Add a BufferConsumer primitive for wire [de]serialization

BufferConsumer wraps a buffer pointer and size and exposes a limited number of operations to get data while decrementing the remaining available size. This makes it so that code reading or writing into a buffer cannot easily consume more bytes than available. This CL guards against serialization overflows using BufferConsumer, and it implements GetPtrFromBuffer (for deserialization) on top of BufferConsumer. A future patch will make the rest of the deserialization code use BufferConsumer. Bug: dawn:680 Change-Id: Ic2bd6e7039e83ce70307c2ff47aaca9891c16d91 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/41780 Commit-Queue: Austin Eng <enga@chromium.org> Reviewed-by: Stephen White <senorblanco@chromium.org>
2025-12-16 16:37:08 +00:00 · 2021-02-17 22:14:56 +00:00
parent eb71aaf689
commit 1b31dc0bb2
9 changed files with 236 additions and 84 deletions
--- a/src/dawn_wire/server/ServerBuffer.cpp
+++ b/src/dawn_wire/server/ServerBuffer.cpp
@@ -13,6 +13,7 @@
 // limitations under the License.

 #include "common/Assert.h"
+#include "dawn_wire/WireCmd_autogen.h"
 #include "dawn_wire/server/Server.h"

 #include <memory>
@@ -242,11 +243,15 @@ namespace dawn_wire { namespace server {
                data->readHandle->SerializeInitialDataSize(readData, data->size);
        }

-        SerializeCommand(cmd, cmd.readInitialDataInfoLength, [&](char* cmdSpace) {
+        SerializeCommand(cmd, cmd.readInitialDataInfoLength, [&](SerializeBuffer* serializeBuffer) {
            if (isSuccess) {
                if (isRead) {
+                    if (serializeBuffer->AvailableSize() != cmd.readInitialDataInfoLength) {
+                        return false;
+                    }
                    // Serialize the initialization message into the space after the command.
-                    data->readHandle->SerializeInitialData(readData, data->size, cmdSpace);
+                    data->readHandle->SerializeInitialData(readData, data->size,
+                                                           serializeBuffer->Buffer());
                    // The in-flight map request returned successfully.
                    // Move the ReadHandle so it is owned by the buffer.
                    bufferData->readHandle = std::move(data->readHandle);
@@ -261,6 +266,7 @@ namespace dawn_wire { namespace server {
                        data->size);
                }
            }
+            return true;
        });
    }