From 8033b575f7f83203371343457c102233b17cfd77 Mon Sep 17 00:00:00 2001 From: Antonin Décimo Date: Thu, 4 Jun 2020 13:00:45 +0200 Subject: ipc: fix aligment issue of data buffer The pointer `data` is cast to a more strictly aligned pointer type. To prevent issues, the `data32` buffer is removed and its occurrences are replaced with an offset from the `data` buffer. --- common/ipc-client.c | 12 +++++------- sway/ipc-server.c | 10 ++++------ 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/common/ipc-client.c b/common/ipc-client.c index ec0454c9..d30212d2 100644 --- a/common/ipc-client.c +++ b/common/ipc-client.c @@ -79,7 +79,6 @@ bool ipc_set_recv_timeout(int socketfd, struct timeval tv) { struct ipc_response *ipc_recv_response(int socketfd) { char data[IPC_HEADER_SIZE]; - uint32_t *data32 = (uint32_t *)(data + sizeof(ipc_magic)); size_t total = 0; while (total < IPC_HEADER_SIZE) { @@ -95,15 +94,15 @@ struct ipc_response *ipc_recv_response(int socketfd) { goto error_1; } - total = 0; - memcpy(&response->size, &data32[0], sizeof(data32[0])); - memcpy(&response->type, &data32[1], sizeof(data32[1])); + memcpy(&response->size, data + sizeof(ipc_magic), sizeof(uint32_t)); + memcpy(&response->type, data + sizeof(ipc_magic) + sizeof(uint32_t), sizeof(uint32_t)); char *payload = malloc(response->size + 1); if (!payload) { goto error_2; } + total = 0; while (total < response->size) { ssize_t received = recv(socketfd, payload + total, response->size - total, 0); if (received < 0) { @@ -129,10 +128,9 @@ void free_ipc_response(struct ipc_response *response) { char *ipc_single_command(int socketfd, uint32_t type, const char *payload, uint32_t *len) { char data[IPC_HEADER_SIZE]; - uint32_t *data32 = (uint32_t *)(data + sizeof(ipc_magic)); memcpy(data, ipc_magic, sizeof(ipc_magic)); - memcpy(&data32[0], len, sizeof(*len)); - memcpy(&data32[1], &type, sizeof(type)); + memcpy(data + sizeof(ipc_magic), len, sizeof(*len)); + memcpy(data + sizeof(ipc_magic) + sizeof(*len), &type, sizeof(type)); if (write(socketfd, data, IPC_HEADER_SIZE) == -1) { sway_abort("Unable to send IPC header"); diff --git a/sway/ipc-server.c b/sway/ipc-server.c index 62bdccb8..8ba8b9ba 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -242,7 +242,6 @@ int ipc_client_handle_readable(int client_fd, uint32_t mask, void *data) { } uint8_t buf[IPC_HEADER_SIZE]; - uint32_t *buf32 = (uint32_t*)(buf + sizeof(ipc_magic)); // Should be fully available, because read_available >= IPC_HEADER_SIZE ssize_t received = recv(client_fd, buf, IPC_HEADER_SIZE, 0); if (received == -1) { @@ -257,8 +256,8 @@ int ipc_client_handle_readable(int client_fd, uint32_t mask, void *data) { return 0; } - memcpy(&client->pending_length, &buf32[0], sizeof(buf32[0])); - memcpy(&client->pending_type, &buf32[1], sizeof(buf32[1])); + memcpy(&client->pending_length, buf + sizeof(ipc_magic), sizeof(uint32_t)); + memcpy(&client->pending_type, buf + sizeof(ipc_magic) + sizeof(uint32_t), sizeof(uint32_t)); if (read_available - received >= (long)client->pending_length) { // Reset pending values. @@ -920,11 +919,10 @@ bool ipc_send_reply(struct ipc_client *client, enum ipc_command_type payload_typ assert(payload); char data[IPC_HEADER_SIZE]; - uint32_t *data32 = (uint32_t*)(data + sizeof(ipc_magic)); memcpy(data, ipc_magic, sizeof(ipc_magic)); - memcpy(&data32[0], &payload_length, sizeof(payload_length)); - memcpy(&data32[1], &payload_type, sizeof(payload_type)); + memcpy(data + sizeof(ipc_magic), &payload_length, sizeof(payload_length)); + memcpy(data + sizeof(ipc_magic) + sizeof(payload_length), &payload_type, sizeof(payload_type)); while (client->write_buffer_len + IPC_HEADER_SIZE + payload_length >= client->write_buffer_size) { -- cgit v1.2.3-54-g00ecf