1/*
2 * Copyright (C) 2009-2017 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#pragma once
27
28#include "ArrayBuffer.h"
29#include "TypedArrayType.h"
30#include <algorithm>
31#include <limits.h>
32#include <wtf/RefCounted.h>
33#include <wtf/RefPtr.h>
34
35namespace JSC {
36
37class JSArrayBufferView;
38class JSGlobalObject;
39class CallFrame;
40
41class ArrayBufferView : public RefCounted<ArrayBufferView> {
42public:
43 virtual TypedArrayType getType() const = 0;
44
45 bool isNeutered() const
46 {
47 return !m_buffer || m_buffer->isNeutered();
48 }
49
50 RefPtr<ArrayBuffer> possiblySharedBuffer() const
51 {
52 if (isNeutered())
53 return nullptr;
54 return m_buffer;
55 }
56
57 RefPtr<ArrayBuffer> unsharedBuffer() const
58 {
59 RefPtr<ArrayBuffer> result = possiblySharedBuffer();
60 RELEASE_ASSERT(!result->isShared());
61 return result;
62 }
63
64 bool isShared() const
65 {
66 if (isNeutered())
67 return false;
68 return m_buffer->isShared();
69 }
70
71 void* baseAddress() const
72 {
73 if (isNeutered())
74 return nullptr;
75 return m_baseAddress.getMayBeNull(byteLength());
76 }
77
78 void* data() const { return baseAddress(); }
79
80 unsigned byteOffset() const
81 {
82 if (isNeutered())
83 return 0;
84 return m_byteOffset;
85 }
86
87 unsigned byteLength() const { return m_byteLength; }
88
89 JS_EXPORT_PRIVATE void setNeuterable(bool flag);
90 bool isNeuterable() const { return m_isNeuterable; }
91
92 JS_EXPORT_PRIVATE virtual ~ArrayBufferView();
93
94 // Helper to verify byte offset is size aligned.
95 static bool verifyByteOffsetAlignment(unsigned byteOffset, size_t size)
96 {
97 return !(byteOffset & (size - 1));
98 }
99
100 // Helper to verify that a given sub-range of an ArrayBuffer is
101 // within range.
102 static bool verifySubRangeLength(const ArrayBuffer& buffer, unsigned byteOffset, unsigned numElements, size_t size)
103 {
104 unsigned byteLength = buffer.byteLength();
105 if (byteOffset > byteLength)
106 return false;
107 unsigned remainingElements = (byteLength - byteOffset) / size;
108 if (numElements > remainingElements)
109 return false;
110 return true;
111 }
112
113 virtual JSArrayBufferView* wrap(JSGlobalObject*, JSGlobalObject*) = 0;
114
115protected:
116 JS_EXPORT_PRIVATE ArrayBufferView(RefPtr<ArrayBuffer>&&, unsigned byteOffset, unsigned byteLength);
117
118 inline bool setImpl(ArrayBufferView*, unsigned byteOffset);
119
120 inline bool setRangeImpl(const void* data, size_t dataByteLength, unsigned byteOffset);
121 inline bool getRangeImpl(void* destination, size_t dataByteLength, unsigned byteOffset);
122
123 inline bool zeroRangeImpl(unsigned byteOffset, size_t rangeByteLength);
124
125 static inline void calculateOffsetAndLength(
126 int start, int end, unsigned arraySize,
127 unsigned* offset, unsigned* length);
128
129 // Input offset is in number of elements from this array's view;
130 // output offset is in number of bytes from the underlying buffer's view.
131 template <typename T>
132 static void clampOffsetAndNumElements(
133 const ArrayBuffer& buffer,
134 unsigned arrayByteOffset,
135 unsigned *offset,
136 unsigned *numElements)
137 {
138 unsigned maxOffset = (UINT_MAX - arrayByteOffset) / sizeof(T);
139 if (*offset > maxOffset) {
140 *offset = buffer.byteLength();
141 *numElements = 0;
142 return;
143 }
144 *offset = arrayByteOffset + *offset * sizeof(T);
145 *offset = std::min(buffer.byteLength(), *offset);
146 unsigned remainingElements = (buffer.byteLength() - *offset) / sizeof(T);
147 *numElements = std::min(remainingElements, *numElements);
148 }
149
150 unsigned m_byteOffset : 31;
151 bool m_isNeuterable : 1;
152 unsigned m_byteLength;
153
154 using BaseAddress = CagedPtr<Gigacage::Primitive, void, tagCagedPtr>;
155 // This is the address of the ArrayBuffer's storage, plus the byte offset.
156 BaseAddress m_baseAddress;
157
158private:
159 friend class ArrayBuffer;
160 RefPtr<ArrayBuffer> m_buffer;
161};
162
163bool ArrayBufferView::setImpl(ArrayBufferView* array, unsigned byteOffset)
164{
165 if (byteOffset > byteLength()
166 || byteOffset + array->byteLength() > byteLength()
167 || byteOffset + array->byteLength() < byteOffset) {
168 // Out of range offset or overflow
169 return false;
170 }
171
172 uint8_t* base = static_cast<uint8_t*>(baseAddress());
173 memmove(base + byteOffset, array->baseAddress(), array->byteLength());
174 return true;
175}
176
177bool ArrayBufferView::setRangeImpl(const void* data, size_t dataByteLength, unsigned byteOffset)
178{
179 if (byteOffset > byteLength()
180 || byteOffset + dataByteLength > byteLength()
181 || byteOffset + dataByteLength < byteOffset) {
182 // Out of range offset or overflow
183 return false;
184 }
185
186 uint8_t* base = static_cast<uint8_t*>(baseAddress());
187 memmove(base + byteOffset, data, dataByteLength);
188 return true;
189}
190
191bool ArrayBufferView::getRangeImpl(void* destination, size_t dataByteLength, unsigned byteOffset)
192{
193 if (byteOffset > byteLength()
194 || byteOffset + dataByteLength > byteLength()
195 || byteOffset + dataByteLength < byteOffset) {
196 // Out of range offset or overflow
197 return false;
198 }
199
200 const uint8_t* base = static_cast<const uint8_t*>(baseAddress());
201 memmove(destination, base + byteOffset, dataByteLength);
202 return true;
203}
204
205bool ArrayBufferView::zeroRangeImpl(unsigned byteOffset, size_t rangeByteLength)
206{
207 if (byteOffset > byteLength()
208 || byteOffset + rangeByteLength > byteLength()
209 || byteOffset + rangeByteLength < byteOffset) {
210 // Out of range offset or overflow
211 return false;
212 }
213
214 uint8_t* base = static_cast<uint8_t*>(baseAddress());
215 memset(base + byteOffset, 0, rangeByteLength);
216 return true;
217}
218
219void ArrayBufferView::calculateOffsetAndLength(
220 int start, int end, unsigned arraySize, unsigned* offset, unsigned* length)
221{
222 if (start < 0)
223 start += arraySize;
224 if (start < 0)
225 start = 0;
226 if (end < 0)
227 end += arraySize;
228 if (end < 0)
229 end = 0;
230 if (static_cast<unsigned>(end) > arraySize)
231 end = arraySize;
232 if (end < start)
233 end = start;
234 *offset = static_cast<unsigned>(start);
235 *length = static_cast<unsigned>(end - start);
236}
237
238} // namespace JSC
239
240using JSC::ArrayBufferView;
241