chromium/mojo/public/mojom/base/big_buffer.mojom

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

module mojo_base.mojom;

[Stable]
struct BigBufferSharedMemoryRegion {
  handle<shared_buffer> buffer_handle;
  uint32 size;
};

// A helper union to be used when messages want to accept arbitrarily large
// chunks of byte data. Beyond a certain size threshold, shared memory will be
// used in lieu of an inline byte array. If shared memory could not be allocated
// by the sender and the contents of the buffer would be too large to inline,
// this will instead take on the value of |invalid_buffer=true| indicating that
// the buffer does not represent any contents intended by the sender.
//
// SECURITY NOTE: When shmem is backing the message, it may be writable in the
// sending process while being read in the receiving process. If a BigBuffer is
// received from an untrustworthy process, you should make a copy of the data
// before processing it to avoid time-of-check time-of-use (TOCTOU) bugs.
// The |size()| of the data cannot be manipulated.
[Stable]
union BigBuffer {
  array<uint8> bytes;
  BigBufferSharedMemoryRegion shared_memory;
  bool invalid_buffer;
};