| // Copyright 2022 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "components/web_package/shared_file.h" |
| |
| #include <limits> |
| |
| #include "base/numerics/safe_math.h" |
| #include "base/task/task_traits.h" |
| #include "base/task/thread_pool.h" |
| #include "mojo/public/cpp/system/file_data_source.h" |
| |
| namespace web_package { |
| |
| SharedFile::SharedFile(std::unique_ptr<base::File> file) |
| : task_runner_( |
| base::ThreadPool::CreateSequencedTaskRunner({base::MayBlock()})), |
| file_(std::move(file)) {} |
| |
| void SharedFile::DuplicateFile(base::OnceCallback<void(base::File)> callback) { |
| DCHECK(file_); |
| task_runner_->PostTaskAndReplyWithResult( |
| FROM_HERE, |
| base::BindOnce( |
| [](base::File* file) -> base::File { return file->Duplicate(); }, |
| file_.get()), |
| std::move(callback)); |
| } |
| |
| base::File* SharedFile::operator->() { |
| DCHECK(file_); |
| return file_.get(); |
| } |
| |
| SharedFile::~SharedFile() { |
| // Move the last reference to `file_` whose destructor leads to blocking call |
| // that is not permitted here. |
| // It is important that this runs on the same `base::SequencedTaskRunner` that |
| // the callback scheduled in `DuplicateFile` runs on. Otherwise deleting the |
| // file might lead to a UAF inside the file duplication callback if that one |
| // happened to run after the deletion of the file. |
| task_runner_->DeleteSoon(FROM_HERE, std::move(file_)); |
| } |
| |
| std::unique_ptr<SharedFile::SharedFileDataSource> SharedFile::CreateDataSource( |
| uint64_t offset, |
| uint64_t length) { |
| return std::make_unique<SharedFile::SharedFileDataSource>(this, offset, |
| length); |
| } |
| |
| SharedFile::SharedFileDataSource::SharedFileDataSource( |
| scoped_refptr<SharedFile> file, |
| uint64_t offset, |
| uint64_t length) |
| : file_(std::move(file)), offset_(offset), length_(length) { |
| error_ = mojo::FileDataSource::ConvertFileErrorToMojoResult( |
| (*file_)->error_details()); |
| |
| // base::File::Read takes int64_t as an offset. So, offset + length should |
| // not overflow in int64_t. |
| uint64_t max_offset; |
| if (!base::CheckAdd(offset, length).AssignIfValid(&max_offset) || |
| (std::numeric_limits<int64_t>::max() < max_offset)) { |
| error_ = MOJO_RESULT_INVALID_ARGUMENT; |
| } |
| } |
| |
| SharedFile::SharedFileDataSource::~SharedFileDataSource() = default; |
| |
| uint64_t SharedFile::SharedFileDataSource::GetLength() const { |
| return length_; |
| } |
| |
| SharedFile::SharedFileDataSource::ReadResult |
| SharedFile::SharedFileDataSource::Read(uint64_t offset, |
| base::span<char> buffer) { |
| ReadResult result; |
| result.result = error_; |
| |
| if (length_ < offset) |
| result.result = MOJO_RESULT_INVALID_ARGUMENT; |
| |
| if (result.result != MOJO_RESULT_OK) |
| return result; |
| |
| uint64_t readable_size = length_ - offset; |
| uint64_t writable_size = buffer.size(); |
| uint64_t copyable_size = |
| std::min(std::min(readable_size, writable_size), |
| static_cast<uint64_t>(std::numeric_limits<int>::max())); |
| |
| int bytes_read = |
| (*file_)->Read(offset_ + offset, buffer.data(), copyable_size); |
| if (bytes_read < 0) { |
| result.result = mojo::FileDataSource::ConvertFileErrorToMojoResult( |
| (*file_)->GetLastFileError()); |
| } else { |
| result.bytes_read = bytes_read; |
| } |
| return result; |
| } |
| |
| } // namespace web_package |
