From 3f887a1acc6129210d1ad4a484842bd411a85c7a Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Fri, 25 Jun 2021 14:12:26 +0200 Subject: libsquashfs: get rid of potentially unaligned access and VLAs The same problem with the meta data header again, 16 bit read from a buffer: copy the buffer data into a 16 bit variable instead of casting to something potentially unaligned. Signed-off-by: David Oberhollenzer --- lib/sqfs/meta_writer.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'lib/sqfs/meta_writer.c') diff --git a/lib/sqfs/meta_writer.c b/lib/sqfs/meta_writer.c index 46a67cd..80f0fdd 100644 --- a/lib/sqfs/meta_writer.c +++ b/lib/sqfs/meta_writer.c @@ -49,8 +49,13 @@ struct sqfs_meta_writer_t { static int write_block(sqfs_file_t *file, meta_block_t *outblk) { - size_t count = le16toh(((sqfs_u16 *)outblk->data)[0]) & 0x7FFF; - sqfs_u64 off = file->get_size(file); + sqfs_u16 header; + size_t count; + sqfs_u64 off; + + memcpy(&header, outblk->data, sizeof(header)); + count = le16toh(header) & 0x7FFF; + off = file->get_size(file); return file->write_at(file, off, outblk->data, count + 2); } @@ -92,6 +97,7 @@ sqfs_meta_writer_t *sqfs_meta_writer_create(sqfs_file_t *file, int sqfs_meta_writer_flush(sqfs_meta_writer_t *m) { meta_block_t *outblk; + sqfs_u16 header; sqfs_u32 count; sqfs_s32 ret; @@ -110,14 +116,16 @@ int sqfs_meta_writer_flush(sqfs_meta_writer_t *m) } if (ret > 0) { - ((sqfs_u16 *)outblk->data)[0] = htole16(ret); + header = htole16(ret); count = ret + 2; } else { - ((sqfs_u16 *)outblk->data)[0] = htole16(m->offset | 0x8000); + header = htole16(m->offset | 0x8000); memcpy(outblk->data + 2, m->data, m->offset); count = m->offset + 2; } + memcpy(outblk->data, &header, sizeof(header)); + ret = 0; if (m->flags & SQFS_META_WRITER_KEEP_IN_MEMORY) { -- cgit v1.2.3