From 480802805fc11e079c6f3f65c2e9886136d05f86 Mon Sep 17 00:00:00 2001 From: Andrew Kaster Date: Mon, 24 May 2021 08:23:35 -0600 Subject: [PATCH] LibGfx: Copy into a u32 in LZWDecoder::next_code() instead of casting This results in unaligned reads sometimes, depending on the layout of the underlying buffer. Caught by UBSAN. --- Userland/Libraries/LibGfx/GIFLoader.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibGfx/GIFLoader.cpp b/Userland/Libraries/LibGfx/GIFLoader.cpp index d8b60c0dbb..16fca946d6 100644 --- a/Userland/Libraries/LibGfx/GIFLoader.cpp +++ b/Userland/Libraries/LibGfx/GIFLoader.cpp @@ -187,8 +187,9 @@ public: const u32* addr = (const u32*)&padded_last_bytes; m_current_code = (*addr & mask) >> current_bit_offset; } else { - const u32* addr = (const u32*)&m_lzw_bytes.at(current_byte_index); - m_current_code = (*addr & mask) >> current_bit_offset; + u32 tmp_word; + memcpy(&tmp_word, &m_lzw_bytes.at(current_byte_index), sizeof(u32)); + m_current_code = (tmp_word & mask) >> current_bit_offset; } if (m_current_code > m_code_table.size()) {