Changeset 36428 in vbox for trunk/include/VBox

Timestamp:

Mar 25, 2011 12:46:45 PM (14 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

70790

Message:

com/string.h: AssertLogRel when encountering an invalid encoding in the copyFrom*() methods doing UTF-16/8 conversions. The ASSUMPTION is that all input strings are correctly encoded and that this is enforced by VirtualBox border code before things gets down to Utf8Str or Bstr.

File:

• trunk/include/VBox/com/string.h (modified) (8 diffs)

trunk/include/VBox/com/string.h

@@ -58 +58 @@
 /**
  *  String class used universally in Main for COM-style Utf-16 strings.
- *  Unfortunately COM on Windows uses UTF-16 everywhere, requiring conversions
- *  back and forth since most of VirtualBox and our libraries use UTF-8.
- *
- *  To make things more obscure, on Windows, a COM-style BSTR is not just a
- *  pointer to a null-terminated wide character array, but the four bytes
- *  (32 bits) BEFORE the memory that the pointer points to are a length
- *  DWORD. One must therefore avoid pointer arithmetic and always use
- *  SysAllocString and the like to deal with BSTR pointers, which manage
- *  that DWORD correctly.
- *
- *  For platforms other than Windows, we provide our own versions of the
- *  Sys* functions in Main/xpcom/helpers.cpp which do NOT use length
- *  prefixes though to be compatible with how XPCOM allocates string
- *  parameters to public functions.
- *
- *  The Bstr class hides all this handling behind a std::string-like interface
- *  and also provides automatic conversions to MiniString and Utf8Str instances.
- *
- *  The one advantage of using the SysString* routines is that this makes it
- *  possible to use it as a type of member variables of COM/XPCOM components
- *  and pass their values to callers through component methods' output parameters
- *  using the #cloneTo() operation. Also, the class can adopt (take ownership of)
- *  string buffers returned in output parameters of COM methods using the
- *  #asOutParam() operation and correctly free them afterwards.
- *
- *  Starting with VirtualBox 3.2, like Utf8Str, Bstr no longer differentiates
- *  between NULL strings and empty strings. In other words, Bstr("") and
- *  Bstr(NULL) behave the same. In both cases, Bstr allocates no memory,
- *  reports a zero length and zero allocated bytes for both, and returns an
- *  empty C wide string from raw().
+ *
+ * Unfortunately COM on Windows uses UTF-16 everywhere, requiring conversions
+ * back and forth since most of VirtualBox and our libraries use UTF-8.
+ *
+ * To make things more obscure, on Windows, a COM-style BSTR is not just a
+ * pointer to a null-terminated wide character array, but the four bytes (32
+ * bits) BEFORE the memory that the pointer points to are a length DWORD. One
+ * must therefore avoid pointer arithmetic and always use SysAllocString and
+ * the like to deal with BSTR pointers, which manage that DWORD correctly.
+ *
+ * For platforms other than Windows, we provide our own versions of the Sys*
+ * functions in Main/xpcom/helpers.cpp which do NOT use length prefixes though
+ * to be compatible with how XPCOM allocates string parameters to public
+ * functions.
+ *
+ * The Bstr class hides all this handling behind a std::string-like interface
+ * and also provides automatic conversions to MiniString and Utf8Str instances.
+ *
+ * The one advantage of using the SysString* routines is that this makes it
+ * possible to use it as a type of member variables of COM/XPCOM components and
+ * pass their values to callers through component methods' output parameters
+ * using the #cloneTo() operation.  Also, the class can adopt (take ownership
+ * of) string buffers returned in output parameters of COM methods using the
+ * #asOutParam() operation and correctly free them afterwards.
+ *
+ * Starting with VirtualBox 3.2, like Utf8Str, Bstr no longer differentiates
+ * between NULL strings and empty strings. In other words, Bstr("") and
+ * Bstr(NULL) behave the same. In both cases, Bstr allocates no memory,
+ * reports a zero length and zero allocated bytes for both, and returns an
+ * empty C wide string from raw().
+ *
+ * @note    All Bstr methods ASSUMES valid UTF-16 or UTF-8 input strings.
+ *          The VirtualBox policy in this regard is to validate strings coming
+ *          from external sources before passing them to Bstr or Utf8Str.
  */
 class Bstr
@@ -301 +305 @@
      *  If the member string is empty, this allocates an empty BSTR in *pstr
      *  (i.e. makes it point to a new buffer with a null byte).
-     */
-    void detachTo(BSTR *pstr)
+     *
+     * @param   pbstrDst        The BSTR variable to detach the string to.
+     *
+     * @throws  std::bad_alloc if we failed to allocate a new empty string.
+     */
+    void detachTo(BSTR *pbstrDst)
     {
         if (m_bstr)
-            *pstr = m_bstr;
+            *pbstrDst = m_bstr;
         else
         {
             // allocate null BSTR
-            *pstr = ::SysAllocString((const OLECHAR *)g_bstrEmpty);
+            *pbstrDst = ::SysAllocString((const OLECHAR *)g_bstrEmpty);
 #ifdef RT_EXCEPTIONS_ENABLED
-            if (!*pstr)
+            if (!*pbstrDst)
                 throw std::bad_alloc();
 #endif
@@ -322 +330 @@
      *  Takes the ownership of the returned data.
      */
-    BSTR* asOutParam()
+    BSTR *asOutParam()
     {
         cleanup();
@@ -352 +360 @@
      *
      * If the source is empty, this sets the member string to NULL.
-     * @param rs
-     */
-    void copyFrom(const OLECHAR *rs)
-    {
-        if (rs && *rs)
+     *
+     * @param   a_bstrSrc           The source string.  The caller guarantees
+     *                              that this is valid UTF-16.
+     *
+     * @throws  std::bad_alloc - the object is representing an empty string.
+     */
+    void copyFrom(const OLECHAR *a_bstrSrc)
+    {
+        if (a_bstrSrc && *a_bstrSrc)
         {
-            m_bstr = ::SysAllocString(rs);
+            m_bstr = ::SysAllocString(a_bstrSrc);
 #ifdef RT_EXCEPTIONS_ENABLED
             if (!m_bstr)
@@ -375 +387 @@
      *
      * If the source is empty, this sets the member string to NULL.
-     * @param rs
-     */
-    void copyFrom(const char *rs)
-    {
-        if (rs && *rs)
-        {
-            PRTUTF16 s = NULL;
-            ::RTStrToUtf16(rs, &s);
-#ifdef RT_EXCEPTIONS_ENABLED
-            if (!s)
-                throw std::bad_alloc();
-#endif
-            copyFrom((const OLECHAR *)s);            // allocates BSTR from zero-terminated input string
-            ::RTUtf16Free(s);
-        }
-        else
-            m_bstr = NULL;
+     *
+     * @param   a_pszSrc            The source string.  The caller guarantees
+     *                              that this is valid UTF-8.
+     *
+     * @throws  std::bad_alloc - the object is representing an empty string.
+     */
+    void copyFrom(const char *a_pszSrc)
+    {
+        copyFromN(a_pszSrc, RTSTR_MAX);
     }
 
@@ -397 +401 @@
      * Variant of copyFrom for sub-string constructors.
      *
-     * @param   a_pszSrc            The source string.
+     * @param   a_pszSrc            The source string.  The caller guarantees
+     *                              that this is valid UTF-8.
      * @param   a_cchMax            The maximum number of chars (not
      *                              codepoints) to copy.  If you pass RTSTR_MAX
      *                              it'll be exactly like copyFrom().
-     * @throws  std::bad_alloc
+     *
+     * @throws  std::bad_alloc - the object is representing an empty string.
      */
     void copyFromN(const char *a_pszSrc, size_t a_cchSrc);
@@ -417 +423 @@
 
 
-////////////////////////////////////////////////////////////////////////////////
+
 
 /**
- *  String class used universally in Main for UTF-8 strings.
- *
- *  This is based on iprt::MiniString, to which some functionality has been
- *  moved. Here we keep things that are specific to Main, such as conversions
- *  with UTF-16 strings (Bstr).
- *
- *  Like iprt::MiniString, Utf8Str does not differentiate between NULL strings
- *  and empty strings. In other words, Utf8Str("") and Utf8Str(NULL)
- *  behave the same. In both cases, MiniString allocates no memory, reports
- *  a zero length and zero allocated bytes for both, and returns an empty
- *  C string from c_str().
+ * String class used universally in Main for UTF-8 strings.
+ *
+ * This is based on iprt::MiniString, to which some functionality has been
+ * moved.  Here we keep things that are specific to Main, such as conversions
+ * with UTF-16 strings (Bstr).
+ *
+ * Like iprt::MiniString, Utf8Str does not differentiate between NULL strings
+ * and empty strings.  In other words, Utf8Str("") and Utf8Str(NULL) behave the
+ * same.  In both cases, MiniString allocates no memory, reports
+ * a zero length and zero allocated bytes for both, and returns an empty
+ * C string from c_str().
+ *
+ * @note    All Utf8Str methods ASSUMES valid UTF-8 or UTF-16 input strings.
+ *          The VirtualBox policy in this regard is to validate strings coming
+ *          from external sources before passing them to Utf8Str or Bstr.
  */
 class Utf8Str : public iprt::MiniString
@@ -558 +568 @@
 protected:
 
-    void copyFrom(CBSTR s);
+    void copyFrom(CBSTR a_pbstr);
 
     friend class Bstr; /* to access our raw_copy() */