Trait rkyv::validation::ArchiveContext

pub trait ArchiveContext: Fallible {
    type PrefixRange: 'static;
    type SuffixRange: 'static;
    unsafe fn bounds_check_ptr(
        &mut self, 
        base: *const u8, 
        offset: isize
    ) -> Result<*const u8, Self::Error>;
    unsafe fn bounds_check_layout(
        &mut self, 
        data_address: *const u8, 
        layout: &Layout
    ) -> Result<(), Self::Error>;
    unsafe fn bounds_check_subtree_ptr_layout(
        &mut self, 
        data_address: *const u8, 
        layout: &Layout
    ) -> Result<(), Self::Error>;
    unsafe fn push_prefix_subtree_range(
        &mut self, 
        root: *const u8, 
        end: *const u8
    ) -> Result<Self::PrefixRange, Self::Error>;
    fn pop_prefix_range(
        &mut self, 
        range: Self::PrefixRange
    ) -> Result<(), Self::Error>;
    unsafe fn push_suffix_subtree_range(
        &mut self, 
        start: *const u8, 
        root: *const u8
    ) -> Result<Self::SuffixRange, Self::Error>;
    fn pop_suffix_range(
        &mut self, 
        range: Self::SuffixRange
    ) -> Result<(), Self::Error>;
    fn finish(&mut self) -> Result<(), Self::Error>;

    unsafe fn check_ptr<T: LayoutRaw + Pointee + ?Sized>(
        &mut self, 
        base: *const u8, 
        offset: isize, 
        metadata: T::Metadata
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn check_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>(
        &mut self, 
        rel_ptr: &RelPtr<T>
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn bounds_check_subtree_ptr<T: LayoutRaw + ?Sized>(
        &mut self, 
        ptr: *const T
    ) -> Result<(), Self::Error> { ... }
    unsafe fn check_subtree_ptr<T: LayoutRaw + Pointee + ?Sized>(
        &mut self, 
        base: *const u8, 
        offset: isize, 
        metadata: T::Metadata
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn check_subtree_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>(
        &mut self, 
        rel_ptr: &RelPtr<T>
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn push_prefix_subtree<T: LayoutRaw + ?Sized>(
        &mut self, 
        root: *const T
    ) -> Result<Self::PrefixRange, Self::Error> { ... }
}

A context that can validate nonlocal archive memory.

Associated Types

type PrefixRange: 'static

A prefix range from an archive context.

Ranges must be popped in the reverse order they are pushed.

type SuffixRange: 'static

A suffix range from an archive context.

Ranges must be popped in the reverse order they are pushed.

Required methods

unsafe fn bounds_check_ptr(
    &mut self,
    base: *const u8,
    offset: isize
) -> Result<*const u8, Self::Error>

Checks that a relative pointer points to an address within the archive.

The returned pointer is not guaranteed to point to an object that is contained completely within the archive. Use bounds_check_layout to verify that an object with some layout is located at the target address.

Safety

• base must be inside the archive this valiator was created for.

unsafe fn bounds_check_layout(
    &mut self,
    data_address: *const u8,
    layout: &Layout
) -> Result<(), Self::Error>

Checks that a given pointer can be dereferenced.

The returned pointer is guaranteed to be located within the archive. This means that the returned pointer is safe to check, but may be vulnerable to memory overlap and recursion attacks unless the subtree range is properly restricted. Use check_subtree_ptr to perform the subtree range check as well.

Safety

• data_address must be inside the archive this validator was created for.
• layout must be the layout for the given pointer.

unsafe fn bounds_check_subtree_ptr_layout(
    &mut self,
    data_address: *const u8,
    layout: &Layout
) -> Result<(), Self::Error>

Checks that the given data address and layout is located completely within the subtree range.

Safety

• data_address must be inside the archive this validator was created for.

unsafe fn push_prefix_subtree_range(
    &mut self,
    root: *const u8,
    end: *const u8
) -> Result<Self::PrefixRange, Self::Error>

Pushes a new subtree range onto the validator and starts validating it.

After calling push_subtree_claim_to, the validator will have a subtree range starting at the original start and ending at root. After popping the returned range, the validator will have a subtree range starting at end and ending at the original end.

Safety

root and end must be located inside the archive.

fn pop_prefix_range(
    &mut self,
    range: Self::PrefixRange
) -> Result<(), Self::Error>

Pops the given range, restoring the original state with the pushed range removed.

If the range was not popped in reverse order, an error is returned.

unsafe fn push_suffix_subtree_range(
    &mut self,
    start: *const u8,
    root: *const u8
) -> Result<Self::SuffixRange, Self::Error>

Pushes a new subtree range onto the validator and starts validating it.

After calling push_prefix_subtree_range, the validator will have a subtree range starting at start and ending at root. After popping the returned range, the validator will have a subtree range starting at the original start and ending at start.

Safety

start and root must be located inside the archive.

fn pop_suffix_range(
    &mut self,
    range: Self::SuffixRange
) -> Result<(), Self::Error>

Finishes the given range, restoring the original state with the pushed range removed.

If the range was not popped in reverse order, an error is returned.

fn finish(&mut self) -> Result<(), Self::Error>

Verifies that all outstanding claims have been returned.

Provided methods

unsafe fn check_ptr<T: LayoutRaw + Pointee + ?Sized>(
    &mut self,
    base: *const u8,
    offset: isize,
    metadata: T::Metadata
) -> Result<*const T, Self::Error>

Checks that the given relative pointer can be dereferenced.

The returned pointer is guaranteed to be located within the archive. This means that the returned pointer is safe to check, but may be vulnerable to memory overlap and recursion attacks unless the subtree range is properly restricted. Use check_subtree_ptr to perform the subtree range check as well.

Safety

• base must be inside the archive this validator was created for.
• metadata must be the metadata for the pointer defined by base and offset.

unsafe fn check_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>(
    &mut self,
    rel_ptr: &RelPtr<T>
) -> Result<*const T, Self::Error>

Checks that the given RelPtr can be dereferenced.

The returned pointer is guaranteed to be located within the archive. This means that the returned pointer is safe to check, but may be vulnerable to memory overlap and recursion attacks unless the subtree range is properly restricted. Use check_subtree_ptr to perform the subtree range check as well.

Safety

• rel_ptr must be inside the archive this validator was created for.

unsafe fn bounds_check_subtree_ptr<T: LayoutRaw + ?Sized>(
    &mut self,
    ptr: *const T
) -> Result<(), Self::Error>

Checks that the given pointer is located completely within the subtree range.

Safety

• ptr must be inside the archive this validator was created for.

unsafe fn check_subtree_ptr<T: LayoutRaw + Pointee + ?Sized>(
    &mut self,
    base: *const u8,
    offset: isize,
    metadata: T::Metadata
) -> Result<*const T, Self::Error>

Checks that the given relative pointer to a subtree can be dereferenced.

Safety

• base must be inside the archive this validator was created for.
• metadata must be the metadata for the pointer defined by base and offset.

unsafe fn check_subtree_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>(
    &mut self,
    rel_ptr: &RelPtr<T>
) -> Result<*const T, Self::Error>

Checks that the given RelPtr to a subtree can be dereferenced.

Safety

• rel_ptr must be inside the archive this validator was created for.

unsafe fn push_prefix_subtree<T: LayoutRaw + ?Sized>(
    &mut self,
    root: *const T
) -> Result<Self::PrefixRange, Self::Error>

Pushes a new subtree range onto the validator and starts validating it.

The claimed range spans from the end of start to the end of the current subobject range.

Safety

`` must be located inside the archive.

Implementors

impl<'a> ArchiveContext for ArchiveValidator<'a>

impl<'a> ArchiveContext for DefaultValidator<'a>