RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 06:57:45 +00:00
Code Issues Activity Actions

LibIPC: Fix unaligned u32 access in drain_messages_from_peer()

Browse source 
Caught by userspace UBSAN. :^)
This commit is contained in:
Andreas Kling 2021-05-24 09:04:22 +02:00
parent 8f2425125e
commit d3f298c592
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Userland/Libraries/LibIPC/Connection.h
View file

@ -207,9 +207,9 @@ protected:
} }
size_t index = 0; size_t index = 0;
uint32_t message_size = 0; u32 message_size = 0;
for (; index + sizeof(message_size) < bytes.size(); index += message_size) { for (; index + sizeof(message_size) < bytes.size(); index += message_size) {
message_size = *reinterpret_cast<uint32_t*>(bytes.data() + index); memcpy(&message_size, bytes.data() + index, sizeof(message_size));
if (message_size == 0 || bytes.size() - index - sizeof(uint32_t) < message_size) if (message_size == 0 || bytes.size() - index - sizeof(uint32_t) < message_size)
break; break;
index += sizeof(message_size); index += sizeof(message_size);