1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/pickle.h"
6
7 #include <stdlib.h>
8
9 #include <algorithm> // for max()
10 #include <limits>
11
12 #include "base/bits.h"
13 #include "base/macros.h"
14 #include "base/numerics/safe_conversions.h"
15 #include "base/numerics/safe_math.h"
16 #include "build/build_config.h"
17
18 namespace base {
19
20 // static
21 const int Pickle::kPayloadUnit = 64;
22
23 static const size_t kCapacityReadOnly = static_cast<size_t>(-1);
24
PickleIterator(const Pickle & pickle)25 PickleIterator::PickleIterator(const Pickle& pickle)
26 : payload_(pickle.payload()),
27 read_index_(0),
28 end_index_(pickle.payload_size()) {
29 }
30
31 template <typename Type>
ReadBuiltinType(Type * result)32 inline bool PickleIterator::ReadBuiltinType(Type* result) {
33 const char* read_from = GetReadPointerAndAdvance<Type>();
34 if (!read_from)
35 return false;
36 if (sizeof(Type) > sizeof(uint32_t))
37 memcpy(result, read_from, sizeof(*result));
38 else
39 *result = *reinterpret_cast<const Type*>(read_from);
40 return true;
41 }
42
Advance(size_t size)43 inline void PickleIterator::Advance(size_t size) {
44 size_t aligned_size = bits::Align(size, sizeof(uint32_t));
45 if (end_index_ - read_index_ < aligned_size) {
46 read_index_ = end_index_;
47 } else {
48 read_index_ += aligned_size;
49 }
50 }
51
52 template<typename Type>
GetReadPointerAndAdvance()53 inline const char* PickleIterator::GetReadPointerAndAdvance() {
54 if (sizeof(Type) > end_index_ - read_index_) {
55 read_index_ = end_index_;
56 return nullptr;
57 }
58 const char* current_read_ptr = payload_ + read_index_;
59 Advance(sizeof(Type));
60 return current_read_ptr;
61 }
62
GetReadPointerAndAdvance(int num_bytes)63 const char* PickleIterator::GetReadPointerAndAdvance(int num_bytes) {
64 if (num_bytes < 0 ||
65 end_index_ - read_index_ < static_cast<size_t>(num_bytes)) {
66 read_index_ = end_index_;
67 return nullptr;
68 }
69 const char* current_read_ptr = payload_ + read_index_;
70 Advance(num_bytes);
71 return current_read_ptr;
72 }
73
GetReadPointerAndAdvance(int num_elements,size_t size_element)74 inline const char* PickleIterator::GetReadPointerAndAdvance(
75 int num_elements,
76 size_t size_element) {
77 // Check for int32_t overflow.
78 int num_bytes;
79 if (!CheckMul(num_elements, size_element).AssignIfValid(&num_bytes))
80 return nullptr;
81 return GetReadPointerAndAdvance(num_bytes);
82 }
83
ReadBool(bool * result)84 bool PickleIterator::ReadBool(bool* result) {
85 int int_result;
86 if (ReadBuiltinType(&int_result)) {
87 *result = static_cast<bool>(int_result);
88 return true;
89 } else
90 return false;
91 }
92
ReadInt(int * result)93 bool PickleIterator::ReadInt(int* result) {
94 return ReadBuiltinType(result);
95 }
96
ReadLong(long * result)97 bool PickleIterator::ReadLong(long* result) {
98 // Always read long as a 64-bit value to ensure compatibility between 32-bit
99 // and 64-bit processes.
100 int64_t result_int64 = 0;
101 if (!ReadBuiltinType(&result_int64))
102 return false;
103 // CHECK if the cast truncates the value so that we know to change this IPC
104 // parameter to use int64_t.
105 *result = base::checked_cast<long>(result_int64);
106 return true;
107 }
108
ReadUInt16(uint16_t * result)109 bool PickleIterator::ReadUInt16(uint16_t* result) {
110 return ReadBuiltinType(result);
111 }
112
ReadUInt32(uint32_t * result)113 bool PickleIterator::ReadUInt32(uint32_t* result) {
114 return ReadBuiltinType(result);
115 }
116
ReadInt64(int64_t * result)117 bool PickleIterator::ReadInt64(int64_t* result) {
118 return ReadBuiltinType(result);
119 }
120
ReadUInt64(uint64_t * result)121 bool PickleIterator::ReadUInt64(uint64_t* result) {
122 return ReadBuiltinType(result);
123 }
124
ReadFloat(float * result)125 bool PickleIterator::ReadFloat(float* result) {
126 // crbug.com/315213
127 // The source data may not be properly aligned, and unaligned float reads
128 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
129 // into the result.
130 const char* read_from = GetReadPointerAndAdvance<float>();
131 if (!read_from)
132 return false;
133 memcpy(result, read_from, sizeof(*result));
134 return true;
135 }
136
ReadDouble(double * result)137 bool PickleIterator::ReadDouble(double* result) {
138 // crbug.com/315213
139 // The source data may not be properly aligned, and unaligned double reads
140 // cause SIGBUS on some ARM platforms, so force using memcpy to copy the data
141 // into the result.
142 const char* read_from = GetReadPointerAndAdvance<double>();
143 if (!read_from)
144 return false;
145 memcpy(result, read_from, sizeof(*result));
146 return true;
147 }
148
ReadString(std::string * result)149 bool PickleIterator::ReadString(std::string* result) {
150 int len;
151 if (!ReadInt(&len))
152 return false;
153 const char* read_from = GetReadPointerAndAdvance(len);
154 if (!read_from)
155 return false;
156
157 result->assign(read_from, len);
158 return true;
159 }
160
ReadStringPiece(StringPiece * result)161 bool PickleIterator::ReadStringPiece(StringPiece* result) {
162 int len;
163 if (!ReadInt(&len))
164 return false;
165 const char* read_from = GetReadPointerAndAdvance(len);
166 if (!read_from)
167 return false;
168
169 *result = StringPiece(read_from, len);
170 return true;
171 }
172
ReadString16(string16 * result)173 bool PickleIterator::ReadString16(string16* result) {
174 int len;
175 if (!ReadInt(&len))
176 return false;
177 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16));
178 if (!read_from)
179 return false;
180
181 result->assign(reinterpret_cast<const char16*>(read_from), len);
182 return true;
183 }
184
ReadStringPiece16(StringPiece16 * result)185 bool PickleIterator::ReadStringPiece16(StringPiece16* result) {
186 int len;
187 if (!ReadInt(&len))
188 return false;
189 const char* read_from = GetReadPointerAndAdvance(len, sizeof(char16));
190 if (!read_from)
191 return false;
192
193 *result = StringPiece16(reinterpret_cast<const char16*>(read_from), len);
194 return true;
195 }
196
ReadData(const char ** data,int * length)197 bool PickleIterator::ReadData(const char** data, int* length) {
198 *length = 0;
199 *data = nullptr;
200
201 if (!ReadInt(length))
202 return false;
203
204 return ReadBytes(data, *length);
205 }
206
ReadBytes(const char ** data,int length)207 bool PickleIterator::ReadBytes(const char** data, int length) {
208 const char* read_from = GetReadPointerAndAdvance(length);
209 if (!read_from)
210 return false;
211 *data = read_from;
212 return true;
213 }
214
215 Pickle::Attachment::Attachment() = default;
216
217 Pickle::Attachment::~Attachment() = default;
218
219 // Payload is uint32_t aligned.
220
Pickle()221 Pickle::Pickle()
222 : header_(nullptr),
223 header_size_(sizeof(Header)),
224 capacity_after_header_(0),
225 write_offset_(0) {
226 static_assert((Pickle::kPayloadUnit & (Pickle::kPayloadUnit - 1)) == 0,
227 "Pickle::kPayloadUnit must be a power of two");
228 Resize(kPayloadUnit);
229 header_->payload_size = 0;
230 }
231
Pickle(int header_size)232 Pickle::Pickle(int header_size)
233 : header_(nullptr),
234 header_size_(bits::Align(header_size, sizeof(uint32_t))),
235 capacity_after_header_(0),
236 write_offset_(0) {
237 DCHECK_GE(static_cast<size_t>(header_size), sizeof(Header));
238 DCHECK_LE(header_size, kPayloadUnit);
239 Resize(kPayloadUnit);
240 header_->payload_size = 0;
241 }
242
Pickle(const char * data,size_t data_len)243 Pickle::Pickle(const char* data, size_t data_len)
244 : header_(reinterpret_cast<Header*>(const_cast<char*>(data))),
245 header_size_(0),
246 capacity_after_header_(kCapacityReadOnly),
247 write_offset_(0) {
248 if (data_len >= static_cast<int>(sizeof(Header)))
249 header_size_ = data_len - header_->payload_size;
250
251 if (header_size_ > static_cast<unsigned int>(data_len))
252 header_size_ = 0;
253
254 if (header_size_ != bits::Align(header_size_, sizeof(uint32_t)))
255 header_size_ = 0;
256
257 // If there is anything wrong with the data, we're not going to use it.
258 if (!header_size_)
259 header_ = nullptr;
260 }
261
Pickle(const Pickle & other)262 Pickle::Pickle(const Pickle& other)
263 : header_(nullptr),
264 header_size_(other.header_size_),
265 capacity_after_header_(0),
266 write_offset_(other.write_offset_) {
267 Resize(other.header_->payload_size);
268 memcpy(header_, other.header_, header_size_ + other.header_->payload_size);
269 }
270
~Pickle()271 Pickle::~Pickle() {
272 if (capacity_after_header_ != kCapacityReadOnly)
273 free(header_);
274 }
275
operator =(const Pickle & other)276 Pickle& Pickle::operator=(const Pickle& other) {
277 if (this == &other) {
278 return *this;
279 }
280 if (capacity_after_header_ == kCapacityReadOnly) {
281 header_ = nullptr;
282 capacity_after_header_ = 0;
283 }
284 if (header_size_ != other.header_size_) {
285 free(header_);
286 header_ = nullptr;
287 header_size_ = other.header_size_;
288 }
289 Resize(other.header_->payload_size);
290 memcpy(header_, other.header_,
291 other.header_size_ + other.header_->payload_size);
292 write_offset_ = other.write_offset_;
293 return *this;
294 }
295
WriteString(const StringPiece & value)296 void Pickle::WriteString(const StringPiece& value) {
297 WriteInt(static_cast<int>(value.size()));
298 WriteBytes(value.data(), static_cast<int>(value.size()));
299 }
300
WriteString16(const StringPiece16 & value)301 void Pickle::WriteString16(const StringPiece16& value) {
302 WriteInt(static_cast<int>(value.size()));
303 WriteBytes(value.data(), static_cast<int>(value.size()) * sizeof(char16));
304 }
305
WriteData(const char * data,int length)306 void Pickle::WriteData(const char* data, int length) {
307 DCHECK_GE(length, 0);
308 WriteInt(length);
309 WriteBytes(data, length);
310 }
311
WriteBytes(const void * data,int length)312 void Pickle::WriteBytes(const void* data, int length) {
313 WriteBytesCommon(data, length);
314 }
315
Reserve(size_t length)316 void Pickle::Reserve(size_t length) {
317 size_t data_len = bits::Align(length, sizeof(uint32_t));
318 DCHECK_GE(data_len, length);
319 #ifdef ARCH_CPU_64_BITS
320 DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
321 #endif
322 DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
323 size_t new_size = write_offset_ + data_len;
324 if (new_size > capacity_after_header_)
325 Resize(capacity_after_header_ * 2 + new_size);
326 }
327
WriteAttachment(scoped_refptr<Attachment> attachment)328 bool Pickle::WriteAttachment(scoped_refptr<Attachment> attachment) {
329 return false;
330 }
331
ReadAttachment(base::PickleIterator * iter,scoped_refptr<Attachment> * attachment) const332 bool Pickle::ReadAttachment(base::PickleIterator* iter,
333 scoped_refptr<Attachment>* attachment) const {
334 return false;
335 }
336
HasAttachments() const337 bool Pickle::HasAttachments() const {
338 return false;
339 }
340
Resize(size_t new_capacity)341 void Pickle::Resize(size_t new_capacity) {
342 CHECK_NE(capacity_after_header_, kCapacityReadOnly);
343 capacity_after_header_ = bits::Align(new_capacity, kPayloadUnit);
344 void* p = realloc(header_, GetTotalAllocatedSize());
345 CHECK(p);
346 header_ = reinterpret_cast<Header*>(p);
347 }
348
ClaimBytes(size_t num_bytes)349 void* Pickle::ClaimBytes(size_t num_bytes) {
350 void* p = ClaimUninitializedBytesInternal(num_bytes);
351 CHECK(p);
352 memset(p, 0, num_bytes);
353 return p;
354 }
355
GetTotalAllocatedSize() const356 size_t Pickle::GetTotalAllocatedSize() const {
357 if (capacity_after_header_ == kCapacityReadOnly)
358 return 0;
359 return header_size_ + capacity_after_header_;
360 }
361
362 // static
FindNext(size_t header_size,const char * start,const char * end)363 const char* Pickle::FindNext(size_t header_size,
364 const char* start,
365 const char* end) {
366 size_t pickle_size = 0;
367 if (!PeekNext(header_size, start, end, &pickle_size))
368 return nullptr;
369
370 if (pickle_size > static_cast<size_t>(end - start))
371 return nullptr;
372
373 return start + pickle_size;
374 }
375
376 // static
PeekNext(size_t header_size,const char * start,const char * end,size_t * pickle_size)377 bool Pickle::PeekNext(size_t header_size,
378 const char* start,
379 const char* end,
380 size_t* pickle_size) {
381 DCHECK_EQ(header_size, bits::Align(header_size, sizeof(uint32_t)));
382 DCHECK_GE(header_size, sizeof(Header));
383 DCHECK_LE(header_size, static_cast<size_t>(kPayloadUnit));
384
385 size_t length = static_cast<size_t>(end - start);
386 if (length < sizeof(Header))
387 return false;
388
389 const Header* hdr = reinterpret_cast<const Header*>(start);
390 if (length < header_size)
391 return false;
392
393 // If payload_size causes an overflow, we return maximum possible
394 // pickle size to indicate that.
395 *pickle_size = ClampAdd(header_size, hdr->payload_size);
396 return true;
397 }
398
WriteBytesStatic(const void * data)399 template <size_t length> void Pickle::WriteBytesStatic(const void* data) {
400 WriteBytesCommon(data, length);
401 }
402
403 template void Pickle::WriteBytesStatic<2>(const void* data);
404 template void Pickle::WriteBytesStatic<4>(const void* data);
405 template void Pickle::WriteBytesStatic<8>(const void* data);
406
ClaimUninitializedBytesInternal(size_t length)407 inline void* Pickle::ClaimUninitializedBytesInternal(size_t length) {
408 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
409 << "oops: pickle is readonly";
410 size_t data_len = bits::Align(length, sizeof(uint32_t));
411 DCHECK_GE(data_len, length);
412 #ifdef ARCH_CPU_64_BITS
413 DCHECK_LE(data_len, std::numeric_limits<uint32_t>::max());
414 #endif
415 DCHECK_LE(write_offset_, std::numeric_limits<uint32_t>::max() - data_len);
416 size_t new_size = write_offset_ + data_len;
417 if (new_size > capacity_after_header_) {
418 size_t new_capacity = capacity_after_header_ * 2;
419 const size_t kPickleHeapAlign = 4096;
420 if (new_capacity > kPickleHeapAlign)
421 new_capacity = bits::Align(new_capacity, kPickleHeapAlign) - kPayloadUnit;
422 Resize(std::max(new_capacity, new_size));
423 }
424
425 char* write = mutable_payload() + write_offset_;
426 memset(write + length, 0, data_len - length); // Always initialize padding
427 header_->payload_size = static_cast<uint32_t>(new_size);
428 write_offset_ = new_size;
429 return write;
430 }
431
WriteBytesCommon(const void * data,size_t length)432 inline void Pickle::WriteBytesCommon(const void* data, size_t length) {
433 DCHECK_NE(kCapacityReadOnly, capacity_after_header_)
434 << "oops: pickle is readonly";
435 MSAN_CHECK_MEM_IS_INITIALIZED(data, length);
436 void* write = ClaimUninitializedBytesInternal(length);
437 memcpy(write, data, length);
438 }
439
440 } // namespace base
441