From d625d68d4a64ccf277663b26c52f4ca51d494e6a Mon Sep 17 00:00:00 2001 From: taiyu Date: Sun, 2 Sep 2018 17:07:12 -0700 Subject: [PATCH] prevent ub caused by misaligned stores/loads --- common/ipc-client.c | 8 ++++---- sway/ipc-server.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/common/ipc-client.c b/common/ipc-client.c index 24a2f9c2..496fd131 100644 --- a/common/ipc-client.c +++ b/common/ipc-client.c @@ -78,8 +78,8 @@ struct ipc_response *ipc_recv_response(int socketfd) { } total = 0; - response->size = data32[0]; - response->type = data32[1]; + memcpy(&response->size, &data32[0], sizeof(data32[0])); + memcpy(&response->type, &data32[1], sizeof(data32[1])); char *payload = malloc(response->size + 1); if (!payload) { goto error_2; @@ -112,8 +112,8 @@ char *ipc_single_command(int socketfd, uint32_t type, const char *payload, uint3 char data[ipc_header_size]; uint32_t *data32 = (uint32_t *)(data + sizeof(ipc_magic)); memcpy(data, ipc_magic, sizeof(ipc_magic)); - data32[0] = *len; - data32[1] = type; + memcpy(&data32[0], len, sizeof(*len)); + memcpy(&data32[1], &type, sizeof(type)); if (write(socketfd, data, ipc_header_size) == -1) { sway_abort("Unable to send IPC header"); diff --git a/sway/ipc-server.c b/sway/ipc-server.c index ed710be5..fb5be27b 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -253,8 +253,8 @@ int ipc_client_handle_readable(int client_fd, uint32_t mask, void *data) { return 0; } - client->payload_length = buf32[0]; - client->current_command = (enum ipc_command_type)buf32[1]; + memcpy(&client->payload_length, &buf32[0], sizeof(buf32[0])); + memcpy(&client->current_command, &buf32[1], sizeof(buf32[1])); if (read_available - received >= (long)client->payload_length) { ipc_client_handle_command(client); @@ -832,8 +832,8 @@ bool ipc_send_reply(struct ipc_client *client, const char *payload, uint32_t pay uint32_t *data32 = (uint32_t*)(data + sizeof(ipc_magic)); memcpy(data, ipc_magic, sizeof(ipc_magic)); - data32[0] = payload_length; - data32[1] = client->current_command; + memcpy(&data32[0], &payload_length, sizeof(payload_length)); + memcpy(&data32[1], &client->current_command, sizeof(client->current_command)); while (client->write_buffer_len + ipc_header_size + payload_length >= client->write_buffer_size) {