Provide a safer URLLoader ReadResponseBody API

webkit/plugins/ppapi/ppb_url_loader_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webkit/plugins/ppapi/ppb_url_loader_impl.h"
 
 #include "base/logging.h"
 #include "net/base/net_errors.h"
 #include "ppapi/c/pp_completion_callback.h"
 #include "ppapi/c/pp_errors.h"
 #include "ppapi/c/ppb_url_loader.h"
 #include "ppapi/c/trusted/ppb_url_loader_trusted.h"
+#include "ppapi/shared_impl/array_writer.h"
 #include "ppapi/shared_impl/ppapi_globals.h"
 #include "ppapi/shared_impl/url_response_info_data.h"
 #include "ppapi/thunk/enter.h"
 #include "ppapi/thunk/ppb_url_request_info_api.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebDocument.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebElement.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebFrame.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebKit.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/platform/WebKitPlatformSupport.h"
 #include "third_party/WebKit/Source/WebKit/chromium/public/WebPluginContainer.h"
@@ skipping 36 matching lines @@
 
 namespace {
 
 WebFrame* GetFrameForResource(const Resource* resource) {
   PluginInstance* plugin_instance = ResourceHelper::GetPluginInstance(resource);
   if (!plugin_instance)
     return NULL;
   return plugin_instance->container()->element().document().frame();
 }
 
+// An adapter to let ReadResponseBody() share the same implementation with
+// ReadResponseBodyToArray().
+void* DummyGetDataBuffer(void* user_data, uint32_t count, uint32_t size) {
+  return user_data;
+}
+
 }  // namespace
 
 PPB_URLLoader_Impl::PPB_URLLoader_Impl(PP_Instance instance,
                                        bool main_document_loader)
     : Resource(::ppapi::OBJECT_IS_IMPL, instance),
       main_document_loader_(main_document_loader),
       pending_callback_(),
       bytes_sent_(0),
       total_bytes_to_be_sent_(-1),
       bytes_received_(0),
@@ skipping 161 matching lines @@
   return enter.functions()->CreateURLResponseInfo(
       pp_instance(),
       *response_info_,
       response_info_->body_as_file_ref.resource.host_resource());
 }
 
 int32_t PPB_URLLoader_Impl::ReadResponseBody(
     void* buffer,
     int32_t bytes_to_read,
     scoped_refptr<TrackedCallback> callback) {
+  if (!buffer)
+    return PP_ERROR_BADARGUMENT;
+  PP_ArrayOutput output_adapter = { &DummyGetDataBuffer, buffer };
+  return ReadResponseBodyInternal(bytes_to_read, output_adapter, callback);
+}
+
+int32_t PPB_URLLoader_Impl::ReadResponseBodyInternal(
+    int32_t max_read_length,
+    const PP_ArrayOutput& array_output,
+    scoped_refptr<TrackedCallback> callback) {
   int32_t rv = ValidateCallback(callback);
   if (rv != PP_OK)
     return rv;
   if (!response_info_.get() ||
       !response_info_->body_as_file_ref.resource.is_null())
     return PP_ERROR_FAILED;
-  if (bytes_to_read <= 0 || !buffer)
+  if (max_read_length <= 0)
     return PP_ERROR_BADARGUMENT;
 
-  user_buffer_ = static_cast<char*>(buffer);
-  user_buffer_size_ = bytes_to_read;
+  user_buffer_.reset(new PP_ArrayOutput(array_output));
+  user_buffer_size_ = max_read_length;
 
   if (!buffer_.empty())
     return FillUserBuffer();
 
   // We may have already reached EOF.
   if (done_status_ != PP_OK_COMPLETIONPENDING) {
-    user_buffer_ = NULL;
+    user_buffer_.reset(NULL);
     user_buffer_size_ = 0;
     return done_status_;
   }
 
   RegisterCallback(callback);
   return PP_OK_COMPLETIONPENDING;
 }
 
+int32_t PPB_URLLoader_Impl::ReadResponseBodyToArray(
+    int32_t max_read_length,
+    PP_ArrayOutput* array_output,
+    scoped_refptr<TrackedCallback> callback) {
+  if (!array_output)
+    return PP_ERROR_BADARGUMENT;
+  return ReadResponseBodyInternal(max_read_length, *array_output, callback);
+}
+
 int32_t PPB_URLLoader_Impl::FinishStreamingToFile(
     scoped_refptr<TrackedCallback> callback) {
   int32_t rv = ValidateCallback(callback);
   if (rv != PP_OK)
     return rv;
   if (!response_info_.get() ||
       response_info_->body_as_file_ref.resource.is_null())
     return PP_ERROR_FAILED;
 
   // We may have already reached EOF.
@@ skipping 144 matching lines @@
     loader_->setDefersLoading(defers_loading);
     is_asynchronous_load_suspended_ = defers_loading;
   }
 
   // TODO(brettw) bug 96770: We need a way to set the defers loading flag on
   // main document loads (when the loader_ is null).
 }
 
 void PPB_URLLoader_Impl::FinishLoading(int32_t done_status) {
   done_status_ = done_status;
-  user_buffer_ = NULL;
+  user_buffer_.reset(NULL);
   user_buffer_size_ = 0;
   // If the client hasn't called any function that takes a callback since
   // the initial call to Open, or called ReadResponseBody and got a
   // synchronous return, then the callback will be NULL.
   if (TrackedCallback::IsPending(pending_callback_))
     RunCallback(done_status_);
 }
 
 int32_t PPB_URLLoader_Impl::ValidateCallback(
     scoped_refptr<TrackedCallback> callback) {
@@ skipping 23 matching lines @@
     return;
   }
 
   // If |user_buffer_| was set as part of registering a callback, the paths
   // which trigger that callack must have cleared it since the callback is now
   // free to delete it.
   DCHECK(!user_buffer_);
 
   // As a second line of defense, clear the |user_buffer_| in case the
   // callbacks get called in an unexpected order.
-  user_buffer_ = NULL;
+  user_buffer_.reset(NULL);
   user_buffer_size_ = 0;
   pending_callback_->Run(result);
 }
 
 size_t PPB_URLLoader_Impl::FillUserBuffer() {
-  DCHECK(user_buffer_);
+  DCHECK(user_buffer_.get());
   DCHECK(user_buffer_size_);
 
   size_t bytes_to_copy = std::min(buffer_.size(), user_buffer_size_);
-  std::copy(buffer_.begin(), buffer_.begin() + bytes_to_copy, user_buffer_);
-  buffer_.erase(buffer_.begin(), buffer_.begin() + bytes_to_copy);
+  ::ppapi::ArrayWriter output;
+  output.set_pp_array_output(*user_buffer_);
+  if (output.is_valid() && !buffer_.empty()) {
+    output.StoreArray(&buffer_[0], bytes_to_copy);
+    buffer_.erase(buffer_.begin(), buffer_.begin() + bytes_to_copy);
+  }
 
   // If the buffer is getting too empty, resume asynchronous loading.
   if (is_asynchronous_load_suspended_ &&
       buffer_.size() <= static_cast<size_t>(
           request_data_.prefetch_buffer_lower_threshold)) {
     DVLOG(1) << "Resuming async load - buffer size: " << buffer_.size();
     SetDefersLoading(false);
   }
 
   // Reset for next time.
-  user_buffer_ = NULL;
+  user_buffer_.reset(NULL);
   user_buffer_size_ = 0;
   return bytes_to_copy;
 }
 
 void PPB_URLLoader_Impl::SaveResponse(const WebURLResponse& response) {
   // DataFromWebURLResponse returns a file ref with one reference to it, which
   // we take over via our ScopedPPResource.
   response_info_.reset(new ::ppapi::URLResponseInfoData(
       DataFromWebURLResponse(pp_instance(), response)));
   response_info_file_ref_ = ::ppapi::ScopedPPResource(
@@ skipping 21 matching lines @@
 bool PPB_URLLoader_Impl::RecordDownloadProgress() const {
   return request_data_.record_download_progress;
 }
 
 bool PPB_URLLoader_Impl::RecordUploadProgress() const {
   return request_data_.record_upload_progress;
 }
 
 }  // namespace ppapi
 }  // namespace webkit