PickleIterator::PickleIterator(const Pickle& pickle)
26 : payload_(pickle.payload()),
28 end_index_(pickle.payload_size()) {}
30 template <typename Type>
31 inline bool PickleIterator::ReadBuiltinType(Type* result) {
33 std::is_integral_v<Type> && !std::is_same_v<Type, bool>,
34 "This method is only safe with to use with types without padding bits.");
35 const char* read_from = GetReadPointerAndAdvance<Type>();
38 memcpy(result, read_from, sizeof(*result));
42 inline void PickleIterator::Advance(size_t size) {
43 size_t aligned_size = bits::AlignUp(size, sizeof(uint32_t));
44 if (end_index_ - read_index_ < aligned_size) {
45 read_index_ = end_index_;
47 read_index_ += aligned_size;
51 template <typename Type>
52 inline const char* PickleIterator::GetReadPointerAndAdvance() {
53 if (sizeof(Type) > end_index_ - read_index_) {
54 read_index_ = end_index_;
57 const char* current_read_ptr = payload_ + read_index_;
58 Advance(sizeof(Type));
59 return current_read_ptr;
62 const char* PickleIterator::GetReadPointerAndAdvance(size_t num_bytes) {
63 if (num_bytes > end_index_ - read_index_) {
64 read_index_ = end_index_;
67 const char* current_read_ptr = payload_ + read_index_;
69 return current_read_ptr;
72 inline const char* PickleIterator::GetReadPointerAndAdvance(
74 size_t size_element) {
75 // Check for size_t overflow.
77 if (!CheckMul(num_elements, size_element).AssignIfValid(&num_bytes))
79 return GetReadPointerAndAdvance(num_bytes);
82 bool PickleIterator::ReadBool(bool* result) {
83 // Not all bit patterns are valid bools. Avoid undefined behavior by reading a
84 // type with no padding bits, then converting to bool.
86 if (!ReadBuiltinType(&v)) {
93 bool PickleIterator::ReadInt(int* result) {
94 return ReadBuiltinType(result);
97 bool PickleIterator::ReadLong(long* result) {
98 // Always read long as a 64-bit value to ensure compatibility between 32-bit
99 // and 64-bit processes.
100 int64_t result_int64 = 0;
101 if (!ReadBuiltinType(&result_int64))
103 if (!IsValueInRangeForNumericType<long>(result_int64))
105 *result = static_cast<long>(result_int64);
109 bool PickleIterator::ReadUInt16(uint16_t* result) {
110 return ReadBuiltinType(result);
113 bool PickleIterator::ReadUInt32(uint32_t* result) {
114 return ReadBuiltinType(result);
117 bool PickleIterator::ReadInt64(int64_t* result) {
118 return ReadBuiltinType(result);
121 bool PickleIterator::ReadUInt64(uint64_t* result) {
122 return ReadBuiltinType(result);
125 bool PickleIterator::ReadFloat(float* result) {
127 // The source data may not be properly aligned, and unaligned float reads
128 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
130 const char* read_from = GetReadPointerAndAdvance<float>();
133 memcpy(result, read_from, sizeof(*result));
137 bool PickleIterator::ReadDouble(double* result) {
139 // The source data may not be properly aligned, and unaligned double reads
140 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
142 const char* read_from = GetReadPointerAndAdvance<double>();
145 memcpy(result, read_from, sizeof(*result));
149 bool PickleIterator::ReadString(std::string* result) {
151 if (!ReadLength(&len))
153 const char* read_from = GetReadPointerAndAdvance(len);
157 result->assign(read_from, len);
161 bool PickleIterator::ReadStringPiece(StringPiece* result) {
163 if (!ReadLength(&len))
165 const char* read_from = GetReadPointerAndAdvance(len);
169 *result = StringPiece(read_from, len);
173 bool PickleIterator::ReadString16(std::u16string* result) {
175 if (!ReadLength(&len))
177 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16_t));
181 result->assign(reinterpret_cast<const char16_t*>(read_from), len);
185 bool PickleIterator::ReadStringPiece16(StringPiece16* result) {
187 if (!ReadLength(&len))
189 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16_t));
193 *result = StringPiece16(reinterpret_cast<const char16_t*>(read_from), len);
197 bool PickleIterator::ReadData(const char** data, size_t* length) {
201 if (!ReadLength(length))
204 return ReadBytes(data, *length);
207 absl::optional<base::span<const uint8_t>> PickleIterator::ReadData() {
211 if (!ReadData(&ptr, &length))
212 return absl::nullopt;
214 return base::as_bytes(base::make_span(ptr, length));
217 bool PickleIterator::ReadBytes(const char** data, size_t length) {
218 const char* read_from = GetReadPointerAndAdvance(length);
225 Pickle::Attachment::Attachment() = default;
227 Pickle::Attachment::~Attachment() = default;
229 // Payload is uint32_t aligned.
233 header_size_(sizeof(Header)),
234 capacity_after_header_(0),
236 static_assert(base::bits::IsPowerOfTwo(Pickle::kPayloadUnit),
237 "Pickle::kPayloadUnit must be a power of two");
238 Resize(kPayloadUnit);
239 header_->payload_size = 0;
242 Pickle::Pickle(size_t header_size)
244 header_size_(bits::AlignUp(header_size, sizeof(uint32_t))),
245 capacity_after_header_(0),
247 DCHECK_GE(header_size, sizeof(Header));
248 DCHECK_LE(header_size, kPayloadUnit);
249 Resize(kPayloadUnit);
250 header_->payload_size = 0;
253 Pickle::Pickle(span<const uint8_t> data)
254 : Pickle(reinterpret_cast<const char*>(data.data()), data.size()) {}
256 Pickle::Pickle(const char* data, size_t data_len)
257 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
259 capacity_after_header_(kCapacityReadOnly),
261 if (data_len >= sizeof(Header))
262 header_size_ = data_len - header_->payload_size;
264 if (header_size_ > data_len)
267 if (header_size_ != bits::AlignUp(header_size_, sizeof(uint32_t)))
270 // If there is anything wrong with the data, we're not going to use it.
275 Pickle::Pickle(const Pickle& other)
277 header_size_(other.header_size_),
278 capacity_after_header_(0),
279 write_offset_(other.write_offset_) {
281 Resize(other.header_->payload_size);
282 memcpy(header_, other.header_, header_size_ + other.header_->payload_size);
287 if (capacity_after_header_ != kCapacityReadOnly)
291 Pickle& Pickle::operator=(const Pickle& other) {
292 if (this == &other) {
295 if (capacity_after_header_ == kCapacityReadOnly) {
297 capacity_after_header_ = 0;
299 if (header_size_ != other.header_size_) {
302 header_size_ = other.header_size_;
305 Resize(other.header_->payload_size);
306 memcpy(header_, other.header_,
307 other.header_size_ + other.header_->payload_size);
308 write_offset_ = other.write_offset_;
313 void Pickle::WriteString(const StringPiece& value) {
314 WriteData(value.data(), value.size());
317 void Pickle::WriteString16(const StringPiece16& value) {
318 WriteInt(checked_cast<int>(value.size()));
319 WriteBytes(value.data(), value.size() * sizeof(char16_t));
322 void Pickle::WriteData(const char* data, size_t length) {
323 WriteInt(checked_cast<int>(length));
324 WriteBytes(data, length);
327 void Pickle::WriteBytes(const void* data, size_t length) {
328 WriteBytesCommon(data, length);
331 void Pickle::Reserve(size_t length) {
332 size_t data_len = bits::AlignUp(length, sizeof(uint32_t));
333 DCHECK_GE(data_len, length);
334 #ifdef ARCH_CPU_64_BITS
335 DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
337 DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
338 size_t new_size = write_offset_ + data_len;
339 if (new_size > capacity_after_header_)
340 Resize(capacity_after_header_ * 2 + new_size);
343 bool Pickle::WriteAttachment(scoped_refptr<Attachment> attachment) {
347 bool Pickle::ReadAttachment(base::PickleIterator* iter,
348 scoped_refptr<Attachment>* attachment) const {
352 bool Pickle::HasAttachments() const {
356 void Pickle::Resize(size_t new_capacity) {
357 CHECK_NE(capacity_after_header_, kCapacityReadOnly);
358 capacity_after_header_ = bits::AlignUp(new_capacity, kPayloadUnit);
359 void* p = realloc(header_, GetTotalAllocatedSize());
361 header_ = reinterpret_cast<Header*>(p);
364 void* Pickle::ClaimBytes(size_t num_bytes) {
365 void* p = ClaimUninitializedBytesInternal(num_bytes);
367 memset(p, 0, num_bytes);
371 size_t Pickle::GetTotalAllocatedSize() const {
372 if (capacity_after_header_ == kCapacityReadOnly)
374 return header_size_ + capacity_after_header_;
378 const char* Pickle::FindNext(size_t header_size,
381 size_t pickle_size = 0;
382 if (!PeekNext(header_size, start, end, &pickle_size))
385 if (pickle_size > static_cast<size_t>(end - start))
388 return start + pickle_size;
392 bool Pickle::PeekNext(size_t header_size,
395 size_t* pickle_size) {
396 DCHECK_EQ(header_size, bits::AlignUp(header_size, sizeof(uint32_t)));
397 DCHECK_GE(header_size, sizeof(Header));
398 DCHECK_LE(header_size, static_cast<size_t>(kPayloadUnit));
400 size_t length = static_cast<size_t>(end - start);
401 if (length < sizeof(Header))
404 const Header* hdr = reinterpret_cast<const Header*>(start);
405 if (length < header_size)
408 // If payload_size causes an overflow, we return maximum possible
409 // pickle size to indicate that.
410 *pickle_size = ClampAdd(header_size, hdr->payload_size);
414 template <size_t length>
415 void Pickle::WriteBytesStatic(const void* data) {
416 WriteBytesCommon(data, length);
419 template void Pickle::WriteBytesStatic<2>(const void* data);
420 template void Pickle::WriteBytesStatic<4>(const void* data);
421 template void Pickle::WriteBytesStatic<8>(const void* data);
423 inline void* Pickle::ClaimUninitializedBytesInternal(size_t length) {
424 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
425 << "oops: pickle is readonly";
426 size_t data_len = bits::AlignUp(length, sizeof(uint32_t));
427 DCHECK_GE(data_len, length);
428 #ifdef ARCH_CPU_64_BITS
429 DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
431 DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
432 size_t new_size = write_offset_ + data_len;
433 if (new_size > capacity_after_header_) {
434 size_t new_capacity = capacity_after_header_ * 2;
435 const size_t kPickleHeapAlign = 4096;
436 if (new_capacity > kPickleHeapAlign) {
438 bits::AlignUp(new_capacity, kPickleHeapAlign) - kPayloadUnit;
440 Resize(std::max(new_capacity, new_size));
443 char* write = mutable_payload() + write_offset_;
444 std::fill(write + length, write + data_len, 0); // Always initialize padding
445 header_->payload_size = static_cast<uint32_t>(new_size);
446 write_offset_ = new_size;
450 inline void Pickle::WriteBytesCommon(const void* data, size_t length) {
451 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
452 << "oops: pickle is readonly";
453 MSAN_CHECK_MEM_IS_INITIALIZED(data, length);
454 void* write = ClaimUninitializedBytesInternal(length);
455 std::copy(static_cast<const char*>(data),
456 static_cast<const char*>(data) + length, static_cast<char*>(write));