diff options
author | dscho <dscho> | 2007-09-17 15:21:29 +0000 |
---|---|---|
committer | dscho <dscho> | 2007-09-17 15:21:29 +0000 |
commit | 1df143d1a156e112e9d9ae174bb89a173fe105fe (patch) | |
tree | 33458443828fc28f1ecc0492558843ca1caa2736 | |
parent | 1392ead83a06762b57d1cb1ac37108675ffc666b (diff) | |
download | libtdevnc-1df143d1a156e112e9d9ae174bb89a173fe105fe.tar.gz libtdevnc-1df143d1a156e112e9d9ae174bb89a173fe105fe.zip |
Avoid misaligned access on 64-bit machines
We used to assume that a char[256] is properly aligned to be cast to
an rfbServerInitMsg, but that was not the case. So use a union instead.
Noticed by Flavio Leitner.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-rw-r--r-- | libvncserver/rfbserver.c | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c index 2cdc71d..b7507bd 100644 --- a/libvncserver/rfbserver.c +++ b/libvncserver/rfbserver.c @@ -699,8 +699,10 @@ static void rfbProcessClientInitMessage(rfbClientPtr cl) { rfbClientInitMsg ci; - char buf[256]; - rfbServerInitMsg *si = (rfbServerInitMsg *)buf; + union { + char buf[256]; + rfbServerInitMsg si; + } u; int len, n; rfbClientIteratorPtr iterator; rfbClientPtr otherCl; @@ -715,20 +717,20 @@ rfbProcessClientInitMessage(rfbClientPtr cl) return; } - memset(buf,0,sizeof(buf)); + memset(u.buf,0,sizeof(u.buf)); - si->framebufferWidth = Swap16IfLE(cl->screen->width); - si->framebufferHeight = Swap16IfLE(cl->screen->height); - si->format = cl->screen->serverFormat; - si->format.redMax = Swap16IfLE(si->format.redMax); - si->format.greenMax = Swap16IfLE(si->format.greenMax); - si->format.blueMax = Swap16IfLE(si->format.blueMax); + u.si.framebufferWidth = Swap16IfLE(cl->screen->width); + u.si.framebufferHeight = Swap16IfLE(cl->screen->height); + u.si.format = cl->screen->serverFormat; + u.si.format.redMax = Swap16IfLE(u.si.format.redMax); + u.si.format.greenMax = Swap16IfLE(u.si.format.greenMax); + u.si.format.blueMax = Swap16IfLE(u.si.format.blueMax); - strncpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127); - len = strlen(buf + sz_rfbServerInitMsg); - si->nameLength = Swap32IfLE(len); + strncpy(u.buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127); + len = strlen(u.buf + sz_rfbServerInitMsg); + u.si.nameLength = Swap32IfLE(len); - if (rfbWriteExact(cl, buf, sz_rfbServerInitMsg + len) < 0) { + if (rfbWriteExact(cl, u.buf, sz_rfbServerInitMsg + len) < 0) { rfbLogPerror("rfbProcessClientInitMessage: write"); rfbCloseClient(cl); return; |