summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordscho <dscho>2007-09-17 15:21:29 +0000
committerdscho <dscho>2007-09-17 15:21:29 +0000
commit1df143d1a156e112e9d9ae174bb89a173fe105fe (patch)
tree33458443828fc28f1ecc0492558843ca1caa2736
parent1392ead83a06762b57d1cb1ac37108675ffc666b (diff)
downloadlibtdevnc-1df143d1a156e112e9d9ae174bb89a173fe105fe.tar.gz
libtdevnc-1df143d1a156e112e9d9ae174bb89a173fe105fe.zip
Avoid misaligned access on 64-bit machines
We used to assume that a char[256] is properly aligned to be cast to an rfbServerInitMsg, but that was not the case. So use a union instead. Noticed by Flavio Leitner. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-rw-r--r--libvncserver/rfbserver.c28
1 files changed, 15 insertions, 13 deletions
diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 2cdc71d..b7507bd 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -699,8 +699,10 @@ static void
rfbProcessClientInitMessage(rfbClientPtr cl)
{
rfbClientInitMsg ci;
- char buf[256];
- rfbServerInitMsg *si = (rfbServerInitMsg *)buf;
+ union {
+ char buf[256];
+ rfbServerInitMsg si;
+ } u;
int len, n;
rfbClientIteratorPtr iterator;
rfbClientPtr otherCl;
@@ -715,20 +717,20 @@ rfbProcessClientInitMessage(rfbClientPtr cl)
return;
}
- memset(buf,0,sizeof(buf));
+ memset(u.buf,0,sizeof(u.buf));
- si->framebufferWidth = Swap16IfLE(cl->screen->width);
- si->framebufferHeight = Swap16IfLE(cl->screen->height);
- si->format = cl->screen->serverFormat;
- si->format.redMax = Swap16IfLE(si->format.redMax);
- si->format.greenMax = Swap16IfLE(si->format.greenMax);
- si->format.blueMax = Swap16IfLE(si->format.blueMax);
+ u.si.framebufferWidth = Swap16IfLE(cl->screen->width);
+ u.si.framebufferHeight = Swap16IfLE(cl->screen->height);
+ u.si.format = cl->screen->serverFormat;
+ u.si.format.redMax = Swap16IfLE(u.si.format.redMax);
+ u.si.format.greenMax = Swap16IfLE(u.si.format.greenMax);
+ u.si.format.blueMax = Swap16IfLE(u.si.format.blueMax);
- strncpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127);
- len = strlen(buf + sz_rfbServerInitMsg);
- si->nameLength = Swap32IfLE(len);
+ strncpy(u.buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127);
+ len = strlen(u.buf + sz_rfbServerInitMsg);
+ u.si.nameLength = Swap32IfLE(len);
- if (rfbWriteExact(cl, buf, sz_rfbServerInitMsg + len) < 0) {
+ if (rfbWriteExact(cl, u.buf, sz_rfbServerInitMsg + len) < 0) {
rfbLogPerror("rfbProcessClientInitMessage: write");
rfbCloseClient(cl);
return;