Skip to content
Permalink
Browse files Browse the repository at this point in the history
libvncserver: fix pointer aliasing/alignment issue
Accessing byte-aligned data through uint16_t pointers can cause crashes
on some platforms or reduce the performance. Therefore ensure a proper
stack alignment.
  • Loading branch information
tobydox committed May 28, 2020
1 parent e453a44 commit 53073c8
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions libvncserver/translate.c
Expand Up @@ -360,9 +360,12 @@ rfbSetTranslateFunction(rfbClientPtr cl)
static rfbBool
rfbSetClientColourMapBGR233(rfbClientPtr cl)
{
char buf[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2];
rfbSetColourMapEntriesMsg *scme = (rfbSetColourMapEntriesMsg *)buf;
uint16_t *rgb = (uint16_t *)(&buf[sz_rfbSetColourMapEntriesMsg]);
union {
char bytes[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2];
rfbSetColourMapEntriesMsg msg;
} buf;
rfbSetColourMapEntriesMsg *scme = &buf.msg;
uint16_t *rgb = (uint16_t *)(&buf.bytes[sz_rfbSetColourMapEntriesMsg]);
int i, len;
int r, g, b;

Expand Down Expand Up @@ -394,7 +397,7 @@ rfbSetClientColourMapBGR233(rfbClientPtr cl)

len += 256 * 3 * 2;

if (rfbWriteExact(cl, buf, len) < 0) {
if (rfbWriteExact(cl, buf.bytes, len) < 0) {
rfbLogPerror("rfbSetClientColourMapBGR233: write");
rfbCloseClient(cl);
return FALSE;
Expand Down

0 comments on commit 53073c8

Please sign in to comment.