Trait rkyv::validation::ArchiveContext

source · 
pub trait ArchiveContext: Fallible {
    type PrefixRange: 'static;
    type SuffixRange: 'static;


Show 15 methods    // Required methods
    unsafe fn bounds_check_ptr(
        &mut self,
        base: *const u8,
        offset: isize
    ) -> Result<*const u8, Self::Error>;
    unsafe fn bounds_check_layout(
        &mut self,
        data_address: *const u8,
        layout: &Layout
    ) -> Result<(), Self::Error>;
    unsafe fn bounds_check_subtree_ptr_layout(
        &mut self,
        data_address: *const u8,
        layout: &Layout
    ) -> Result<(), Self::Error>;
    unsafe fn push_prefix_subtree_range(
        &mut self,
        root: *const u8,
        end: *const u8
    ) -> Result<Self::PrefixRange, Self::Error>;
    fn pop_prefix_range(
        &mut self,
        range: Self::PrefixRange
    ) -> Result<(), Self::Error>;
    unsafe fn push_suffix_subtree_range(
        &mut self,
        start: *const u8,
        root: *const u8
    ) -> Result<Self::SuffixRange, Self::Error>;
    fn pop_suffix_range(
        &mut self,
        range: Self::SuffixRange
    ) -> Result<(), Self::Error>;
    fn wrap_layout_error(error: LayoutError) -> Self::Error;
    fn finish(&mut self) -> Result<(), Self::Error>;

    // Provided methods
    unsafe fn check_ptr<T: LayoutRaw + Pointee + ?Sized>(
        &mut self,
        base: *const u8,
        offset: isize,
        metadata: T::Metadata
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn check_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>(
        &mut self,
        rel_ptr: &RelPtr<T>
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn bounds_check_subtree_ptr<T: LayoutRaw + ?Sized>(
        &mut self,
        ptr: *const T
    ) -> Result<(), Self::Error> { ... }
    unsafe fn check_subtree_ptr<T: LayoutRaw + Pointee + ?Sized>(
        &mut self,
        base: *const u8,
        offset: isize,
        metadata: T::Metadata
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn check_subtree_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>(
        &mut self,
        rel_ptr: &RelPtr<T>
    ) -> Result<*const T, Self::Error> { ... }
    unsafe fn push_prefix_subtree<T: LayoutRaw + ?Sized>(
        &mut self,
        root: *const T
    ) -> Result<Self::PrefixRange, Self::Error> { ... }

}
Expand description

A context that can validate nonlocal archive memory.

Required Associated Types§

source

type PrefixRange: 'static

A prefix range from an archive context.

Ranges must be popped in the reverse order they are pushed.

source

type SuffixRange: 'static

A suffix range from an archive context.

Ranges must be popped in the reverse order they are pushed.

Required Methods§

source

unsafe fn bounds_check_ptr( &mut self, base: *const u8, offset: isize ) -> Result<*const u8, Self::Error>

Checks that a relative pointer points to an address within the archive.

The returned pointer is not guaranteed to point to an object that is contained completely within the archive. Use bounds_check_layout to verify that an object with some layout is located at the target address.

Safety
  • base must be inside the archive this valiator was created for.
source

unsafe fn bounds_check_layout( &mut self, data_address: *const u8, layout: &Layout ) -> Result<(), Self::Error>

Checks that a given pointer can be dereferenced.

The returned pointer is guaranteed to be located within the archive. This means that the returned pointer is safe to check, but may be vulnerable to memory overlap and recursion attacks unless the subtree range is properly restricted. Use check_subtree_ptr to perform the subtree range check as well.

Safety
  • data_address must be inside the archive this validator was created for.
  • layout must be the layout for the given pointer.
source

unsafe fn bounds_check_subtree_ptr_layout( &mut self, data_address: *const u8, layout: &Layout ) -> Result<(), Self::Error>

Checks that the given data address and layout is located completely within the subtree range.

Safety
  • data_address must be inside the archive this validator was created for.
source

unsafe fn push_prefix_subtree_range( &mut self, root: *const u8, end: *const u8 ) -> Result<Self::PrefixRange, Self::Error>

Pushes a new subtree range onto the validator and starts validating it.

After calling push_subtree_claim_to, the validator will have a subtree range starting at the original start and ending at root. After popping the returned range, the validator will have a subtree range starting at end and ending at the original end.

Safety

root and end must be located inside the archive.

source

fn pop_prefix_range( &mut self, range: Self::PrefixRange ) -> Result<(), Self::Error>

Pops the given range, restoring the original state with the pushed range removed.

If the range was not popped in reverse order, an error is returned.

source

unsafe fn push_suffix_subtree_range( &mut self, start: *const u8, root: *const u8 ) -> Result<Self::SuffixRange, Self::Error>

Pushes a new subtree range onto the validator and starts validating it.

After calling push_prefix_subtree_range, the validator will have a subtree range starting at start and ending at root. After popping the returned range, the validator will have a subtree range starting at the original start and ending at start.

Safety

start and root must be located inside the archive.

source

fn pop_suffix_range( &mut self, range: Self::SuffixRange ) -> Result<(), Self::Error>

Finishes the given range, restoring the original state with the pushed range removed.

If the range was not popped in reverse order, an error is returned.

source

fn wrap_layout_error(error: LayoutError) -> Self::Error

Wraps a layout error in an ArchiveContext error

source

fn finish(&mut self) -> Result<(), Self::Error>

Verifies that all outstanding claims have been returned.

Provided Methods§

source

unsafe fn check_ptr<T: LayoutRaw + Pointee + ?Sized>( &mut self, base: *const u8, offset: isize, metadata: T::Metadata ) -> Result<*const T, Self::Error>

Checks that the given relative pointer can be dereferenced.

The returned pointer is guaranteed to be located within the archive. This means that the returned pointer is safe to check, but may be vulnerable to memory overlap and recursion attacks unless the subtree range is properly restricted. Use check_subtree_ptr to perform the subtree range check as well.

Safety
  • base must be inside the archive this validator was created for.
  • metadata must be the metadata for the pointer defined by base and offset.
source

unsafe fn check_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>( &mut self, rel_ptr: &RelPtr<T> ) -> Result<*const T, Self::Error>

Checks that the given RelPtr can be dereferenced.

The returned pointer is guaranteed to be located within the archive. This means that the returned pointer is safe to check, but may be vulnerable to memory overlap and recursion attacks unless the subtree range is properly restricted. Use check_subtree_ptr to perform the subtree range check as well.

Safety
  • rel_ptr must be inside the archive this validator was created for.
source

unsafe fn bounds_check_subtree_ptr<T: LayoutRaw + ?Sized>( &mut self, ptr: *const T ) -> Result<(), Self::Error>

Checks that the given pointer is located completely within the subtree range.

Safety
  • ptr must be inside the archive this validator was created for.
source

unsafe fn check_subtree_ptr<T: LayoutRaw + Pointee + ?Sized>( &mut self, base: *const u8, offset: isize, metadata: T::Metadata ) -> Result<*const T, Self::Error>

Checks that the given relative pointer to a subtree can be dereferenced.

Safety
  • base must be inside the archive this validator was created for.
  • metadata must be the metadata for the pointer defined by base and offset.
source

unsafe fn check_subtree_rel_ptr<T: ArchivePointee + LayoutRaw + ?Sized>( &mut self, rel_ptr: &RelPtr<T> ) -> Result<*const T, Self::Error>

Checks that the given RelPtr to a subtree can be dereferenced.

Safety
  • rel_ptr must be inside the archive this validator was created for.
source

unsafe fn push_prefix_subtree<T: LayoutRaw + ?Sized>( &mut self, root: *const T ) -> Result<Self::PrefixRange, Self::Error>

Pushes a new subtree range onto the validator and starts validating it.

The claimed range spans from the end of start to the end of the current subobject range.

Safety

`` must be located inside the archive.

Implementors§