1 files changed, 411 insertions, 0 deletions

diff --git a/ipc/mscom/Objref.cpp b/ipc/mscom/Objref.cpp
new file mode 100644
index 0000000000..37108c71ac
--- /dev/null
+++ b/ipc/mscom/Objref.cpp
@@ -0,0 +1,411 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/mscom/Objref.h"
+
+#include "mozilla/Assertions.h"
+#include "mozilla/mscom/Utils.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/UniquePtr.h"
+
+#include <guiddef.h>
+#include <objidl.h>
+#include <winnt.h>
+
+// {00000027-0000-0008-C000-000000000046}
+static const GUID CLSID_AggStdMarshal = {
+    0x27, 0x0, 0x8, {0xC0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46}};
+
+namespace {
+
+#pragma pack(push, 1)
+
+typedef uint64_t OID;
+typedef uint64_t OXID;
+typedef GUID IPID;
+
+struct STDOBJREF {
+  uint32_t mFlags;
+  uint32_t mPublicRefs;
+  OXID mOxid;
+  OID mOid;
+  IPID mIpid;
+};
+
+enum STDOBJREF_FLAGS { SORF_PING = 0, SORF_NOPING = 0x1000 };
+
+struct DUALSTRINGARRAY {
+  static size_t SizeFromNumEntries(const uint16_t aNumEntries) {
+    return sizeof(mNumEntries) + sizeof(mSecurityOffset) +
+           aNumEntries * sizeof(uint16_t);
+  }
+
+  size_t SizeOf() const { return SizeFromNumEntries(mNumEntries); }
+
+  uint16_t mNumEntries;
+  uint16_t mSecurityOffset;
+  uint16_t mStringArray[1];  // Length is mNumEntries
+};
+
+struct OBJREF_STANDARD {
+  static size_t SizeOfFixedLenHeader() { return sizeof(mStd); }
+
+  size_t SizeOf() const { return SizeOfFixedLenHeader() + mResAddr.SizeOf(); }
+
+  STDOBJREF mStd;
+  DUALSTRINGARRAY mResAddr;
+};
+
+struct OBJREF_HANDLER {
+  static size_t SizeOfFixedLenHeader() { return sizeof(mStd) + sizeof(mClsid); }
+
+  size_t SizeOf() const { return SizeOfFixedLenHeader() + mResAddr.SizeOf(); }
+
+  STDOBJREF mStd;
+  CLSID mClsid;
+  DUALSTRINGARRAY mResAddr;
+};
+
+struct OBJREF_CUSTOM {
+  static size_t SizeOfFixedLenHeader() {
+    return sizeof(mClsid) + sizeof(mCbExtension) + sizeof(mReserved);
+  }
+
+  CLSID mClsid;
+  uint32_t mCbExtension;
+  uint32_t mReserved;
+  uint8_t mPayload[1];
+};
+
+enum OBJREF_FLAGS {
+  OBJREF_TYPE_STANDARD = 0x00000001UL,
+  OBJREF_TYPE_HANDLER = 0x00000002UL,
+  OBJREF_TYPE_CUSTOM = 0x00000004UL,
+  OBJREF_TYPE_EXTENDED = 0x00000008UL,
+};
+
+struct OBJREF {
+  static size_t SizeOfFixedLenHeader(OBJREF_FLAGS aFlags) {
+    size_t size = sizeof(mSignature) + sizeof(mFlags) + sizeof(mIid);
+
+    switch (aFlags) {
+      case OBJREF_TYPE_STANDARD:
+        size += OBJREF_STANDARD::SizeOfFixedLenHeader();
+        break;
+      case OBJREF_TYPE_HANDLER:
+        size += OBJREF_HANDLER::SizeOfFixedLenHeader();
+        break;
+      case OBJREF_TYPE_CUSTOM:
+        size += OBJREF_CUSTOM::SizeOfFixedLenHeader();
+        break;
+      default:
+        MOZ_ASSERT_UNREACHABLE("Unsupported OBJREF type");
+        return 0;
+    }
+
+    return size;
+  }
+
+  size_t SizeOf() const {
+    size_t size = sizeof(mSignature) + sizeof(mFlags) + sizeof(mIid);
+
+    switch (mFlags) {
+      case OBJREF_TYPE_STANDARD:
+        size += mObjRefStd.SizeOf();
+        break;
+      case OBJREF_TYPE_HANDLER:
+        size += mObjRefHandler.SizeOf();
+        break;
+      default:
+        MOZ_ASSERT_UNREACHABLE("Unsupported OBJREF type");
+        return 0;
+    }
+
+    return size;
+  }
+
+  uint32_t mSignature;
+  uint32_t mFlags;
+  IID mIid;
+  union {
+    OBJREF_STANDARD mObjRefStd;
+    OBJREF_HANDLER mObjRefHandler;
+    OBJREF_CUSTOM mObjRefCustom;
+    // There are others but we're not supporting them here
+  };
+};
+
+enum OBJREF_SIGNATURES { OBJREF_SIGNATURE = 0x574F454DUL };
+
+#pragma pack(pop)
+
+struct ByteArrayDeleter {
+  void operator()(void* aPtr) { delete[] reinterpret_cast<uint8_t*>(aPtr); }
+};
+
+template <typename T>
+using VarStructUniquePtr = mozilla::UniquePtr<T, ByteArrayDeleter>;
+
+}  // anonymous namespace
+
+namespace mozilla {
+namespace mscom {
+
+bool StripHandlerFromOBJREF(NotNull<IStream*> aStream, const uint64_t aStartPos,
+                            const uint64_t aEndPos) {
+  // Ensure that the current stream position is set to the beginning
+  LARGE_INTEGER seekTo;
+  seekTo.QuadPart = aStartPos;
+
+  HRESULT hr = aStream->Seek(seekTo, STREAM_SEEK_SET, nullptr);
+  if (FAILED(hr)) {
+    return false;
+  }
+
+  ULONG bytesRead;
+
+  uint32_t signature;
+  hr = aStream->Read(&signature, sizeof(signature), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(signature) ||
+      signature != OBJREF_SIGNATURE) {
+    return false;
+  }
+
+  uint32_t type;
+  hr = aStream->Read(&type, sizeof(type), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(type)) {
+    return false;
+  }
+  if (type != OBJREF_TYPE_HANDLER) {
+    // If we're not a handler then just seek to the end of the OBJREF and return
+    // success; there is nothing left to do.
+    seekTo.QuadPart = aEndPos;
+    return SUCCEEDED(aStream->Seek(seekTo, STREAM_SEEK_SET, nullptr));
+  }
+
+  IID iid;
+  hr = aStream->Read(&iid, sizeof(iid), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(iid) || !IsValidGUID(iid)) {
+    return false;
+  }
+
+  // Seek past fixed-size STDOBJREF and CLSID
+  seekTo.QuadPart = sizeof(STDOBJREF) + sizeof(CLSID);
+  hr = aStream->Seek(seekTo, STREAM_SEEK_CUR, nullptr);
+  if (FAILED(hr)) {
+    return false;
+  }
+
+  uint16_t numEntries;
+  hr = aStream->Read(&numEntries, sizeof(numEntries), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(numEntries)) {
+    return false;
+  }
+
+  // We'll try to use a stack buffer if resAddrSize <= kMinDualStringArraySize
+  const uint32_t kMinDualStringArraySize = 12;
+  uint16_t staticResAddrBuf[kMinDualStringArraySize / sizeof(uint16_t)];
+
+  size_t resAddrSize = DUALSTRINGARRAY::SizeFromNumEntries(numEntries);
+
+  DUALSTRINGARRAY* resAddr;
+  VarStructUniquePtr<DUALSTRINGARRAY> dynamicResAddrBuf;
+
+  if (resAddrSize <= kMinDualStringArraySize) {
+    resAddr = reinterpret_cast<DUALSTRINGARRAY*>(staticResAddrBuf);
+  } else {
+    dynamicResAddrBuf.reset(
+        reinterpret_cast<DUALSTRINGARRAY*>(new uint8_t[resAddrSize]));
+    resAddr = dynamicResAddrBuf.get();
+  }
+
+  resAddr->mNumEntries = numEntries;
+
+  // Because we've already read numEntries
+  ULONG bytesToRead = resAddrSize - sizeof(numEntries);
+
+  hr = aStream->Read(&resAddr->mSecurityOffset, bytesToRead, &bytesRead);
+  if (FAILED(hr) || bytesRead != bytesToRead) {
+    return false;
+  }
+
+  // Signature doesn't change so we'll seek past that
+  seekTo.QuadPart = aStartPos + sizeof(signature);
+  hr = aStream->Seek(seekTo, STREAM_SEEK_SET, nullptr);
+  if (FAILED(hr)) {
+    return false;
+  }
+
+  ULONG bytesWritten;
+
+  uint32_t newType = OBJREF_TYPE_STANDARD;
+  hr = aStream->Write(&newType, sizeof(newType), &bytesWritten);
+  if (FAILED(hr) || bytesWritten != sizeof(newType)) {
+    return false;
+  }
+
+  // Skip past IID and STDOBJREF since those don't change
+  seekTo.QuadPart = sizeof(IID) + sizeof(STDOBJREF);
+  hr = aStream->Seek(seekTo, STREAM_SEEK_CUR, nullptr);
+  if (FAILED(hr)) {
+    return false;
+  }
+
+  hr = aStream->Write(resAddr, resAddrSize, &bytesWritten);
+  if (FAILED(hr) || bytesWritten != resAddrSize) {
+    return false;
+  }
+
+  // The difference between a OBJREF_STANDARD and an OBJREF_HANDLER is
+  // sizeof(CLSID), so we'll zero out the remaining bytes.
+  hr = aStream->Write(&CLSID_NULL, sizeof(CLSID), &bytesWritten);
+  if (FAILED(hr) || bytesWritten != sizeof(CLSID)) {
+    return false;
+  }
+
+  // Back up to the end of the tweaked OBJREF.
+  // There are now sizeof(CLSID) less bytes.
+  // Bug 1403180: Using -sizeof(CLSID) with a relative seek sometimes
+  // doesn't work on Windows 7.
+  // It succeeds, but doesn't seek the stream for some unknown reason.
+  // Use an absolute seek instead.
+  seekTo.QuadPart = aEndPos - sizeof(CLSID);
+  return SUCCEEDED(aStream->Seek(seekTo, STREAM_SEEK_SET, nullptr));
+}
+
+uint32_t GetOBJREFSize(NotNull<IStream*> aStream) {
+  // Make a clone so that we don't manipulate aStream's seek pointer
+  RefPtr<IStream> cloned;
+  HRESULT hr = aStream->Clone(getter_AddRefs(cloned));
+  if (FAILED(hr)) {
+    return 0;
+  }
+
+  uint32_t accumulatedSize = 0;
+
+  ULONG bytesRead;
+
+  uint32_t signature;
+  hr = cloned->Read(&signature, sizeof(signature), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(signature) ||
+      signature != OBJREF_SIGNATURE) {
+    return 0;
+  }
+
+  accumulatedSize += bytesRead;
+
+  uint32_t type;
+  hr = cloned->Read(&type, sizeof(type), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(type)) {
+    return 0;
+  }
+
+  accumulatedSize += bytesRead;
+
+  IID iid;
+  hr = cloned->Read(&iid, sizeof(iid), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(iid) || !IsValidGUID(iid)) {
+    return 0;
+  }
+
+  accumulatedSize += bytesRead;
+
+  LARGE_INTEGER seekTo;
+
+  if (type == OBJREF_TYPE_CUSTOM) {
+    CLSID clsid;
+    hr = cloned->Read(&clsid, sizeof(CLSID), &bytesRead);
+    if (FAILED(hr) || bytesRead != sizeof(CLSID)) {
+      return 0;
+    }
+
+    if (clsid != CLSID_StdMarshal && clsid != CLSID_AggStdMarshal) {
+      // We can only calulate the size if the payload is a standard OBJREF as
+      // identified by clsid being CLSID_StdMarshal or CLSID_AggStdMarshal.
+      // (CLSID_AggStdMarshal, the aggregated standard marshaler, is used when
+      // the handler marshals an interface.)
+      return 0;
+    }
+
+    accumulatedSize += bytesRead;
+
+    seekTo.QuadPart =
+        sizeof(OBJREF_CUSTOM::mCbExtension) + sizeof(OBJREF_CUSTOM::mReserved);
+    hr = cloned->Seek(seekTo, STREAM_SEEK_CUR, nullptr);
+    if (FAILED(hr)) {
+      return 0;
+    }
+
+    accumulatedSize += seekTo.LowPart;
+
+    uint32_t payloadLen = GetOBJREFSize(WrapNotNull(cloned.get()));
+    if (!payloadLen) {
+      return 0;
+    }
+
+    accumulatedSize += payloadLen;
+    return accumulatedSize;
+  }
+
+  switch (type) {
+    case OBJREF_TYPE_STANDARD:
+      seekTo.QuadPart = OBJREF_STANDARD::SizeOfFixedLenHeader();
+      break;
+    case OBJREF_TYPE_HANDLER:
+      seekTo.QuadPart = OBJREF_HANDLER::SizeOfFixedLenHeader();
+      break;
+    default:
+      return 0;
+  }
+
+  hr = cloned->Seek(seekTo, STREAM_SEEK_CUR, nullptr);
+  if (FAILED(hr)) {
+    return 0;
+  }
+
+  accumulatedSize += seekTo.LowPart;
+
+  uint16_t numEntries;
+  hr = cloned->Read(&numEntries, sizeof(numEntries), &bytesRead);
+  if (FAILED(hr) || bytesRead != sizeof(numEntries)) {
+    return 0;
+  }
+
+  accumulatedSize += DUALSTRINGARRAY::SizeFromNumEntries(numEntries);
+  return accumulatedSize;
+}
+
+bool SetIID(NotNull<IStream*> aStream, const uint64_t aStart, REFIID aNewIid) {
+  ULARGE_INTEGER initialStreamPos;
+
+  LARGE_INTEGER seekTo;
+  seekTo.QuadPart = 0LL;
+  HRESULT hr = aStream->Seek(seekTo, STREAM_SEEK_CUR, &initialStreamPos);
+  if (FAILED(hr)) {
+    return false;
+  }
+
+  auto resetStreamPos = MakeScopeExit([&]() {
+    seekTo.QuadPart = initialStreamPos.QuadPart;
+    hr = aStream->Seek(seekTo, STREAM_SEEK_SET, nullptr);
+    MOZ_DIAGNOSTIC_ASSERT(SUCCEEDED(hr));
+  });
+
+  seekTo.QuadPart =
+      aStart + sizeof(OBJREF::mSignature) + sizeof(OBJREF::mFlags);
+  hr = aStream->Seek(seekTo, STREAM_SEEK_SET, nullptr);
+  if (FAILED(hr)) {
+    return false;
+  }
+
+  ULONG bytesWritten;
+  hr = aStream->Write(&aNewIid, sizeof(IID), &bytesWritten);
+  return SUCCEEDED(hr) && bytesWritten == sizeof(IID);
+}
+
+}  // namespace mscom
+}  // namespace mozilla