Provide a safer URLLoader ReadResponseBody API

ppapi/proxy/ppb_url_loader_proxy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "ppapi/proxy/ppb_url_loader_proxy.h"
 
 #include <algorithm>
 #include <deque>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "build/build_config.h"
 #include "ppapi/c/pp_completion_callback.h"
 #include "ppapi/c/pp_errors.h"
 #include "ppapi/c/pp_resource.h"
 #include "ppapi/c/ppb_url_loader.h"
 #include "ppapi/c/private/ppb_proxy_private.h"
 #include "ppapi/c/trusted/ppb_url_loader_trusted.h"
 #include "ppapi/proxy/enter_proxy.h"
 #include "ppapi/proxy/host_dispatcher.h"
 #include "ppapi/proxy/plugin_dispatcher.h"
 #include "ppapi/proxy/plugin_resource_tracker.h"
 #include "ppapi/proxy/ppapi_messages.h"
 #include "ppapi/proxy/ppb_file_ref_proxy.h"
+#include "ppapi/shared_impl/array_writer.h"
 #include "ppapi/shared_impl/scoped_pp_resource.h"
 #include "ppapi/shared_impl/tracked_callback.h"
 #include "ppapi/thunk/enter.h"
 #include "ppapi/thunk/ppb_url_loader_api.h"
 #include "ppapi/thunk/ppb_url_request_info_api.h"
 #include "ppapi/thunk/resource_creation_api.h"
 #include "ppapi/thunk/thunk.h"
 
 #if defined(OS_LINUX)
 #include <sys/shm.h>
@@ skipping 35 matching lines @@
   params.total_bytes_to_be_received = total_bytes_to_be_received;
   dispatcher->Send(new PpapiMsg_PPBURLLoader_UpdateProgress(
       API_ID_PPB_URL_LOADER, params));
 }
 #endif  // !defined(OS_NACL)
 
 InterfaceProxy* CreateURLLoaderProxy(Dispatcher* dispatcher) {
   return new PPB_URLLoader_Proxy(dispatcher);
 }
 
+// An adapter to let ReadResponseBody() share the same implementation with
+// ReadResponseBodyToArray().
+void* DummyGetDataBuffer(void* user_data, uint32_t count, uint32_t size) {
+  return user_data;
+}
+
 }  // namespace
 
 // URLLoader -------------------------------------------------------------------
 
 class URLLoader : public Resource, public PPB_URLLoader_API {
  public:
   URLLoader(const HostResource& resource);
   virtual ~URLLoader();
 
   // Resource overrides.
@@ skipping 10 matching lines @@
   virtual PP_Bool GetUploadProgress(int64_t* bytes_sent,
                                     int64_t* total_bytes_to_be_sent) OVERRIDE;
   virtual PP_Bool GetDownloadProgress(
       int64_t* bytes_received,
       int64_t* total_bytes_to_be_received) OVERRIDE;
   virtual PP_Resource GetResponseInfo() OVERRIDE;
   virtual int32_t ReadResponseBody(
       void* buffer,
       int32_t bytes_to_read,
       scoped_refptr<TrackedCallback> callback) OVERRIDE;
+  virtual int32_t ReadResponseBodyToArray(
+      int32_t max_read_length,
+      PP_ArrayOutput* array_output,
+      scoped_refptr<TrackedCallback> callback) OVERRIDE;
   virtual int32_t FinishStreamingToFile(
       scoped_refptr<TrackedCallback> callback) OVERRIDE;
   virtual void Close() OVERRIDE;
   virtual void GrantUniversalAccess() OVERRIDE;
   virtual void SetStatusCallback(
       PP_URLLoaderTrusted_StatusCallback cb) OVERRIDE;
   virtual bool GetResponseInfoData(URLResponseInfoData* data) OVERRIDE;
 
+  int32_t ReadResponseBodyInternal(const PP_ArrayOutput& output,
+                                   int32_t max_read_length,
+                                   scoped_refptr<TrackedCallback> callback);
+
   // Called when the browser has new up/download progress to report.
   void UpdateProgress(const PPBURLLoader_UpdateProgress_Params& params);
 
   // Called when the browser responds to our ReadResponseBody request.
   void ReadResponseBodyAck(int32_t result, const char* data);
 
   // Called when any callback other than the read callback has been executed.
   void CallbackComplete(int32_t result);
 
  private:
   // Reads the give bytes out of the buffer_, placing them in the given output
   // buffer, and removes the bytes from the buffer.
   //
   // The size must be not more than the current size of the buffer.
-  void PopBuffer(void* output_buffer, int32_t output_size);
+  void PopBuffer(const PP_ArrayOutput& output_buffer, int32_t output_size);
 
   PluginDispatcher* GetDispatcher() const {
     return PluginDispatcher::GetForResource(this);
   }
 
   // Initialized to -1. Will be set to nonnegative values by the UpdateProgress
   // message when the values are known.
   int64_t bytes_sent_;
   int64_t total_bytes_to_be_sent_;
   int64_t bytes_received_;
   int64_t total_bytes_to_be_received_;
 
   // Current completion callback for the current phase of loading. We have only
   // one thing (open, follow redirect, read, etc.) outstanding at once.
   scoped_refptr<TrackedCallback> current_callback_;
 
   // When an asynchronous read is pending, this will contain the buffer to put
   // the data. The current_callback_ will identify the read callback.
-  void* current_read_buffer_;
-  int32_t current_read_buffer_size_;
+  PP_ArrayOutput current_array_output_;
+  int32_t current_max_read_length_;
 
   // A buffer of all the data that's been sent to us from the host that we
   // have yet to send out to the plugin.
   std::deque<char> buffer_;
 
   // Cached copy of the response info. When nonzero, we're holding a reference
   // to this resource.
   PP_Resource response_info_;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(URLLoader);
 };
 
 URLLoader::URLLoader(const HostResource& resource)
     : Resource(OBJECT_IS_PROXY, resource),
       bytes_sent_(-1),
       total_bytes_to_be_sent_(-1),
       bytes_received_(-1),
       total_bytes_to_be_received_(-1),
-      current_read_buffer_(NULL),
-      current_read_buffer_size_(0),
+      current_max_read_length_(0),
       response_info_(0) {
 }
 
 URLLoader::~URLLoader() {
   if (response_info_)
     PpapiGlobals::Get()->GetResourceTracker()->ReleaseResource(response_info_);
 }
 
 PPB_URLLoader_API* URLLoader::AsPPB_URLLoader_API() {
   return this;
@@ skipping 86 matching lines @@
   }
 
   // The caller expects to get a ref, and we want to keep holding ours.
   PpapiGlobals::Get()->GetResourceTracker()->AddRefResource(response_info_);
   return response_info_;
 }
 
 int32_t URLLoader::ReadResponseBody(void* buffer,
                                     int32_t bytes_to_read,
                                     scoped_refptr<TrackedCallback> callback) {
-  if (!buffer || bytes_to_read <= 0)
-    return PP_ERROR_BADARGUMENT;  // Must specify an output buffer.
-  if (TrackedCallback::IsPending(current_callback_))
-    return PP_ERROR_INPROGRESS;  // Can only have one request pending.
+  if (!buffer)
+    return PP_ERROR_BADARGUMENT;
+  PP_ArrayOutput output_adapter = { &DummyGetDataBuffer, buffer };
+  return ReadResponseBodyInternal(output_adapter, bytes_to_read, callback);
+}
 
-  if (buffer_.size()) {
-    // Special case: we've already buffered some data that we can synchronously
-    // return to the caller. Do so without making IPCs.
-    int32_t bytes_to_return =
-        std::min(bytes_to_read, static_cast<int32_t>(buffer_.size()));
-    PopBuffer(buffer, bytes_to_return);
-    return bytes_to_return;
-  }
-
-  current_callback_ = callback;
-  current_read_buffer_ = buffer;
-  current_read_buffer_size_ = bytes_to_read;
-
-  GetDispatcher()->Send(new PpapiHostMsg_PPBURLLoader_ReadResponseBody(
-      API_ID_PPB_URL_LOADER, host_resource(), bytes_to_read));
-  return PP_OK_COMPLETIONPENDING;
+int32_t URLLoader::ReadResponseBodyToArray(
+    int32_t max_read_length,
+    PP_ArrayOutput* array_output,
+    scoped_refptr<TrackedCallback> callback) {
+  if (!array_output)
+    return PP_ERROR_BADARGUMENT;
+  return ReadResponseBodyInternal(*array_output, max_read_length, callback);
 }
 
 int32_t URLLoader::FinishStreamingToFile(
     scoped_refptr<TrackedCallback> callback) {
   if (TrackedCallback::IsPending(current_callback_))
     return PP_ERROR_INPROGRESS;
 
   current_callback_ = callback;
 
   GetDispatcher()->Send(new PpapiHostMsg_PPBURLLoader_FinishStreamingToFile(
@@ skipping 26 matching lines @@
 
 void URLLoader::UpdateProgress(
     const PPBURLLoader_UpdateProgress_Params& params) {
   bytes_sent_ = params.bytes_sent;
   total_bytes_to_be_sent_ = params.total_bytes_to_be_sent;
   bytes_received_ = params.bytes_received;
   total_bytes_to_be_received_ = params.total_bytes_to_be_received;
 }
 
 void URLLoader::ReadResponseBodyAck(int32 result, const char* data) {
-  if (!TrackedCallback::IsPending(current_callback_) || !current_read_buffer_) {
+  if (!TrackedCallback::IsPending(current_callback_)) {
     NOTREACHED();
     return;
   }
 
   if (result >= 0) {
     DCHECK_EQ(0U, buffer_.size());
 
-    int32_t bytes_to_return = std::min(current_read_buffer_size_, result);
-    std::copy(data,
-              data + bytes_to_return,
-              static_cast<char*>(current_read_buffer_));
+    int32_t bytes_to_return = std::min(current_max_read_length_, result);
+    ArrayWriter output;
+    output.set_pp_array_output(current_array_output_);
+    if (output.is_valid())
+      output.StoreArray(data, bytes_to_return);
 
     if (result > bytes_to_return) {
       // Save what remains to be copied when ReadResponseBody is called again.
       buffer_.insert(buffer_.end(),
                      data + bytes_to_return,
                      data + result);
     }
 
     result = bytes_to_return;
   }
 
   current_callback_->Run(result);
 }
 
 void URLLoader::CallbackComplete(int32_t result) {
   current_callback_->Run(result);
 }
 
-void URLLoader::PopBuffer(void* output_buffer, int32_t output_size) {
+void URLLoader::PopBuffer(const PP_ArrayOutput& output_buffer,
+                          int32_t output_size) {
   CHECK(output_size <= static_cast<int32_t>(buffer_.size()));
-  std::copy(buffer_.begin(),
-            buffer_.begin() + output_size,
-            static_cast<char*>(output_buffer));
-  buffer_.erase(buffer_.begin(),
-                buffer_.begin() + output_size);
+
+  ArrayWriter output;
+  output.set_pp_array_output(output_buffer);
+  if (output.is_valid() && !buffer_.empty()) {
+    output.StoreArray(&buffer_[0], output_size);
+    buffer_.erase(buffer_.begin(), buffer_.begin() + output_size);
+  }
 }
 
 // PPB_URLLoader_Proxy ---------------------------------------------------------
 
 PPB_URLLoader_Proxy::PPB_URLLoader_Proxy(Dispatcher* dispatcher)
     : InterfaceProxy(dispatcher),
       callback_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)) {
 }
 
 PPB_URLLoader_Proxy::~PPB_URLLoader_Proxy() {
@@ skipping 243 matching lines @@
   dispatcher()->Send(message);
 }
 
 void PPB_URLLoader_Proxy::OnCallback(int32_t result,
                                      const HostResource& resource) {
   dispatcher()->Send(new PpapiMsg_PPBURLLoader_CallbackComplete(
       API_ID_PPB_URL_LOADER, resource, result));
 }
 #endif  // !defined(OS_NACL)
 
+int32_t URLLoader::ReadResponseBodyInternal(
+    const PP_ArrayOutput& output,
+    int32_t max_read_length,
+    scoped_refptr<TrackedCallback> callback) {
+  if (max_read_length <= 0)
+    return PP_ERROR_BADARGUMENT;  // Must specify an output buffer.
+  if (TrackedCallback::IsPending(current_callback_))
+    return PP_ERROR_INPROGRESS;  // Can only have one request pending.
+
+  if (buffer_.size()) {
+    // Special case: we've already buffered some data that we can synchronously
+    // return to the caller. Do so without making IPCs.
+    int32_t bytes_to_return =
+        std::min(max_read_length, static_cast<int32_t>(buffer_.size()));
+    PopBuffer(output, bytes_to_return);
+    return bytes_to_return;
+  }
+
+  current_callback_ = callback;
+  current_array_output_ = output;
+  current_max_read_length_ = max_read_length;
+
+  GetDispatcher()->Send(new PpapiHostMsg_PPBURLLoader_ReadResponseBody(
+      API_ID_PPB_URL_LOADER, host_resource(), max_read_length));
+  return PP_OK_COMPLETIONPENDING;
+}
+
 }  // namespace proxy
 }  // namespace ppapi