base/pickle.cc

   1 // Copyright 2012 The Chromium Authors
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/pickle.h"
   6
   7 #include <algorithm>  // for max()
   8 #include <cstdlib>
   9 #include <limits>
  10
  11 #include "base/bits.h"
  12 #include "base/numerics/safe_conversions.h"
  13 #include "base/numerics/safe_math.h"
  14 #include "build/build_config.h"
  15
  16 namespace base {
  17
  18 // static
  19 const size_t Pickle::kPayloadUnit = 64;
  20
  21 static const size_t kCapacityReadOnly = static_cast<size_t>(-1);
  22
  23 PickleIterator::PickleIterator(const Pickle& pickle)
  24     : payload_(pickle.payload()),
  25       read_index_(0),
  26       end_index_(pickle.payload_size()) {}
  27
  28 template <typename Type>
  29 inline bool PickleIterator::ReadBuiltinType(Type* result) {
  30   const char* read_from = GetReadPointerAndAdvance<Type>();
  31   if (!read_from)
  32     return false;
  33   if (sizeof(Type) > sizeof(uint32_t))
  34     memcpy(result, read_from, sizeof(*result));
  35   else
  36     *result = *reinterpret_cast<const Type*>(read_from);
  37   return true;
  38 }
  39
  40 inline void PickleIterator::Advance(size_t size) {
  41   size_t aligned_size = bits::AlignUp(size, sizeof(uint32_t));
  42   if (end_index_ - read_index_ < aligned_size) {
  43     read_index_ = end_index_;
  44   } else {
  45     read_index_ += aligned_size;
  46   }
  47 }
  48
  49 template <typename Type>
  50 inline const char* PickleIterator::GetReadPointerAndAdvance() {
  51   if (sizeof(Type) > end_index_ - read_index_) {
  52     read_index_ = end_index_;
  53     return nullptr;
  54   }
  55   const char* current_read_ptr = payload_ + read_index_;
  56   Advance(sizeof(Type));
  57   return current_read_ptr;
  58 }
  59
  60 const char* PickleIterator::GetReadPointerAndAdvance(size_t num_bytes) {
  61   if (num_bytes > end_index_ - read_index_) {
  62     read_index_ = end_index_;
  63     return nullptr;
  64   }
  65   const char* current_read_ptr = payload_ + read_index_;
  66   Advance(num_bytes);
  67   return current_read_ptr;
  68 }
  69
  70 inline const char* PickleIterator::GetReadPointerAndAdvance(
  71     size_t num_elements,
  72     size_t size_element) {
  73   // Check for size_t overflow.
  74   size_t num_bytes;
  75   if (!CheckMul(num_elements, size_element).AssignIfValid(&num_bytes))
  76     return nullptr;
  77   return GetReadPointerAndAdvance(num_bytes);
  78 }
  79
  80 bool PickleIterator::ReadBool(bool* result) {
  81   return ReadBuiltinType(result);
  82 }
  83
  84 bool PickleIterator::ReadInt(int* result) {
  85   return ReadBuiltinType(result);
  86 }
  87
  88 bool PickleIterator::ReadLong(long* result) {
  89   // Always read long as a 64-bit value to ensure compatibility between 32-bit
  90   // and 64-bit processes.
  91   int64_t result_int64 = 0;
  92   if (!ReadBuiltinType(&result_int64))
  93     return false;
  94   // CHECK if the cast truncates the value so that we know to change this IPC
  95   // parameter to use int64_t.
  96   *result = base::checked_cast<long>(result_int64);
  97   return true;
  98 }
  99
 100 bool PickleIterator::ReadUInt16(uint16_t* result) {
 101   return ReadBuiltinType(result);
 102 }
 103
 104 bool PickleIterator::ReadUInt32(uint32_t* result) {
 105   return ReadBuiltinType(result);
 106 }
 107
 108 bool PickleIterator::ReadInt64(int64_t* result) {
 109   return ReadBuiltinType(result);
 110 }
 111
 112 bool PickleIterator::ReadUInt64(uint64_t* result) {
 113   return ReadBuiltinType(result);
 114 }
 115
 116 bool PickleIterator::ReadFloat(float* result) {
 117   // crbug.com/315213
 118   // The source data may not be properly aligned, and unaligned float reads
 119   // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
 120   // into the result.
 121   const char* read_from = GetReadPointerAndAdvance<float>();
 122   if (!read_from)
 123     return false;
 124   memcpy(result, read_from, sizeof(*result));
 125   return true;
 126 }
 127
 128 bool PickleIterator::ReadDouble(double* result) {
 129   // crbug.com/315213
 130   // The source data may not be properly aligned, and unaligned double reads
 131   // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
 132   // into the result.
 133   const char* read_from = GetReadPointerAndAdvance<double>();
 134   if (!read_from)
 135     return false;
 136   memcpy(result, read_from, sizeof(*result));
 137   return true;
 138 }
 139
 140 bool PickleIterator::ReadString(std::string* result) {
 141   size_t len;
 142   if (!ReadLength(&len))
 143     return false;
 144   const char* read_from = GetReadPointerAndAdvance(len);
 145   if (!read_from)
 146     return false;
 147
 148   result->assign(read_from, len);
 149   return true;
 150 }
 151
 152 bool PickleIterator::ReadStringPiece(StringPiece* result) {
 153   size_t len;
 154   if (!ReadLength(&len))
 155     return false;
 156   const char* read_from = GetReadPointerAndAdvance(len);
 157   if (!read_from)
 158     return false;
 159
 160   *result = StringPiece(read_from, len);
 161   return true;
 162 }
 163
 164 bool PickleIterator::ReadString16(std::u16string* result) {
 165   size_t len;
 166   if (!ReadLength(&len))
 167     return false;
 168   const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16_t));
 169   if (!read_from)
 170     return false;
 171
 172   result->assign(reinterpret_cast<const char16_t*>(read_from), len);
 173   return true;
 174 }
 175
 176 bool PickleIterator::ReadStringPiece16(StringPiece16* result) {
 177   size_t len;
 178   if (!ReadLength(&len))
 179     return false;
 180   const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16_t));
 181   if (!read_from)
 182     return false;
 183
 184   *result = StringPiece16(reinterpret_cast<const char16_t*>(read_from), len);
 185   return true;
 186 }
 187
 188 bool PickleIterator::ReadData(const char** data, size_t* length) {
 189   *length = 0;
 190   *data = nullptr;
 191
 192   if (!ReadLength(length))
 193     return false;
 194
 195   return ReadBytes(data, *length);
 196 }
 197
 198 bool PickleIterator::ReadData(base::span<const uint8_t>* data) {
 199   const char* ptr;
 200   size_t length;
 201
 202   if (!ReadData(&ptr, &length))
 203     return false;
 204
 205   *data = base::as_bytes(base::make_span(ptr, length));
 206   return true;
 207 }
 208
 209 bool PickleIterator::ReadBytes(const char** data, size_t length) {
 210   const char* read_from = GetReadPointerAndAdvance(length);
 211   if (!read_from)
 212     return false;
 213   *data = read_from;
 214   return true;
 215 }
 216
 217 Pickle::Attachment::Attachment() = default;
 218
 219 Pickle::Attachment::~Attachment() = default;
 220
 221 // Payload is uint32_t aligned.
 222
 223 Pickle::Pickle()
 224     : header_(nullptr),
 225       header_size_(sizeof(Header)),
 226       capacity_after_header_(0),
 227       write_offset_(0) {
 228   static_assert(base::bits::IsPowerOfTwo(Pickle::kPayloadUnit),
 229                 "Pickle::kPayloadUnit must be a power of two");
 230   Resize(kPayloadUnit);
 231   header_->payload_size = 0;
 232 }
 233
 234 Pickle::Pickle(size_t header_size)
 235     : header_(nullptr),
 236       header_size_(bits::AlignUp(header_size, sizeof(uint32_t))),
 237       capacity_after_header_(0),
 238       write_offset_(0) {
 239   DCHECK_GE(header_size, sizeof(Header));
 240   DCHECK_LE(header_size, kPayloadUnit);
 241   Resize(kPayloadUnit);
 242   header_->payload_size = 0;
 243 }
 244
 245 Pickle::Pickle(const char* data, size_t data_len)
 246     : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
 247       header_size_(0),
 248       capacity_after_header_(kCapacityReadOnly),
 249       write_offset_(0) {
 250   if (data_len >= sizeof(Header))
 251     header_size_ = data_len - header_->payload_size;
 252
 253   if (header_size_ > data_len)
 254     header_size_ = 0;
 255
 256   if (header_size_ != bits::AlignUp(header_size_, sizeof(uint32_t)))
 257     header_size_ = 0;
 258
 259   // If there is anything wrong with the data, we're not going to use it.
 260   if (!header_size_)
 261     header_ = nullptr;
 262 }
 263
 264 Pickle::Pickle(const Pickle& other)
 265     : header_(nullptr),
 266       header_size_(other.header_size_),
 267       capacity_after_header_(0),
 268       write_offset_(other.write_offset_) {
 269   if (other.header_) {
 270     Resize(other.header_->payload_size);
 271     memcpy(header_, other.header_, header_size_ + other.header_->payload_size);
 272   }
 273 }
 274
 275 Pickle::~Pickle() {
 276   if (capacity_after_header_ != kCapacityReadOnly)
 277     free(header_);
 278 }
 279
 280 Pickle& Pickle::operator=(const Pickle& other) {
 281   if (this == &other) {
 282     return *this;
 283   }
 284   if (capacity_after_header_ == kCapacityReadOnly) {
 285     header_ = nullptr;
 286     capacity_after_header_ = 0;
 287   }
 288   if (header_size_ != other.header_size_) {
 289     free(header_);
 290     header_ = nullptr;
 291     header_size_ = other.header_size_;
 292   }
 293   if (other.header_) {
 294     Resize(other.header_->payload_size);
 295     memcpy(header_, other.header_,
 296            other.header_size_ + other.header_->payload_size);
 297     write_offset_ = other.write_offset_;
 298   }
 299   return *this;
 300 }
 301
 302 void Pickle::WriteString(const StringPiece& value) {
 303   WriteData(value.data(), value.size());
 304 }
 305
 306 void Pickle::WriteString16(const StringPiece16& value) {
 307   WriteInt(checked_cast<int>(value.size()));
 308   WriteBytes(value.data(), value.size() * sizeof(char16_t));
 309 }
 310
 311 void Pickle::WriteData(const char* data, size_t length) {
 312   WriteInt(checked_cast<int>(length));
 313   WriteBytes(data, length);
 314 }
 315
 316 void Pickle::WriteBytes(const void* data, size_t length) {
 317   WriteBytesCommon(data, length);
 318 }
 319
 320 void Pickle::Reserve(size_t length) {
 321   size_t data_len = bits::AlignUp(length, sizeof(uint32_t));
 322   DCHECK_GE(data_len, length);
 323 #ifdef ARCH_CPU_64_BITS
 324   DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
 325 #endif
 326   DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
 327   size_t new_size = write_offset_ + data_len;
 328   if (new_size > capacity_after_header_)
 329     Resize(capacity_after_header_ * 2 + new_size);
 330 }
 331
 332 bool Pickle::WriteAttachment(scoped_refptr<Attachment> attachment) {
 333   return false;
 334 }
 335
 336 bool Pickle::ReadAttachment(base::PickleIterator* iter,
 337                             scoped_refptr<Attachment>* attachment) const {
 338   return false;
 339 }
 340
 341 bool Pickle::HasAttachments() const {
 342   return false;
 343 }
 344
 345 void Pickle::Resize(size_t new_capacity) {
 346   CHECK_NE(capacity_after_header_, kCapacityReadOnly);
 347   capacity_after_header_ = bits::AlignUp(new_capacity, kPayloadUnit);
 348   void* p = realloc(header_, GetTotalAllocatedSize());
 349   CHECK(p);
 350   header_ = reinterpret_cast<Header*>(p);
 351 }
 352
 353 void* Pickle::ClaimBytes(size_t num_bytes) {
 354   void* p = ClaimUninitializedBytesInternal(num_bytes);
 355   CHECK(p);
 356   memset(p, 0, num_bytes);
 357   return p;
 358 }
 359
 360 size_t Pickle::GetTotalAllocatedSize() const {
 361   if (capacity_after_header_ == kCapacityReadOnly)
 362     return 0;
 363   return header_size_ + capacity_after_header_;
 364 }
 365
 366 // static
 367 const char* Pickle::FindNext(size_t header_size,
 368                              const char* start,
 369                              const char* end) {
 370   size_t pickle_size = 0;
 371   if (!PeekNext(header_size, start, end, &pickle_size))
 372     return nullptr;
 373
 374   if (pickle_size > static_cast<size_t>(end - start))
 375     return nullptr;
 376
 377   return start + pickle_size;
 378 }
 379
 380 // static
 381 bool Pickle::PeekNext(size_t header_size,
 382                       const char* start,
 383                       const char* end,
 384                       size_t* pickle_size) {
 385   DCHECK_EQ(header_size, bits::AlignUp(header_size, sizeof(uint32_t)));
 386   DCHECK_GE(header_size, sizeof(Header));
 387   DCHECK_LE(header_size, static_cast<size_t>(kPayloadUnit));
 388
 389   size_t length = static_cast<size_t>(end - start);
 390   if (length < sizeof(Header))
 391     return false;
 392
 393   const Header* hdr = reinterpret_cast<const Header*>(start);
 394   if (length < header_size)
 395     return false;
 396
 397   // If payload_size causes an overflow, we return maximum possible
 398   // pickle size to indicate that.
 399   *pickle_size = ClampAdd(header_size, hdr->payload_size);
 400   return true;
 401 }
 402
 403 template <size_t length>
 404 void Pickle::WriteBytesStatic(const void* data) {
 405   WriteBytesCommon(data, length);
 406 }
 407
 408 template void Pickle::WriteBytesStatic<2>(const void* data);
 409 template void Pickle::WriteBytesStatic<4>(const void* data);
 410 template void Pickle::WriteBytesStatic<8>(const void* data);
 411
 412 inline void* Pickle::ClaimUninitializedBytesInternal(size_t length) {
 413   DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
 414       << "oops: pickle is readonly";
 415   size_t data_len = bits::AlignUp(length, sizeof(uint32_t));
 416   DCHECK_GE(data_len, length);
 417 #ifdef ARCH_CPU_64_BITS
 418   DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
 419 #endif
 420   DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
 421   size_t new_size = write_offset_ + data_len;
 422   if (new_size > capacity_after_header_) {
 423     size_t new_capacity = capacity_after_header_ * 2;
 424     const size_t kPickleHeapAlign = 4096;
 425     if (new_capacity > kPickleHeapAlign) {
 426       new_capacity =
 427           bits::AlignUp(new_capacity, kPickleHeapAlign) - kPayloadUnit;
 428     }
 429     Resize(std::max(new_capacity, new_size));
 430   }
 431
 432   char* write = mutable_payload() + write_offset_;
 433   memset(write + length, 0, data_len - length);  // Always initialize padding
 434   header_->payload_size = static_cast<uint32_t>(new_size);
 435   write_offset_ = new_size;
 436   return write;
 437 }
 438
 439 inline void Pickle::WriteBytesCommon(const void* data, size_t length) {
 440   DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
 441       << "oops: pickle is readonly";
 442   MSAN_CHECK_MEM_IS_INITIALIZED(data, length);
 443   void* write = ClaimUninitializedBytesInternal(length);
 444   memcpy(write, data, length);
 445 }
 446
 447 }  // namespace base