diff options
author | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2021-06-25 14:12:26 +0200 |
---|---|---|
committer | David Oberhollenzer <david.oberhollenzer@sigma-star.at> | 2021-06-25 17:37:56 +0200 |
commit | 3f887a1acc6129210d1ad4a484842bd411a85c7a (patch) | |
tree | b1804d7e23512383de66e7e16fb75fc9cc10a44d /lib/sqfs/comp | |
parent | f09d9d3cbbb39f94fe9a43b0d90c370d33beafb2 (diff) |
libsquashfs: get rid of potentially unaligned access and VLAs
The same problem with the meta data header again, 16 bit read from
a buffer: copy the buffer data into a 16 bit variable instead of
casting to something potentially unaligned.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
Diffstat (limited to 'lib/sqfs/comp')
-rw-r--r-- | lib/sqfs/comp/compressor.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/lib/sqfs/comp/compressor.c b/lib/sqfs/comp/compressor.c index 42ee436..f079651 100644 --- a/lib/sqfs/comp/compressor.c +++ b/lib/sqfs/comp/compressor.c @@ -42,31 +42,44 @@ static const char *names[] = { int sqfs_generic_write_options(sqfs_file_t *file, const void *data, size_t size) { - sqfs_u8 buffer[size + 2]; + sqfs_u8 buffer[64]; + sqfs_u16 header; int ret; - *((sqfs_u16 *)buffer) = htole16(0x8000 | size); - memcpy(buffer + 2, data, size); + /* XXX: options for all known compressors should fit into this */ + if (size >= (sizeof(buffer) - sizeof(header))) + return SQFS_ERROR_INTERNAL; + + header = htole16(0x8000 | size); + memcpy(buffer, &header, sizeof(header)); + memcpy(buffer + sizeof(header), data, size); ret = file->write_at(file, sizeof(sqfs_super_t), - buffer, sizeof(buffer)); + buffer, sizeof(header) + size); if (ret) return ret; - return sizeof(buffer); + return sizeof(header) + size; } int sqfs_generic_read_options(sqfs_file_t *file, void *data, size_t size) { - sqfs_u8 buffer[size + 2]; + sqfs_u8 buffer[64]; + sqfs_u16 header; int ret; + /* XXX: options for all known compressors should fit into this */ + if (size >= (sizeof(buffer) - sizeof(header))) + return SQFS_ERROR_INTERNAL; + ret = file->read_at(file, sizeof(sqfs_super_t), - buffer, sizeof(buffer)); + buffer, sizeof(header) + size); if (ret) return ret; - if (le16toh(*((sqfs_u16 *)buffer)) != (0x8000 | size)) + memcpy(&header, buffer, sizeof(header)); + + if (le16toh(header) != (0x8000 | size)) return SQFS_ERROR_CORRUPTED; memcpy(data, buffer + 2, size); |