| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef MOJO_SYSTEM_MEMORY_H_ |
| #define MOJO_SYSTEM_MEMORY_H_ |
| |
| #include <stddef.h> |
| |
| #include "mojo/system/system_impl_export.h" |
| |
| namespace mojo { |
| namespace system { |
| |
| // This is just forward-declared, with the definition and explicit |
| // instantiations in the .cc file. This is used by |VerifyUserPointer<T>()| |
| // below, and you should use that instead. |
| template <size_t size> |
| bool MOJO_SYSTEM_IMPL_EXPORT VerifyUserPointerForSize(const void* pointer, |
| size_t count); |
| |
| // Verify that |count * sizeof(T)| bytes can be read from the user |pointer| |
| // insofar as possible/necessary (note: this is done carefully since |count * |
| // sizeof(T)| may overflow a |size_t|. |count| may be zero. If |T| is |void|, |
| // then the size of each element is taken to be a single byte. |
| // |
| // For example, if running in kernel mode, this should be a full verification |
| // that the given memory is owned and readable by the user process. In user |
| // mode, if crashes are acceptable, this may do nothing at all (and always |
| // return true). |
| template <typename T> |
| bool VerifyUserPointer(const T* pointer, size_t count) { |
| return VerifyUserPointerForSize<sizeof(T)>(pointer, count); |
| } |
| |
| // Special-case |T| equals |void| so that the size is in bytes, as indicated |
| // above. |
| template <> |
| inline bool VerifyUserPointer<void>(const void* pointer, size_t count) { |
| return VerifyUserPointerForSize<1>(pointer, count); |
| } |
| |
| } // namespace system |
| } // namespace mojo |
| |
| #endif // MOJO_SYSTEM_MEMORY_H_ |