Fix a use after free crasher in the ReadAsync task initiated on Windows by the FileSt...
[chromium-blink-merge.git] / base / pickle.cc
blobd461f413dfd2e68a6e97c9f15d5d97dc68faacb3
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/pickle.h"
7 #include <stdlib.h>
9 #include <algorithm> // for max()
11 //------------------------------------------------------------------------------
13 using base::char16;
14 using base::string16;
16 // static
17 const int Pickle::kPayloadUnit = 64;
19 static const size_t kCapacityReadOnly = static_cast<size_t>(-1);
21 PickleIterator::PickleIterator(const Pickle& pickle)
22 : payload_(pickle.payload()),
23 read_index_(0),
24 end_index_(pickle.payload_size()) {
27 template <typename Type>
28 inline bool PickleIterator::ReadBuiltinType(Type* result) {
29 const char* read_from = GetReadPointerAndAdvance<Type>();
30 if (!read_from)
31 return false;
32 if (sizeof(Type) > sizeof(uint32))
33 memcpy(result, read_from, sizeof(*result));
34 else
35 *result = *reinterpret_cast<const Type*>(read_from);
36 return true;
39 inline void PickleIterator::Advance(size_t size) {
40 size_t aligned_size = AlignInt(size, sizeof(uint32_t));
41 if (end_index_ - read_index_ < aligned_size) {
42 read_index_ = end_index_;
43 } else {
44 read_index_ += aligned_size;
48 template<typename Type>
49 inline const char* PickleIterator::GetReadPointerAndAdvance() {
50 if (sizeof(Type) > end_index_ - read_index_) {
51 read_index_ = end_index_;
52 return NULL;
54 const char* current_read_ptr = payload_ + read_index_;
55 Advance(sizeof(Type));
56 return current_read_ptr;
59 const char* PickleIterator::GetReadPointerAndAdvance(int num_bytes) {
60 if (num_bytes < 0 ||
61 end_index_ - read_index_ < static_cast<size_t>(num_bytes)) {
62 read_index_ = end_index_;
63 return NULL;
65 const char* current_read_ptr = payload_ + read_index_;
66 Advance(num_bytes);
67 return current_read_ptr;
70 inline const char* PickleIterator::GetReadPointerAndAdvance(
71 int num_elements,
72 size_t size_element) {
73 // Check for int32 overflow.
74 int64 num_bytes = static_cast<int64>(num_elements) * size_element;
75 int num_bytes32 = static_cast<int>(num_bytes);
76 if (num_bytes != static_cast<int64>(num_bytes32))
77 return NULL;
78 return GetReadPointerAndAdvance(num_bytes32);
81 bool PickleIterator::ReadBool(bool* result) {
82 return ReadBuiltinType(result);
85 bool PickleIterator::ReadInt(int* result) {
86 return ReadBuiltinType(result);
89 bool PickleIterator::ReadLong(long* result) {
90 return ReadBuiltinType(result);
93 bool PickleIterator::ReadUInt16(uint16* result) {
94 return ReadBuiltinType(result);
97 bool PickleIterator::ReadUInt32(uint32* result) {
98 return ReadBuiltinType(result);
101 bool PickleIterator::ReadInt64(int64* result) {
102 return ReadBuiltinType(result);
105 bool PickleIterator::ReadUInt64(uint64* result) {
106 return ReadBuiltinType(result);
109 bool PickleIterator::ReadSizeT(size_t* result) {
110 // Always read size_t as a 64-bit value to ensure compatibility between 32-bit
111 // and 64-bit processes.
112 uint64 result_uint64 = 0;
113 bool success = ReadBuiltinType(&result_uint64);
114 *result = static_cast<size_t>(result_uint64);
115 // Fail if the cast above truncates the value.
116 return success && (*result == result_uint64);
119 bool PickleIterator::ReadFloat(float* result) {
120 // crbug.com/315213
121 // The source data may not be properly aligned, and unaligned float reads
122 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
123 // into the result.
124 const char* read_from = GetReadPointerAndAdvance<float>();
125 if (!read_from)
126 return false;
127 memcpy(result, read_from, sizeof(*result));
128 return true;
131 bool PickleIterator::ReadDouble(double* result) {
132 // crbug.com/315213
133 // The source data may not be properly aligned, and unaligned double reads
134 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
135 // into the result.
136 const char* read_from = GetReadPointerAndAdvance<double>();
137 if (!read_from)
138 return false;
139 memcpy(result, read_from, sizeof(*result));
140 return true;
143 bool PickleIterator::ReadString(std::string* result) {
144 int len;
145 if (!ReadInt(&len))
146 return false;
147 const char* read_from = GetReadPointerAndAdvance(len);
148 if (!read_from)
149 return false;
151 result->assign(read_from, len);
152 return true;
155 bool PickleIterator::ReadWString(std::wstring* result) {
156 int len;
157 if (!ReadInt(&len))
158 return false;
159 const char* read_from = GetReadPointerAndAdvance(len, sizeof(wchar_t));
160 if (!read_from)
161 return false;
163 result->assign(reinterpret_cast<const wchar_t*>(read_from), len);
164 return true;
167 bool PickleIterator::ReadString16(string16* result) {
168 int len;
169 if (!ReadInt(&len))
170 return false;
171 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16));
172 if (!read_from)
173 return false;
175 result->assign(reinterpret_cast<const char16*>(read_from), len);
176 return true;
179 bool PickleIterator::ReadData(const char** data, int* length) {
180 *length = 0;
181 *data = 0;
183 if (!ReadInt(length))
184 return false;
186 return ReadBytes(data, *length);
189 bool PickleIterator::ReadBytes(const char** data, int length) {
190 const char* read_from = GetReadPointerAndAdvance(length);
191 if (!read_from)
192 return false;
193 *data = read_from;
194 return true;
197 // Payload is uint32 aligned.
199 Pickle::Pickle()
200 : header_(NULL),
201 header_size_(sizeof(Header)),
202 capacity_after_header_(0),
203 write_offset_(0) {
204 Resize(kPayloadUnit);
205 header_->payload_size = 0;
208 Pickle::Pickle(int header_size)
209 : header_(NULL),
210 header_size_(AlignInt(header_size, sizeof(uint32))),
211 capacity_after_header_(0),
212 write_offset_(0) {
213 DCHECK_GE(static_cast<size_t>(header_size), sizeof(Header));
214 DCHECK_LE(header_size, kPayloadUnit);
215 Resize(kPayloadUnit);
216 header_->payload_size = 0;
219 Pickle::Pickle(const char* data, int data_len)
220 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
221 header_size_(0),
222 capacity_after_header_(kCapacityReadOnly),
223 write_offset_(0) {
224 if (data_len >= static_cast<int>(sizeof(Header)))
225 header_size_ = data_len - header_->payload_size;
227 if (header_size_ > static_cast<unsigned int>(data_len))
228 header_size_ = 0;
230 if (header_size_ != AlignInt(header_size_, sizeof(uint32)))
231 header_size_ = 0;
233 // If there is anything wrong with the data, we're not going to use it.
234 if (!header_size_)
235 header_ = NULL;
238 Pickle::Pickle(const Pickle& other)
239 : header_(NULL),
240 header_size_(other.header_size_),
241 capacity_after_header_(0),
242 write_offset_(other.write_offset_) {
243 size_t payload_size = header_size_ + other.header_->payload_size;
244 Resize(payload_size);
245 memcpy(header_, other.header_, payload_size);
248 Pickle::~Pickle() {
249 if (capacity_after_header_ != kCapacityReadOnly)
250 free(header_);
253 Pickle& Pickle::operator=(const Pickle& other) {
254 if (this == &other) {
255 NOTREACHED();
256 return *this;
258 if (capacity_after_header_ == kCapacityReadOnly) {
259 header_ = NULL;
260 capacity_after_header_ = 0;
262 if (header_size_ != other.header_size_) {
263 free(header_);
264 header_ = NULL;
265 header_size_ = other.header_size_;
267 Resize(other.header_->payload_size);
268 memcpy(header_, other.header_,
269 other.header_size_ + other.header_->payload_size);
270 write_offset_ = other.write_offset_;
271 return *this;
274 bool Pickle::WriteString(const std::string& value) {
275 if (!WriteInt(static_cast<int>(value.size())))
276 return false;
278 return WriteBytes(value.data(), static_cast<int>(value.size()));
281 bool Pickle::WriteWString(const std::wstring& value) {
282 if (!WriteInt(static_cast<int>(value.size())))
283 return false;
285 return WriteBytes(value.data(),
286 static_cast<int>(value.size() * sizeof(wchar_t)));
289 bool Pickle::WriteString16(const string16& value) {
290 if (!WriteInt(static_cast<int>(value.size())))
291 return false;
293 return WriteBytes(value.data(),
294 static_cast<int>(value.size()) * sizeof(char16));
297 bool Pickle::WriteData(const char* data, int length) {
298 return length >= 0 && WriteInt(length) && WriteBytes(data, length);
301 bool Pickle::WriteBytes(const void* data, int length) {
302 WriteBytesCommon(data, length);
303 return true;
306 void Pickle::Reserve(size_t length) {
307 size_t data_len = AlignInt(length, sizeof(uint32));
308 DCHECK_GE(data_len, length);
309 #ifdef ARCH_CPU_64_BITS
310 DCHECK_LE(data_len, kuint32max);
311 #endif
312 DCHECK_LE(write_offset_, kuint32max - data_len);
313 size_t new_size = write_offset_ + data_len;
314 if (new_size > capacity_after_header_)
315 Resize(capacity_after_header_ * 2 + new_size);
318 void Pickle::Resize(size_t new_capacity) {
319 new_capacity = AlignInt(new_capacity, kPayloadUnit);
321 CHECK_NE(capacity_after_header_, kCapacityReadOnly);
322 void* p = realloc(header_, header_size_ + new_capacity);
323 CHECK(p);
324 header_ = reinterpret_cast<Header*>(p);
325 capacity_after_header_ = new_capacity;
328 // static
329 const char* Pickle::FindNext(size_t header_size,
330 const char* start,
331 const char* end) {
332 DCHECK_EQ(header_size, AlignInt(header_size, sizeof(uint32)));
333 DCHECK_LE(header_size, static_cast<size_t>(kPayloadUnit));
335 size_t length = static_cast<size_t>(end - start);
336 if (length < sizeof(Header))
337 return NULL;
339 const Header* hdr = reinterpret_cast<const Header*>(start);
340 if (length < header_size || length - header_size < hdr->payload_size)
341 return NULL;
342 return start + header_size + hdr->payload_size;
345 template <size_t length> void Pickle::WriteBytesStatic(const void* data) {
346 WriteBytesCommon(data, length);
349 template void Pickle::WriteBytesStatic<2>(const void* data);
350 template void Pickle::WriteBytesStatic<4>(const void* data);
351 template void Pickle::WriteBytesStatic<8>(const void* data);
353 inline void Pickle::WriteBytesCommon(const void* data, size_t length) {
354 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
355 << "oops: pickle is readonly";
356 size_t data_len = AlignInt(length, sizeof(uint32));
357 DCHECK_GE(data_len, length);
358 #ifdef ARCH_CPU_64_BITS
359 DCHECK_LE(data_len, kuint32max);
360 #endif
361 DCHECK_LE(write_offset_, kuint32max - data_len);
362 size_t new_size = write_offset_ + data_len;
363 if (new_size > capacity_after_header_) {
364 Resize(std::max(capacity_after_header_ * 2, new_size));
367 char* write = mutable_payload() + write_offset_;
368 memcpy(write, data, length);
369 memset(write + length, 0, data_len - length);
370 header_->payload_size = static_cast<uint32>(new_size);
371 write_offset_ = new_size;