Allow preventing launching Chrome with invalid Intents
[chromium-blink-merge.git] / base / pickle.h
blobe6b9d812b494e11922eb3ed1ba80ac59211320e9
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef BASE_PICKLE_H__
6 #define BASE_PICKLE_H__
8 #include <string>
10 #include "base/base_export.h"
11 #include "base/basictypes.h"
12 #include "base/compiler_specific.h"
13 #include "base/gtest_prod_util.h"
14 #include "base/logging.h"
15 #include "base/strings/string16.h"
16 #include "base/strings/string_piece.h"
18 class Pickle;
20 // PickleIterator reads data from a Pickle. The Pickle object must remain valid
21 // while the PickleIterator object is in use.
22 class BASE_EXPORT PickleIterator {
23 public:
24 PickleIterator() : payload_(NULL), read_index_(0), end_index_(0) {}
25 explicit PickleIterator(const Pickle& pickle);
27 // Methods for reading the payload of the Pickle. To read from the start of
28 // the Pickle, create a PickleIterator from a Pickle. If successful, these
29 // methods return true. Otherwise, false is returned to indicate that the
30 // result could not be extracted. It is not possible to read from the iterator
31 // after that.
32 bool ReadBool(bool* result) WARN_UNUSED_RESULT;
33 bool ReadInt(int* result) WARN_UNUSED_RESULT;
34 bool ReadLong(long* result) WARN_UNUSED_RESULT;
35 bool ReadUInt16(uint16* result) WARN_UNUSED_RESULT;
36 bool ReadUInt32(uint32* result) WARN_UNUSED_RESULT;
37 bool ReadInt64(int64* result) WARN_UNUSED_RESULT;
38 bool ReadUInt64(uint64* result) WARN_UNUSED_RESULT;
39 bool ReadSizeT(size_t* result) WARN_UNUSED_RESULT;
40 bool ReadFloat(float* result) WARN_UNUSED_RESULT;
41 bool ReadDouble(double* result) WARN_UNUSED_RESULT;
42 bool ReadString(std::string* result) WARN_UNUSED_RESULT;
43 // The StringPiece data will only be valid for the lifetime of the message.
44 bool ReadStringPiece(base::StringPiece* result) WARN_UNUSED_RESULT;
45 bool ReadString16(base::string16* result) WARN_UNUSED_RESULT;
46 // The StringPiece16 data will only be valid for the lifetime of the message.
47 bool ReadStringPiece16(base::StringPiece16* result) WARN_UNUSED_RESULT;
49 // A pointer to the data will be placed in |*data|, and the length will be
50 // placed in |*length|. The pointer placed into |*data| points into the
51 // message's buffer so it will be scoped to the lifetime of the message (or
52 // until the message data is mutated). Do not keep the pointer around!
53 bool ReadData(const char** data, int* length) WARN_UNUSED_RESULT;
55 // A pointer to the data will be placed in |*data|. The caller specifies the
56 // number of bytes to read, and ReadBytes will validate this length. The
57 // pointer placed into |*data| points into the message's buffer so it will be
58 // scoped to the lifetime of the message (or until the message data is
59 // mutated). Do not keep the pointer around!
60 bool ReadBytes(const char** data, int length) WARN_UNUSED_RESULT;
62 // A safer version of ReadInt() that checks for the result not being negative.
63 // Use it for reading the object sizes.
64 bool ReadLength(int* result) WARN_UNUSED_RESULT {
65 return ReadInt(result) && *result >= 0;
68 // Skips bytes in the read buffer and returns true if there are at least
69 // num_bytes available. Otherwise, does nothing and returns false.
70 bool SkipBytes(int num_bytes) WARN_UNUSED_RESULT {
71 return !!GetReadPointerAndAdvance(num_bytes);
74 private:
75 // Aligns 'i' by rounding it up to the next multiple of 'alignment'.
76 static size_t AlignInt(size_t i, int alignment) {
77 return i + (alignment - (i % alignment)) % alignment;
80 // Read Type from Pickle.
81 template <typename Type>
82 bool ReadBuiltinType(Type* result);
84 // Advance read_index_ but do not allow it to exceed end_index_.
85 // Keeps read_index_ aligned.
86 void Advance(size_t size);
88 // Get read pointer for Type and advance read pointer.
89 template<typename Type>
90 const char* GetReadPointerAndAdvance();
92 // Get read pointer for |num_bytes| and advance read pointer. This method
93 // checks num_bytes for negativity and wrapping.
94 const char* GetReadPointerAndAdvance(int num_bytes);
96 // Get read pointer for (num_elements * size_element) bytes and advance read
97 // pointer. This method checks for int overflow, negativity and wrapping.
98 const char* GetReadPointerAndAdvance(int num_elements,
99 size_t size_element);
101 const char* payload_; // Start of our pickle's payload.
102 size_t read_index_; // Offset of the next readable byte in payload.
103 size_t end_index_; // Payload size.
105 FRIEND_TEST_ALL_PREFIXES(PickleTest, GetReadPointerAndAdvance);
108 // This class provides facilities for basic binary value packing and unpacking.
110 // The Pickle class supports appending primitive values (ints, strings, etc.)
111 // to a pickle instance. The Pickle instance grows its internal memory buffer
112 // dynamically to hold the sequence of primitive values. The internal memory
113 // buffer is exposed as the "data" of the Pickle. This "data" can be passed
114 // to a Pickle object to initialize it for reading.
116 // When reading from a Pickle object, it is important for the consumer to know
117 // what value types to read and in what order to read them as the Pickle does
118 // not keep track of the type of data written to it.
120 // The Pickle's data has a header which contains the size of the Pickle's
121 // payload. It can optionally support additional space in the header. That
122 // space is controlled by the header_size parameter passed to the Pickle
123 // constructor.
125 class BASE_EXPORT Pickle {
126 public:
127 // Initialize a Pickle object using the default header size.
128 Pickle();
130 // Initialize a Pickle object with the specified header size in bytes, which
131 // must be greater-than-or-equal-to sizeof(Pickle::Header). The header size
132 // will be rounded up to ensure that the header size is 32bit-aligned.
133 explicit Pickle(int header_size);
135 // Initializes a Pickle from a const block of data. The data is not copied;
136 // instead the data is merely referenced by this Pickle. Only const methods
137 // should be used on the Pickle when initialized this way. The header
138 // padding size is deduced from the data length.
139 Pickle(const char* data, int data_len);
141 // Initializes a Pickle as a deep copy of another Pickle.
142 Pickle(const Pickle& other);
144 // Note: There are no virtual methods in this class. This destructor is
145 // virtual as an element of defensive coding. Other classes have derived from
146 // this class, and there is a *chance* that they will cast into this base
147 // class before destruction. At least one such class does have a virtual
148 // destructor, suggesting at least some need to call more derived destructors.
149 virtual ~Pickle();
151 // Performs a deep copy.
152 Pickle& operator=(const Pickle& other);
154 // Returns the size of the Pickle's data.
155 size_t size() const { return header_size_ + header_->payload_size; }
157 // Returns the data for this Pickle.
158 const void* data() const { return header_; }
160 // Methods for adding to the payload of the Pickle. These values are
161 // appended to the end of the Pickle's payload. When reading values from a
162 // Pickle, it is important to read them in the order in which they were added
163 // to the Pickle.
165 bool WriteBool(bool value) {
166 return WriteInt(value ? 1 : 0);
168 bool WriteInt(int value) {
169 return WritePOD(value);
171 // WARNING: DO NOT USE THIS METHOD IF PICKLES ARE PERSISTED IN ANY WAY.
172 // It will write whatever a "long" is on this architecture. On 32-bit
173 // platforms, it is 32 bits. On 64-bit platforms, it is 64 bits. If persisted
174 // pickles are still around after upgrading to 64-bit, or if they are copied
175 // between dissimilar systems, YOUR PICKLES WILL HAVE GONE BAD.
176 bool WriteLongUsingDangerousNonPortableLessPersistableForm(long value) {
177 return WritePOD(value);
179 bool WriteUInt16(uint16 value) {
180 return WritePOD(value);
182 bool WriteUInt32(uint32 value) {
183 return WritePOD(value);
185 bool WriteInt64(int64 value) {
186 return WritePOD(value);
188 bool WriteUInt64(uint64 value) {
189 return WritePOD(value);
191 bool WriteSizeT(size_t value) {
192 // Always write size_t as a 64-bit value to ensure compatibility between
193 // 32-bit and 64-bit processes.
194 return WritePOD(static_cast<uint64>(value));
196 bool WriteFloat(float value) {
197 return WritePOD(value);
199 bool WriteDouble(double value) {
200 return WritePOD(value);
202 bool WriteString(const base::StringPiece& value);
203 bool WriteString16(const base::StringPiece16& value);
204 // "Data" is a blob with a length. When you read it out you will be given the
205 // length. See also WriteBytes.
206 bool WriteData(const char* data, int length);
207 // "Bytes" is a blob with no length. The caller must specify the length both
208 // when reading and writing. It is normally used to serialize PoD types of a
209 // known size. See also WriteData.
210 bool WriteBytes(const void* data, int length);
212 // Reserves space for upcoming writes when multiple writes will be made and
213 // their sizes are computed in advance. It can be significantly faster to call
214 // Reserve() before calling WriteFoo() multiple times.
215 void Reserve(size_t additional_capacity);
217 // Payload follows after allocation of Header (header size is customizable).
218 struct Header {
219 uint32 payload_size; // Specifies the size of the payload.
222 // Returns the header, cast to a user-specified type T. The type T must be a
223 // subclass of Header and its size must correspond to the header_size passed
224 // to the Pickle constructor.
225 template <class T>
226 T* headerT() {
227 DCHECK_EQ(header_size_, sizeof(T));
228 return static_cast<T*>(header_);
230 template <class T>
231 const T* headerT() const {
232 DCHECK_EQ(header_size_, sizeof(T));
233 return static_cast<const T*>(header_);
236 // The payload is the pickle data immediately following the header.
237 size_t payload_size() const {
238 return header_ ? header_->payload_size : 0;
241 const char* payload() const {
242 return reinterpret_cast<const char*>(header_) + header_size_;
245 // Returns the address of the byte immediately following the currently valid
246 // header + payload.
247 const char* end_of_payload() const {
248 // This object may be invalid.
249 return header_ ? payload() + payload_size() : NULL;
252 protected:
253 char* mutable_payload() {
254 return reinterpret_cast<char*>(header_) + header_size_;
257 size_t capacity_after_header() const {
258 return capacity_after_header_;
261 // Resize the capacity, note that the input value should not include the size
262 // of the header.
263 void Resize(size_t new_capacity);
265 // Aligns 'i' by rounding it up to the next multiple of 'alignment'
266 static size_t AlignInt(size_t i, int alignment) {
267 return i + (alignment - (i % alignment)) % alignment;
270 // Find the end of the pickled data that starts at range_start. Returns NULL
271 // if the entire Pickle is not found in the given data range.
272 static const char* FindNext(size_t header_size,
273 const char* range_start,
274 const char* range_end);
276 // The allocation granularity of the payload.
277 static const int kPayloadUnit;
279 private:
280 friend class PickleIterator;
282 Header* header_;
283 size_t header_size_; // Supports extra data between header and payload.
284 // Allocation size of payload (or -1 if allocation is const). Note: this
285 // doesn't count the header.
286 size_t capacity_after_header_;
287 // The offset at which we will write the next field. Note: this doesn't count
288 // the header.
289 size_t write_offset_;
291 // Just like WriteBytes, but with a compile-time size, for performance.
292 template<size_t length> void BASE_EXPORT WriteBytesStatic(const void* data);
294 // Writes a POD by copying its bytes.
295 template <typename T> bool WritePOD(const T& data) {
296 WriteBytesStatic<sizeof(data)>(&data);
297 return true;
299 inline void WriteBytesCommon(const void* data, size_t length);
301 FRIEND_TEST_ALL_PREFIXES(PickleTest, Resize);
302 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNext);
303 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextWithIncompleteHeader);
304 FRIEND_TEST_ALL_PREFIXES(PickleTest, FindNextOverflow);
307 #endif // BASE_PICKLE_H__