Commit 1df143d1 authored by dscho's avatar dscho

Avoid misaligned access on 64-bit machines

We used to assume that a char[256] is properly aligned to be cast to
an rfbServerInitMsg, but that was not the case.  So use a union instead.

Noticed by Flavio Leitner.
Signed-off-by: 's avatarJohannes Schindelin <johannes.schindelin@gmx.de>
parent 1392ead8
...@@ -699,8 +699,10 @@ static void ...@@ -699,8 +699,10 @@ static void
rfbProcessClientInitMessage(rfbClientPtr cl) rfbProcessClientInitMessage(rfbClientPtr cl)
{ {
rfbClientInitMsg ci; rfbClientInitMsg ci;
union {
char buf[256]; char buf[256];
rfbServerInitMsg *si = (rfbServerInitMsg *)buf; rfbServerInitMsg si;
} u;
int len, n; int len, n;
rfbClientIteratorPtr iterator; rfbClientIteratorPtr iterator;
rfbClientPtr otherCl; rfbClientPtr otherCl;
...@@ -715,20 +717,20 @@ rfbProcessClientInitMessage(rfbClientPtr cl) ...@@ -715,20 +717,20 @@ rfbProcessClientInitMessage(rfbClientPtr cl)
return; return;
} }
memset(buf,0,sizeof(buf)); memset(u.buf,0,sizeof(u.buf));
si->framebufferWidth = Swap16IfLE(cl->screen->width); u.si.framebufferWidth = Swap16IfLE(cl->screen->width);
si->framebufferHeight = Swap16IfLE(cl->screen->height); u.si.framebufferHeight = Swap16IfLE(cl->screen->height);
si->format = cl->screen->serverFormat; u.si.format = cl->screen->serverFormat;
si->format.redMax = Swap16IfLE(si->format.redMax); u.si.format.redMax = Swap16IfLE(u.si.format.redMax);
si->format.greenMax = Swap16IfLE(si->format.greenMax); u.si.format.greenMax = Swap16IfLE(u.si.format.greenMax);
si->format.blueMax = Swap16IfLE(si->format.blueMax); u.si.format.blueMax = Swap16IfLE(u.si.format.blueMax);
strncpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127); strncpy(u.buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127);
len = strlen(buf + sz_rfbServerInitMsg); len = strlen(u.buf + sz_rfbServerInitMsg);
si->nameLength = Swap32IfLE(len); u.si.nameLength = Swap32IfLE(len);
if (rfbWriteExact(cl, buf, sz_rfbServerInitMsg + len) < 0) { if (rfbWriteExact(cl, u.buf, sz_rfbServerInitMsg + len) < 0) {
rfbLogPerror("rfbProcessClientInitMessage: write"); rfbLogPerror("rfbProcessClientInitMessage: write");
rfbCloseClient(cl); rfbCloseClient(cl);
return; return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment