static bool readItemRecursive(WebCore::HistoryItem* newItem,
const char** pData, int length)
{
if (!pData || length < HISTORY_MIN_SIZE) {
ALOGW("readItemRecursive() bad params; pData=%p length=%d", pData, length);
return false;
}
const char* data = *pData;
const char* end = data + length;
String content;
// Read the original url
if (readString(data, end, content, "Original url"))
newItem->setOriginalURLString(content);
else
return false;
// Read the url
if (readString(data, end, content, "Url"))
newItem->setURLString(content);
else
return false;
// Read the title
if (readString(data, end, content, "Title"))
newItem->setTitle(content);
else
return false;
// Generate a new ResourceRequest object for populating form information.
// Read the form content type
WTF::String formContentType;
if (!readString(data, end, formContentType, "Content type"))
return false;
// Read the form data size
unsigned formDataSize;
if (!readUnsigned(data, end, formDataSize, "Form data size"))
return false;
// Read the form data
WTF::RefPtr<WebCore::FormData> formData;
if (formDataSize) {
ALOGV("Reading Form data %d %.*s", formDataSize, formDataSize, data);
if ((end < data) || ((size_t)(end - data) < formDataSize)) {
ALOGW("\tNot enough data to read form data; returning");
return false;
}
formData = WebCore::FormData::create(data, formDataSize);
data += formDataSize;
// Read the identifier
int64_t id;
if (!readInt64(data, end, id, "Form id"))
return false;
if (id)
formData->setIdentifier(id);
}
// Set up the form info
if (formData != NULL) {
WebCore::ResourceRequest r;
r.setHTTPMethod("POST");
r.setHTTPContentType(formContentType);
r.setHTTPBody(formData);
newItem->setFormInfoFromRequest(r);
}
// Read the target
if (readString(data, end, content, "Target"))
newItem->setTarget(content);
else
return false;
AndroidWebHistoryBridge* bridge = newItem->bridge();
ALOG_ASSERT(bridge, "There should be a bridge object during inflate");
// Read the screen scale
float fValue;
if (readFloat(data, end, fValue, "Screen scale"))
bridge->setScale(fValue);
else
return false;
// Read the text wrap scale
if (readFloat(data, end, fValue, "Text wrap scale"))
bridge->setTextWrapScale(fValue);
else
return false;
// Read scroll position.
int scrollX;
if (!readInt(data, end, scrollX, "Scroll pos x"))
return false;
int scrollY;
if (!readInt(data, end, scrollY, "Scroll pos y"))
return false;
newItem->setScrollPoint(IntPoint(scrollX, scrollY));
// Read the document state
unsigned docStateCount;
if (!readUnsigned(data, end, docStateCount, "Doc state count"))
return false;
if (docStateCount) {
// Create a new vector and reserve enough space for the document state.
WTF::Vector<WTF::String> docState;
docState.reserveCapacity(docStateCount);
while (docStateCount--) {
// Read a document state string
if (readString(data, end, content, "Document state"))
docState.append(content);
else
return false;
}
newItem->setDocumentState(docState);
}
// Read is target item
bool c;
if (readBool(data, end, c, "Target item"))
newItem->setIsTargetItem(c);
else
return false;
// Read the child count
unsigned count;
if (!readUnsigned(data, end, count, "Child count"))
return false;
*pData = data;
if (count) {
while (count--) {
// No need to check the length each time because read_item_recursive
// will return null if there isn't enough data left to parse.
WTF::RefPtr<WebCore::HistoryItem> child = WebCore::HistoryItem::create();
// Set a bridge that will not call into java.
child->setBridge(new WebHistoryItem(static_cast<WebHistoryItem*>(bridge)));
// Read the child item.
if (!readItemRecursive(child.get(), pData, end - data))
return false;
child->bridge()->setActive();
newItem->addChildItem(child);
}
}
return true;
}
static bool read_item_recursive(WebCore::HistoryItem* newItem,
const char** pData, int length)
{
if (!pData || length < HISTORY_MIN_SIZE)
return false;
const WebCore::TextEncoding& e = WebCore::UTF8Encoding();
const char* data = *pData;
const char* end = data + length;
const char* prevVal = data;
LOGV("read_item_recursive data: %p length: %d",data,length);
int sizeofUnsigned = (int)sizeof(unsigned);
// Read the original url
// Read the expected length of the string.
unsigned l;
memcpy(&l, data, sizeofUnsigned);
// Increment data pointer by the size of an unsigned int.
data += sizeofUnsigned;
prevVal = data;
if (l) {
LOGV("Original url %d %.*s", l, l, data);
LOGV("at location Original url : %p ",data);
// If we have a length, check if that length exceeds the data length
// and return null if there is not enough data.
if (data + l < end)
newItem->setOriginalURLString(e.decode(data, l));
else
return false;
// Increment the data pointer by the length of the string.
data += l;
}
// Check if we have enough data left to continue.
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
LOGV("at location Url : %p ",data);
// Read the url
memcpy(&l, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
if (l) {
LOGV("Url %d %.*s", l, l, data);
if (data + l < end)
newItem->setURLString(e.decode(data, l));
else
return false;
data += l;
}
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
LOGV("at location Title : %p ",data);
// Read the title
memcpy(&l, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
if (l) {
LOGV("Title %d %.*s", l, l, data);
if (data + l < end)
newItem->setTitle(e.decode(data, l));
else
return false;
data += l;
}
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
// Generate a new ResourceRequest object for populating form information.
WTF::String formContentType;
WTF::PassRefPtr<WebCore::FormData> formData = NULL;
LOGV("at location Content type : %p ",data);
// Read the form content type
memcpy(&l, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
if (l) {
LOGV("Content type %d %.*s", l, l, data);
if (data + l < end)
formContentType = e.decode(data, l);
else
return false;
data += l;
}
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
LOGV("at location Form data : %p ",data);
// Read the form data
memcpy(&l, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
if (l) {
LOGV("Form data %d %.*s", l, l, data);
if (data + l < end)
formData = WebCore::FormData::create(data, l);
else
return false;
data += l;
//SAMSUNG CHANGES: valid length check >>
if (end - data < sizeof(int64_t))
return false;
//SAMSUNG CHANGES: valid length check <<
// Read the identifier
{
int64_t id;
int size = (int)sizeof(int64_t);
memcpy(&id, data, size);
data += size;
if (id)
formData->setIdentifier(id);
}
}
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
// Set up the form info
if (formData != NULL) {
WebCore::ResourceRequest r;
r.setHTTPMethod("POST");
r.setHTTPContentType(formContentType);
r.setHTTPBody(formData);
newItem->setFormInfoFromRequest(r);
}
LOGV("at location Target: %p ",data);
// Read the target
memcpy(&l, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
if (l) {
LOGV("Target %d %.*s", l, l, data);
if (data + l < end)
newItem->setTarget(e.decode(data, l));
else
return false;
data += l;
}
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
LOGV("at location Screen scale: %p ",data);
AndroidWebHistoryBridge* bridge = newItem->bridge();
LOG_ASSERT(bridge, "There should be a bridge object during inflate");
float fValue;
// Read the screen scale
memcpy(&fValue, data, sizeof(float));
LOGV("Screen scale %f", fValue);
bridge->setScale(fValue);
data += sizeof(float);
LOGV("at location Text wrap scale : %p ",data);
memcpy(&fValue, data, sizeofUnsigned);
LOGV("Text wrap scale %f", fValue);
bridge->setTextWrapScale(fValue);
data += sizeof(float);
if (end - data < sizeofUnsigned)
return false;
LOGV("at location scrollX : %p ",data);
// Read scroll position.
int scrollX = 0;
memcpy(&scrollX, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
LOGV("at location scrollY : %p ",data);
int scrollY = 0;
memcpy(&scrollY, data, sizeofUnsigned);
data += sizeofUnsigned;
newItem->setScrollPoint(IntPoint(scrollX, scrollY));
if (end - data < sizeofUnsigned)
return false;
if (data < prevVal)
return false;
LOGV("at location Document state : %p ",data);
// Read the document state
memcpy(&l, data, sizeofUnsigned);
LOGV("Document state %d", l);
data += sizeofUnsigned;
prevVal = data;
if (l) {
// Check if we have enough data to at least parse the sizes of each
// document state string.
if (data + l * sizeofUnsigned >= end)
return false;
// Create a new vector and reserve enough space for the document state.
WTF::Vector<WTF::String> docState;
docState.reserveCapacity(l);
while (l--) {
// Check each time if we have enough to parse the length of the next
// string.
if (end - data < sizeofUnsigned)
return false;
unsigned int strLen;
memcpy(&strLen, data, sizeofUnsigned);
data += sizeofUnsigned;
prevVal = data;
if (data + strLen < end)
docState.append(e.decode(data, strLen));
else
return false;
LOGV("\t\t%d %.*s", strLen, strLen, data);
data += strLen;
if (data < prevVal)
return false;
}
newItem->setDocumentState(docState);
}
// Check if we have enough to read the next byte
if (data >= end)
return false;
LOGV("at location Target item : %p ",data);
// Read is target item
// Cast the value to unsigned char in order to make a negative value larger
// than 1. A value that is not 0 or 1 is a failure.
unsigned char c = (unsigned char)data[0];
if (c > 1)
return false;
LOGV("Target item %d", c);
newItem->setIsTargetItem((bool)c);
data++;
if (end - data < sizeofUnsigned)
return false;
LOGV("at location Child count : %p ",data);
// Read the child count
memcpy(&l, data, sizeofUnsigned);
LOGV("Child count %d", l);
data += sizeofUnsigned;
*pData = data;
if (l) {
// Check if we have the minimum amount need to parse l children.
if (data + l * HISTORY_MIN_SIZE >= end)
return false;
while (l--) {
// No need to check the length each time because read_item_recursive
// will return null if there isn't enough data left to parse.
WTF::PassRefPtr<WebCore::HistoryItem> child = WebCore::HistoryItem::create();
// Set a bridge that will not call into java.
child->setBridge(new WebHistoryItem(static_cast<WebHistoryItem*>(bridge)));
// Read the child item.
if (!read_item_recursive(child.get(), pData, end - data)) {
child.clear();
return false;
}
child->bridge()->setActive();
newItem->addChildItem(child);
}
}
return true;
}
