chromium/src
0
Fork 0
Code Activity

Introduce the raw_ptr attribute AllowPtrArithmetic.

Browse Source 
This will help flag places that are better suited for conversions
to span<> or other containers and prevent the growth of new usages.

This CL flags the places that require pointer arithmetic, but stops
short of banning it entirely. A future CL will refuse to compile
pointer arithmetic against raw_ptrs that lack this attribute.

Change-Id: Iff4a671280930df6eeacb04ff52dfa863da2b1dc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4229951
Owners-Override: danakj <danakj@chromium.org>
Reviewed-by: Bartek Nowierski <bartekn@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1105779}
This commit is contained in:
Tom Sepez
2023-02-15 19:08:11 +00:00
committed by Chromium LUCI CQ
parent 6dc601e6a0
commit 09c200aef7
45 changed files with 102 additions and 77 deletions

13
base/allocator/partition_allocator/pointers/raw_ptr.h

@ -123,12 +123,17 @@ enum class RawPtrTraits : unsigned {
kDisableHooks = kEmpty,
#endif
// Pointer arithmetic is discouraged and disabled by default.
//
// Don't use directly, use AllowPtrArithmetic instead.
kAllowPtrArithmetic = (1 << 3),
// Adds accounting, on top of the chosen implementation, for test purposes.
// raw_ptr/raw_ref with this trait perform extra bookkeeping, e.g. to track
// the number of times the raw_ptr is wrapped, unwrapped, etc.
//
// Test only.
kUseCountingWrapperForTest = (1 << 3),
kUseCountingWrapperForTest = (1 << 4),
};
// Used to combine RawPtrTraits:
@ -158,6 +163,7 @@ constexpr bool AreValid(RawPtrTraits traits) {
return Remove(traits, RawPtrTraits::kMayDangle |
RawPtrTraits::kDisableMTECheckedPtr |
RawPtrTraits::kDisableHooks |
RawPtrTraits::kAllowPtrArithmetic |
RawPtrTraits::kUseCountingWrapperForTest) ==
RawPtrTraits::kEmpty;
}
@ -1328,6 +1334,11 @@ using MayBeDangling = base::raw_ptr<T, base::RawPtrTraits::kMayDangle>;
// Direct pass-through to no-op implementation.
constexpr auto DegradeToNoOpWhenMTE = base::RawPtrTraits::kDisableMTECheckedPtr;
// The use of pointer arithmetic with raw_ptr is strongly discouraged and
// disabled by default. Usually a container like span<> should be used
// instead of the raw_ptr.
constexpr auto AllowPtrArithmetic = base::RawPtrTraits::kAllowPtrArithmetic;
namespace std {
// Override so set/map lookups do not create extra raw_ptr. This also allows

29
base/allocator/partition_allocator/pointers/raw_ptr_unittest.cc

@ -94,27 +94,31 @@ static_assert(
// this namespace calls the correct functions from this namespace.
namespace {
// `kEmpty` matches what `CountingRawPtr` does internally.
// `kAllowPtrArithmetic` matches what `CountingRawPtr` does internally.
// `kUseCountingWrapperForTest` is removed.
using RawPtrCountingImpl = base::internal::RawPtrCountingImplWrapperForTest<
base::RawPtrTraits::kEmpty>;
base::RawPtrTraits::kAllowPtrArithmetic>;
// `kMayDangle` matches what `CountingRawPtrMayDangle` does internally.
// `kUseCountingWrapperForTest` is removed, and `kMayDangle` is kept.
// `kMayDangle | kAllowPtrArithmetic` matches what `CountingRawPtrMayDangle`
// does internally. `kUseCountingWrapperForTest` is removed, and `kMayDangle`
// and `kAllowPtrArithmetic` are kept.
using RawPtrCountingMayDangleImpl =
base::internal::RawPtrCountingImplWrapperForTest<
base::RawPtrTraits::kMayDangle>;
base::RawPtrTraits::kMayDangle |
base::RawPtrTraits::kAllowPtrArithmetic>;
template <typename T>
using CountingRawPtr =
raw_ptr<T, base::RawPtrTraits::kUseCountingWrapperForTest>;
using CountingRawPtr = raw_ptr<T,
base::RawPtrTraits::kUseCountingWrapperForTest |
base::RawPtrTraits::kAllowPtrArithmetic>;
static_assert(std::is_same_v<CountingRawPtr<int>::Impl, RawPtrCountingImpl>);
template <typename T>
using CountingRawPtrMayDangle =
raw_ptr<T,
base::RawPtrTraits::kMayDangle |
base::RawPtrTraits::kUseCountingWrapperForTest>;
base::RawPtrTraits::kUseCountingWrapperForTest |
base::RawPtrTraits::kAllowPtrArithmetic>;
static_assert(std::is_same_v<CountingRawPtrMayDangle<int>::Impl,
RawPtrCountingMayDangleImpl>);
@ -1473,7 +1477,7 @@ TEST_F(BackupRefPtrTest, EndPointer) {
// should not result in a crash or corrupt the free list.
char* raw_ptr1 =
reinterpret_cast<char*>(allocator_.root()->Alloc(size, ""));
raw_ptr<char> wrapped_ptr = raw_ptr1 + size;
raw_ptr<char, AllowPtrArithmetic> wrapped_ptr = raw_ptr1 + size;
wrapped_ptr = nullptr;
// We need to make two more allocations to turn the possible free list
// corruption into an observable crash.
@ -1540,8 +1544,7 @@ void RunBackupRefPtrImplAdvanceTest(
partition_alloc::PartitionAllocator& allocator,
size_t requested_size) {
char* ptr = static_cast<char*>(allocator.root()->Alloc(requested_size, ""));
raw_ptr<char> protected_ptr = ptr;
raw_ptr<char, AllowPtrArithmetic> protected_ptr = ptr;
protected_ptr += 123;
protected_ptr -= 123;
protected_ptr = protected_ptr + 123;
@ -1626,7 +1629,7 @@ TEST_F(BackupRefPtrTest, AdvanceAcrossPools) {
char* in_pool_ptr = static_cast<char*>(allocator_.root()->Alloc(123, ""));
raw_ptr<char> protected_ptr = array1;
raw_ptr<char, AllowPtrArithmetic> protected_ptr = array1;
// Nothing bad happens. Both pointers are outside of the BRP pool, so no
// checks are triggered.
protected_ptr += (array2 - array1);
@ -2401,7 +2404,7 @@ TEST_F(HookableRawPtrImplTest, UnsafelyUnwrapForComparison) {
TEST_F(HookableRawPtrImplTest, Advance) {
EXPECT_CALL(hooks_, Advance).Times(1);
int* ptr = new int[10];
raw_ptr<int> interesting_ptr = ptr;
raw_ptr<int, AllowPtrArithmetic> interesting_ptr = ptr;
interesting_ptr += 1;
delete[] ptr;
}

4
base/big_endian.h

@ -137,8 +137,8 @@ class BASE_EXPORT BigEndianWriter {
template<typename T>
bool Write(T v);
raw_ptr<char, DanglingUntriaged> ptr_;
raw_ptr<char, DanglingUntriaged> end_;
raw_ptr<char, DanglingUntriaged | AllowPtrArithmetic> ptr_;
raw_ptr<char, DanglingUntriaged | AllowPtrArithmetic> end_;
};
} // namespace base

4
base/containers/small_map.h

@ -250,7 +250,7 @@ class small_map {
inline explicit iterator(const typename NormalMap::iterator& init)
: array_iter_(nullptr), map_iter_(init) {}
raw_ptr<value_type> array_iter_;
raw_ptr<value_type, AllowPtrArithmetic> array_iter_;
typename NormalMap::iterator map_iter_;
};
@ -327,7 +327,7 @@ class small_map {
const typename NormalMap::const_iterator& init)
: array_iter_(nullptr), map_iter_(init) {}
raw_ptr<const value_type> array_iter_;
raw_ptr<const value_type, AllowPtrArithmetic> array_iter_;
typename NormalMap::const_iterator map_iter_;
};

2
base/files/memory_mapped_file.h

@ -140,7 +140,7 @@ class BASE_EXPORT MemoryMappedFile {
File file_;
raw_ptr<uint8_t, DanglingUntriaged> data_ = nullptr;
raw_ptr<uint8_t, DanglingUntriaged | AllowPtrArithmetic> data_ = nullptr;
size_t length_ = 0;
#if BUILDFLAG(IS_WIN)

2
base/i18n/icu_mergeable_data_file.h

@ -106,7 +106,7 @@ class BASE_I18N_EXPORT IcuMergeableDataFile {
File lacros_file_;
size_t lacros_length_ = 0;
raw_ptr<uint8_t> lacros_data_ = nullptr;
raw_ptr<uint8_t, AllowPtrArithmetic> lacros_data_ = nullptr;
bool used_cached_hashes_ = false;
};

2
base/strings/safe_sprintf.cc

@ -268,7 +268,7 @@ class Buffer {
}
// User-provided buffer that will receive the fully formatted output string.
raw_ptr<char> buffer_;
raw_ptr<char, AllowPtrArithmetic> buffer_;
// Number of bytes that are available in the buffer excluding the trailing
// NUL byte that will be added by the destructor.

7
base/trace_event/cfi_backtrace_android.h

@ -155,15 +155,16 @@ class BASE_EXPORT CFIBacktraceAndroid {
// The UNW_INDEX table: Start address of the function address column. The
// memory segment corresponding to this column is treated as an array of
// uintptr_t.
raw_ptr<const uintptr_t> unw_index_function_col_ = nullptr;
raw_ptr<const uintptr_t, AllowPtrArithmetic> unw_index_function_col_ =
nullptr;
// The UNW_INDEX table: Start address of the index column. The memory segment
// corresponding to this column is treated as an array of uint16_t.
raw_ptr<const uint16_t> unw_index_indices_col_ = nullptr;
raw_ptr<const uint16_t, AllowPtrArithmetic> unw_index_indices_col_ = nullptr;
// The number of rows in UNW_INDEX table.
size_t unw_index_row_count_ = 0;
// The start address of UNW_DATA table.
raw_ptr<const uint16_t> unw_data_start_addr_ = nullptr;
raw_ptr<const uint16_t, AllowPtrArithmetic> unw_data_start_addr_ = nullptr;
bool can_unwind_stack_frames_ = false;

2
cc/paint/paint_op_buffer_unittest.cc

@ -1311,7 +1311,7 @@ class SimpleSerializer {
TestOptionsProvider* options_provider() { return &options_provider_; }
private:
raw_ptr<char> current_ = nullptr;
raw_ptr<char, AllowPtrArithmetic> current_ = nullptr;
size_t output_size_ = 0u;
size_t remaining_ = 0u;
std::vector<size_t> bytes_written_;

2
cc/paint/paint_op_writer.h

@ -325,7 +325,7 @@ class CC_PAINT_EXPORT PaintOpWriter {
bool* paint_image_needs_mips,
gpu::Mailbox* mailbox_out);
raw_ptr<char> memory_ = nullptr;
raw_ptr<char, AllowPtrArithmetic> memory_ = nullptr;
size_t size_ = 0u;
size_t remaining_bytes_ = 0u;
const raw_ref<const PaintOp::SerializeOptions> options_;

2
chrome/browser/media/webrtc/fake_desktop_media_picker_factory.h

@ -57,7 +57,7 @@ class FakeDesktopMediaPickerFactory : public DesktopMediaPickerFactory {
private:
raw_ptr<FakeDesktopMediaPicker, DanglingUntriaged> picker_;
raw_ptr<TestFlags, DanglingUntriaged> test_flags_;
raw_ptr<TestFlags, DanglingUntriaged | AllowPtrArithmetic> test_flags_;
int tests_count_;
int current_test_;
bool is_web_contents_excluded_ = false;

4
chrome/browser/safe_browsing/incident_reporting/module_integrity_verifier_win.cc

@ -80,11 +80,11 @@ struct ModuleVerificationState {
// The location in the in-memory binary of the latest reloc encountered by
// |EnumRelocsCallback|.
raw_ptr<uint8_t> last_mem_reloc_position;
raw_ptr<uint8_t, AllowPtrArithmetic> last_mem_reloc_position;
// The location in the on-disk binary of the latest reloc encountered by
// |EnumRelocsCallback|.
raw_ptr<uint8_t> last_disk_reloc_position;
raw_ptr<uint8_t, AllowPtrArithmetic> last_disk_reloc_position;
// The number of bytes with a different value on disk and in memory, as
// computed by |VerifyModule|.

2
chrome/browser/safe_browsing/incident_reporting/module_integrity_verifier_win_unittest.cc

@ -64,7 +64,7 @@ class ScopedModuleModifier {
}
private:
raw_ptr<uint8_t> address_;
raw_ptr<uint8_t, AllowPtrArithmetic> address_;
};
} // namespace

5
chrome/test/chromedriver/net/adb_client_socket_unittest.cc

@ -16,8 +16,6 @@
class MockSocket : public net::MockClientSocket {
public:
int return_values_length;
raw_ptr<std::string> return_values_array;
MockSocket(std::string* return_values_array, int return_values_length)
: MockClientSocket(net::NetLogWithSource()),
return_values_length(return_values_length),
@ -78,6 +76,9 @@ class MockSocket : public net::MockClientSocket {
}
bool GetSSLInfo(net::SSLInfo* ssl_info) override { return false; }
bool WasEverUsed() const override { return false; }
int return_values_length;
raw_ptr<std::string, AllowPtrArithmetic> return_values_array;
};
class AdbClientSocketTest : public testing::Test {

2
components/metrics/expired_histograms_checker.h

@ -40,7 +40,7 @@ class ExpiredHistogramsChecker final : public base::RecordHistogramChecker {
void InitAllowlist(const std::string& allowlist_str);
// Array of expired histogram hashes.
const raw_ptr<const uint32_t> expired_histogram_hashes_;
const raw_ptr<const uint32_t, AllowPtrArithmetic> expired_histogram_hashes_;
// Size of the |expired_histogram_hashes_|.
const size_t size_;

3
components/metrics/file_metrics_provider_unittest.cc

@ -271,7 +271,8 @@ class FileMetricsProviderTest : public testing::TestWithParam<bool> {
std::unique_ptr<FileMetricsProvider> provider_;
base::HistogramBase* created_histograms_[kMaxCreateHistograms];
raw_ptr<const FileMetricsProvider::FilterAction> filter_actions_ = nullptr;
raw_ptr<const FileMetricsProvider::FilterAction, AllowPtrArithmetic>
filter_actions_ = nullptr;
size_t filter_actions_remaining_ = 0;
};

2
components/policy/core/common/schema.h

@ -197,7 +197,7 @@ class POLICY_EXPORT Schema {
private:
scoped_refptr<const InternalStorage> storage_;
raw_ptr<const internal::PropertyNode> it_;
raw_ptr<const internal::PropertyNode, AllowPtrArithmetic> it_;
raw_ptr<const internal::PropertyNode> end_;
};

20
components/policy/core/common/schema_internal.h

@ -133,14 +133,20 @@ union POLICY_EXPORT RestrictionNode {
// Contains arrays of related nodes. All of the offsets in these nodes reference
// other nodes in these arrays.
struct POLICY_EXPORT SchemaData {
raw_ptr<const SchemaNode, DanglingUntriaged> schema_nodes;
raw_ptr<const PropertyNode, DanglingUntriaged> property_nodes;
raw_ptr<const PropertiesNode, DanglingUntriaged> properties_nodes;
raw_ptr<const RestrictionNode, DanglingUntriaged> restriction_nodes;
raw_ptr<const char* const, DanglingUntriaged> required_properties;
raw_ptr<const SchemaNode, DanglingUntriaged | AllowPtrArithmetic>
schema_nodes;
raw_ptr<const PropertyNode, DanglingUntriaged | AllowPtrArithmetic>
property_nodes;
raw_ptr<const PropertiesNode, DanglingUntriaged | AllowPtrArithmetic>
properties_nodes;
raw_ptr<const RestrictionNode, DanglingUntriaged | AllowPtrArithmetic>
restriction_nodes;
raw_ptr<const char* const, DanglingUntriaged | AllowPtrArithmetic>
required_properties;
raw_ptr<const int, DanglingUntriaged> int_enums;
raw_ptr<const char* const, DanglingUntriaged> string_enums;
raw_ptr<const int, DanglingUntriaged | AllowPtrArithmetic> int_enums;
raw_ptr<const char* const, DanglingUntriaged | AllowPtrArithmetic>
string_enums;
int validation_schema_root_index;
};

2
components/variations/service/ui_string_overrider.h

@ -45,7 +45,7 @@ class UIStringOverrider {
int GetResourceIndex(uint32_t hash);
private:
const raw_ptr<const uint32_t> resource_hashes_;
const raw_ptr<const uint32_t, AllowPtrArithmetic> resource_hashes_;
const raw_ptr<const int, DanglingUntriaged> resource_indices_;
size_t const num_resources_;
};

6
components/zucchini/disassembler_elf.h

@ -215,11 +215,13 @@ class DisassemblerElf : public Disassembler {
// Section header table, ordered by section id.
elf::Elf32_Half sections_count_ = 0;
raw_ptr<const typename Traits::Elf_Shdr> sections_ = nullptr;
raw_ptr<const typename Traits::Elf_Shdr, AllowPtrArithmetic> sections_ =
nullptr;
// Program header table.
elf::Elf32_Half segments_count_ = 0;
raw_ptr<const typename Traits::Elf_Phdr> segments_ = nullptr;
raw_ptr<const typename Traits::Elf_Phdr, AllowPtrArithmetic> segments_ =
nullptr;
// Bit fields to store the role each section may play.
std::vector<int> section_judgements_;

2
courgette/disassembler_elf_32.h

@ -232,7 +232,7 @@ class DisassemblerElf32 : public Disassembler {
// An ordering of |section_header_table_|, sorted by file offset.
std::vector<Elf32_Half> section_header_file_offset_order_;
raw_ptr<const Elf32_Phdr> program_header_table_;
raw_ptr<const Elf32_Phdr, AllowPtrArithmetic> program_header_table_;
Elf32_Half program_header_table_size_;
// Pointer to string table containing section names.

2
courgette/memory_allocator.h

@ -497,7 +497,7 @@ class NoThrowBuffer {
}
protected:
raw_ptr<T, DanglingUntriaged> buffer_;
raw_ptr<T, DanglingUntriaged | AllowPtrArithmetic> buffer_;
size_t size_; // how much of the buffer we're using.
size_t alloc_size_; // how much space we have allocated.
Allocator alloc_;

2
gpu/command_buffer/client/client_font_manager.cc

@ -50,7 +50,7 @@ class Serializer {
bytes_written_ += padding;
}
raw_ptr<char> memory_ = nullptr;
raw_ptr<char, AllowPtrArithmetic> memory_ = nullptr;
uint32_t memory_size_ = 0u;
uint32_t bytes_written_ = 0u;
};

2
gpu/command_buffer/client/query_tracker.h

@ -41,7 +41,7 @@ class GLES2_IMPL_EXPORT QuerySyncManager {
void FreePendingSyncs();
raw_ptr<QuerySync> syncs;
raw_ptr<QuerySync, AllowPtrArithmetic> syncs;
int32_t shm_id;
uint32_t base_shm_offset;
std::bitset<kSyncsPerBucket> in_use_query_syncs;

2
gpu/command_buffer/client/raster_implementation.cc

@ -349,7 +349,7 @@ class RasterImplementation::PaintOpSerializer {
private:
const raw_ptr<RasterImplementation> ri_;
raw_ptr<char> buffer_;
raw_ptr<char, AllowPtrArithmetic> buffer_;
const raw_ptr<cc::DecodeStashingImageProvider> stashing_image_provider_;
const raw_ptr<TransferCacheSerializeHelperImpl> transfer_cache_helper_;
raw_ptr<ClientFontManager> font_manager_;

2
gpu/command_buffer/service/command_buffer_service.h

@ -140,7 +140,7 @@ class GPU_EXPORT CommandBufferService : public CommandBufferServiceBase {
int32_t num_entries_ = 0;
scoped_refptr<Buffer> ring_buffer_;
raw_ptr<volatile CommandBufferEntry> buffer_ = nullptr;
raw_ptr<volatile CommandBufferEntry, AllowPtrArithmetic> buffer_ = nullptr;
std::unique_ptr<BufferBacking> shared_state_buffer_;
raw_ptr<CommandBufferSharedState> shared_state_ = nullptr;

2
gpu/command_buffer/service/gles2_cmd_decoder_passthrough.h

@ -62,7 +62,7 @@ struct MappedBuffer {
GLsizeiptr size;
GLbitfield original_access;
GLbitfield filtered_access;
raw_ptr<uint8_t> map_ptr;
raw_ptr<uint8_t, AllowPtrArithmetic> map_ptr;
int32_t data_shm_id;
uint32_t data_shm_offset;
};

2
media/base/mac/videotoolbox_helpers.cc

@ -92,7 +92,7 @@ class RawAnnexBBuffer : public AnnexBBuffer {
size_t GetReservedSize() const override { return reserved_size_; }
private:
raw_ptr<char> annexb_buffer_;
raw_ptr<char, AllowPtrArithmetic> annexb_buffer_;
size_t annexb_buffer_size_;
size_t annexb_buffer_offset_;
size_t reserved_size_;

10
media/base/sinc_resampler.h

@ -191,11 +191,11 @@ class MEDIA_EXPORT SincResampler {
// Pointers to the various regions inside |input_buffer_|. See the diagram at
// the top of the .cc file for more information.
raw_ptr<float> r0_;
const raw_ptr<float> r1_;
const raw_ptr<float> r2_;
raw_ptr<float> r3_;
raw_ptr<float> r4_;
raw_ptr<float, AllowPtrArithmetic> r0_;
const raw_ptr<float, AllowPtrArithmetic> r1_;
const raw_ptr<float, AllowPtrArithmetic> r2_;
raw_ptr<float, AllowPtrArithmetic> r3_;
raw_ptr<float, AllowPtrArithmetic> r4_;
};
} // namespace media

2
media/cast/net/rtcp/rtcp_builder.h

@ -53,7 +53,7 @@ class RtcpBuilder {
size_t* total_number_of_messages_to_send);
const uint32_t local_ssrc_;
raw_ptr<char> ptr_of_length_;
raw_ptr<char, AllowPtrArithmetic> ptr_of_length_;
PacketRef packet_;
base::BigEndianWriter writer_;
};

2
media/cast/test/test_rtcp_packet_builder.h

@ -104,7 +104,7 @@ class TestRtcpPacketBuilder {
// Where the length field of the current packet is.
// Note: 0 is not a legal value, it is used for "uninitialized".
uint8_t buffer_[kMaxIpPacketSize];
raw_ptr<char> ptr_of_length_;
raw_ptr<char, AllowPtrArithmetic> ptr_of_length_;
base::BigEndianWriter big_endian_writer_;
base::BigEndianReader big_endian_reader_;
};

2
media/filters/h264_bitstream_buffer.h

@ -140,7 +140,7 @@ class MEDIA_EXPORT H264BitstreamBuffer
size_t bits_in_buffer_;
// Buffer for stream data.
raw_ptr<uint8_t> data_;
raw_ptr<uint8_t, AllowPtrArithmetic> data_;
};
} // namespace media

2
media/gpu/windows/d3d11_h264_accelerator.h

@ -115,7 +115,7 @@ class D3D11H264Accelerator : public H264Decoder::H264Accelerator {
std::vector<DXVA_Slice_H264_Short> slice_info_;
size_t current_offset_ = 0;
size_t bitstream_buffer_size_ = 0;
raw_ptr<uint8_t> bitstream_buffer_bytes_ = nullptr;
raw_ptr<uint8_t, AllowPtrArithmetic> bitstream_buffer_bytes_ = nullptr;
// This contains the subsamples (clear and encrypted) of the slice data
// in D3D11_VIDEO_DECODER_BUFFER_BITSTREAM buffer.

2
media/gpu/windows/d3d11_h265_accelerator.h

@ -201,7 +201,7 @@ class D3D11H265Accelerator : public H265Decoder::H265Accelerator {
std::vector<DXVA_Slice_HEVC_Short> slice_info_;
size_t current_offset_ = 0;
size_t bitstream_buffer_size_ = 0;
raw_ptr<uint8_t> bitstream_buffer_bytes_ = nullptr;
raw_ptr<uint8_t, AllowPtrArithmetic> bitstream_buffer_bytes_ = nullptr;
// For HEVC this number needs to be larger than 1 and different
// in each call to Execute().

2
media/mojo/common/mojo_data_pipe_read_write.h

@ -51,7 +51,7 @@ class MojoDataPipeReader {
// The current buffer to be read. It is provided by Read() and should be
// guaranteed to be valid until the current read completes.
raw_ptr<uint8_t> current_buffer_ = nullptr;
raw_ptr<uint8_t, AllowPtrArithmetic> current_buffer_ = nullptr;
// The number of bytes to be read for the current read request.
uint32_t current_buffer_size_ = 0;

2
mojo/core/channel_linux.cc

@ -607,7 +607,7 @@ class ChannelLinux::SharedBuffer {
SharedBuffer(uint8_t* ptr, size_t len) : base_ptr_(ptr), len_(len) {}
raw_ptr<uint8_t> base_ptr_ = nullptr;
raw_ptr<uint8_t, AllowPtrArithmetic> base_ptr_ = nullptr;
size_t len_ = 0;
};

2
net/base/io_buffer.h

@ -94,7 +94,7 @@ class NET_EXPORT IOBuffer : public base::RefCountedThreadSafe<IOBuffer> {
virtual ~IOBuffer();
raw_ptr<char, DanglingUntriaged> data_;
raw_ptr<char, DanglingUntriaged | AllowPtrArithmetic> data_;
};
// This version stores the size of the buffer so that the creator of the object

2
net/base/test_data_stream.h

@ -37,7 +37,7 @@ class TestDataStream {
int index_;
int bytes_remaining_;
char buffer_[16];
raw_ptr<char> buffer_ptr_;
raw_ptr<char, AllowPtrArithmetic> buffer_ptr_;
};
} // namespace net

2
net/disk_cache/blockfile/bitmap.h

@ -134,7 +134,7 @@ class NET_EXPORT_PRIVATE Bitmap {
int num_bits_ = 0; // The upper bound of the bitmap.
int array_size_ = 0; // The physical size (in uint32s) of the bitmap.
std::unique_ptr<uint32_t[]> allocated_map_; // The allocated data.
raw_ptr<uint32_t> map_ = nullptr; // The bitmap.
raw_ptr<uint32_t, AllowPtrArithmetic> map_ = nullptr; // The bitmap.
};
} // namespace disk_cache

2
net/http/http_stream_parser.cc

@ -166,7 +166,7 @@ class HttpStreamParser::SeekableIOBuffer : public IOBuffer {
data_ = real_data_;
}
raw_ptr<char> real_data_;
raw_ptr<char, AllowPtrArithmetic> real_data_;
const int capacity_;
int size_ = 0;
int used_ = 0;

4
sandbox/linux/syscall_broker/broker_simple_message.h

@ -118,9 +118,9 @@ class SANDBOX_EXPORT BrokerSimpleMessage {
// The statically allocated buffer of size |kMaxMessageLength|.
uint8_t message_[kMaxMessageLength];
// The pointer to the next location in the |message_| buffer to read from.
raw_ptr<uint8_t> read_next_ = message_;
raw_ptr<uint8_t, AllowPtrArithmetic> read_next_ = message_;
// The pointer to the next location in the |message_| buffer to write from.
raw_ptr<uint8_t> write_next_ = message_;
raw_ptr<uint8_t, AllowPtrArithmetic> write_next_ = message_;
};
} // namespace syscall_broker

4
sandbox/win/src/policy_engine_opcodes.h

@ -366,12 +366,12 @@ class OpcodeFactory {
// Points to the lowest currently available address of the memory
// used to make the opcodes. This pointer increments as opcodes are made.
raw_ptr<char> memory_top_;
raw_ptr<char, AllowPtrArithmetic> memory_top_;
// Points to the highest currently available address of the memory
// used to make the opcodes. This pointer decrements as opcode strings are
// allocated.
raw_ptr<char> memory_bottom_;
raw_ptr<char, AllowPtrArithmetic> memory_bottom_;
};
} // namespace sandbox

4
sandbox/win/src/sharedmem_ipc_server.h

@ -96,9 +96,9 @@ class SharedMemIPCServer {
// The size of this channel.
uint32_t channel_size;
// The pointer to the actual channel data.
raw_ptr<char> channel_buffer;
raw_ptr<char, AllowPtrArithmetic> channel_buffer;
// The pointer to the base of the shared memory.
raw_ptr<char> shared_base;
raw_ptr<char, AllowPtrArithmetic> shared_base;
// A pointer to this channel's client-side control structure this structure
// lives in the shared memory.
raw_ptr<ChannelControl> channel;

2
ui/base/resource/data_pack.h

@ -105,7 +105,7 @@ class UI_DATA_PACK_EXPORT DataPack : public ResourceHandle {
const uint8_t* data_source_;
raw_ptr<ResourceData> resource_data_;
raw_ptr<const Entry> entry_;
raw_ptr<const Entry, AllowPtrArithmetic> entry_;
};
Iterator begin() const;

2
ui/gfx/x/xproto_types.h

@ -50,7 +50,7 @@ struct COMPONENT_EXPORT(X11) ReadBuffer {
scoped_refptr<base::RefCountedMemory> data;
size_t offset = 0;
raw_ptr<const int> fds = nullptr;
raw_ptr<const int, AllowPtrArithmetic> fds = nullptr;
};
// Wraps data to write to the connection.