// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_UTIL_H_ #define MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_UTIL_H_ #include <stdint.h> #include "base/component_export.h" #include "mojo/public/cpp/bindings/lib/bindings_internal.h" #include "mojo/public/cpp/bindings/lib/serialization_util.h" #include "mojo/public/cpp/bindings/lib/validate_params.h" #include "mojo/public/cpp/bindings/lib/validation_context.h" #include "mojo/public/cpp/bindings/lib/validation_errors.h" #include "mojo/public/cpp/bindings/message.h" namespace mojo { namespace internal { // Calls ReportValidationError() with a constructed error string. COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) void ReportNonNullableValidationError(ValidationContext* validation_context, ValidationError error, int field_index); // Checks whether decoding the pointer will overflow and produce a pointer // smaller than |offset|. inline bool ValidateEncodedPointer(const uint64_t* offset) { // - Make sure |*offset| is no more than 32-bits. // - Cast |offset| to uintptr_t so overflow behavior is well defined across // 32-bit and 64-bit systems. return *offset <= std::numeric_limits<uint32_t>::max() && (reinterpret_cast<uintptr_t>(offset) + static_cast<uint32_t>(*offset) >= reinterpret_cast<uintptr_t>(offset)); } template <typename T> bool ValidatePointer(const Pointer<T>& input, ValidationContext* validation_context) { bool result = ValidateEncodedPointer(&input.offset); if (!result) ReportValidationError(validation_context, VALIDATION_ERROR_ILLEGAL_POINTER); return result; } // Validates that |data| contains a valid struct header, in terms of alignment // and size (i.e., the |num_bytes| field of the header is sufficient for storing // the header itself). Besides, it checks that the memory range // [data, data + num_bytes) is not marked as occupied by other objects in // |validation_context|. On success, the memory range is marked as occupied. // Note: Does not verify |version| or that |num_bytes| is correct for the // claimed version. COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateStructHeaderAndClaimMemory(const void* data, ValidationContext* validation_context); // Validates that |data| contains a valid union header, in terms of alignment // and size. It checks that the memory range [data, data + kUnionDataSize) is // not marked as occupied by other objects in |validation_context|. On success, // the memory range is marked as occupied. COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateNonInlinedUnionHeaderAndClaimMemory( const void* data, ValidationContext* validation_context); // Validates that the message is a request which doesn't expect a response. COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateMessageIsRequestWithoutResponse( const Message* message, ValidationContext* validation_context); // Validates that the message is a request expecting a response. COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateMessageIsRequestExpectingResponse( const Message* message, ValidationContext* validation_context); // Validates that the message is a response. COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateMessageIsResponse(const Message* message, ValidationContext* validation_context); // Validates that the message payload is a valid struct of type ParamsType. template <typename ParamsType> bool ValidateMessagePayload(const Message* message, ValidationContext* validation_context) { return ParamsType::Validate(message->payload(), validation_context); } // The following Validate.*NonNullable() functions validate that the given // |input| is not null/invalid. template <typename T> bool ValidatePointerNonNullable(const T& input, int field_index, ValidationContext* validation_context) { if (input.offset) return true; ReportNonNullableValidationError(validation_context, VALIDATION_ERROR_UNEXPECTED_NULL_POINTER, field_index); return false; } template <typename T> bool ValidateInlinedUnionNonNullable(const T& input, int field_index, ValidationContext* validation_context) { if (!input.is_null()) return true; ReportNonNullableValidationError(validation_context, VALIDATION_ERROR_UNEXPECTED_NULL_POINTER, field_index); return false; } COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool IsHandleOrInterfaceValid(const AssociatedInterface_Data& input); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool IsHandleOrInterfaceValid(const AssociatedEndpointHandle_Data& input); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool IsHandleOrInterfaceValid(const Interface_Data& input); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool IsHandleOrInterfaceValid(const Handle_Data& input); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterfaceNonNullable( const AssociatedInterface_Data& input, int field_index, ValidationContext* validation_context); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterfaceNonNullable( const AssociatedEndpointHandle_Data& input, int field_index, ValidationContext* validation_context); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterfaceNonNullable( const Interface_Data& input, int field_index, ValidationContext* validation_context); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterfaceNonNullable( const Handle_Data& input, int field_index, ValidationContext* validation_context); template <typename T> bool ValidateContainer(const Pointer<T>& input, ValidationContext* validation_context, const ContainerValidateParams* validate_params) { ValidationContext::ScopedDepthTracker depth_tracker(validation_context); if (validation_context->ExceedsMaxDepth()) { ReportValidationError(validation_context, VALIDATION_ERROR_MAX_RECURSION_DEPTH); return false; } return ValidatePointer(input, validation_context) && T::Validate(input.Get(), validation_context, validate_params); } template <typename T> bool ValidateStruct(const Pointer<T>& input, ValidationContext* validation_context) { ValidationContext::ScopedDepthTracker depth_tracker(validation_context); if (validation_context->ExceedsMaxDepth()) { ReportValidationError(validation_context, VALIDATION_ERROR_MAX_RECURSION_DEPTH); return false; } return ValidatePointer(input, validation_context) && T::Validate(input.Get(), validation_context); } template <typename T> bool ValidateInlinedUnion(const T& input, ValidationContext* validation_context) { ValidationContext::ScopedDepthTracker depth_tracker(validation_context); if (validation_context->ExceedsMaxDepth()) { ReportValidationError(validation_context, VALIDATION_ERROR_MAX_RECURSION_DEPTH); return false; } return T::Validate(&input, validation_context, true); } template <typename T> bool ValidateNonInlinedUnion(const Pointer<T>& input, ValidationContext* validation_context) { ValidationContext::ScopedDepthTracker depth_tracker(validation_context); if (validation_context->ExceedsMaxDepth()) { ReportValidationError(validation_context, VALIDATION_ERROR_MAX_RECURSION_DEPTH); return false; } return ValidatePointer(input, validation_context) && T::Validate(input.Get(), validation_context, false); } COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterface(const AssociatedInterface_Data& input, ValidationContext* validation_context); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterface(const AssociatedEndpointHandle_Data& input, ValidationContext* validation_context); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterface(const Interface_Data& input, ValidationContext* validation_context); COMPONENT_EXPORT(MOJO_CPP_BINDINGS_BASE) bool ValidateHandleOrInterface(const Handle_Data& input, ValidationContext* validation_context); } // namespace internal } // namespace mojo #endif // MOJO_PUBLIC_CPP_BINDINGS_LIB_VALIDATION_UTIL_H_