From c7c5b710f2cc0782412c9e159986c96b52aa0d02 Mon Sep 17 00:00:00 2001 From: Mark Kettenis Date: Mon, 11 Nov 2013 23:11:56 +0100 Subject: Fix alignment issues in FD passing code A char array on the stack is not guaranteed to have more than byte alignment. This means that casting it to a 'struct cmsghdr' and accessing its members may result in unaligned access. This will generate SIGBUS on struct alignment architectures like OpenBSD/sparc64. The canonical solution is to use a union to force proper alignment. Signed-off-by: Mark Kettenis Reviewed-by: Matthieu Herrb Signed-off-by: Uli Schlachter --- src/xcb_conn.c | 7 +++++-- src/xcb_in.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/xcb_conn.c b/src/xcb_conn.c index 50e7fb6..46390e1 100644 --- a/src/xcb_conn.c +++ b/src/xcb_conn.c @@ -216,13 +216,16 @@ static int write_vec(xcb_connection_t *c, struct iovec **vector, int *count) #if HAVE_SENDMSG if (c->out.out_fd.nfd) { - char cmsgbuf[CMSG_SPACE(sizeof(int) * XCB_MAX_PASS_FD)]; + union { + struct cmsghdr cmsghdr; + char buf[CMSG_SPACE(XCB_MAX_PASS_FD * sizeof(int))]; + } cmsgbuf; struct msghdr msg = { .msg_name = NULL, .msg_namelen = 0, .msg_iov = *vector, .msg_iovlen = n, - .msg_control = cmsgbuf, + .msg_control = cmsgbuf.buf, .msg_controllen = CMSG_LEN(c->out.out_fd.nfd * sizeof (int)), }; int i; diff --git a/src/xcb_in.c b/src/xcb_in.c index 8c3a58c..fd6c2ef 100644 --- a/src/xcb_in.c +++ b/src/xcb_in.c @@ -888,13 +888,16 @@ int _xcb_in_read(xcb_connection_t *c) .iov_base = c->in.queue + c->in.queue_len, .iov_len = sizeof(c->in.queue) - c->in.queue_len, }; - char cmsgbuf[CMSG_SPACE(sizeof(int) * XCB_MAX_PASS_FD)]; + union { + struct cmsghdr cmsghdr; + char buf[CMSG_SPACE(XCB_MAX_PASS_FD * sizeof(int))]; + } cmsgbuf; struct msghdr msg = { .msg_name = NULL, .msg_namelen = 0, .msg_iov = &iov, .msg_iovlen = 1, - .msg_control = cmsgbuf, + .msg_control = cmsgbuf.buf, .msg_controllen = CMSG_SPACE(sizeof(int) * (XCB_MAX_PASS_FD - c->in.in_fd.nfd)), }; n = recvmsg(c->fd, &msg, 0); -- cgit v1.2.3