You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're using libvncserver with WebSocket support on an ARM platform. We get an address alignment exception when httpd sends larger files (>32767 bytes) to the client. This causes a system crash.
On ARM platform, most addresses have to be 4-byte aligned - e.g. the address of the buffer buf, passed to send in sockets.c:804
n = write(sock, buf, len); //write is a macro, replacing write by send(...)
if (n > 0) {
buf += n;
len -= n;
...
}
buf is 4-aligned when rfbWriteExact() is called. The write() macro returns the number of bytes that have been sent, so buf is increased by this amount.
In httpd.c:470, a file is read to the buffer buf in chunks of 32767 bytes (BUF_SIZE is 32768):
int n = fread(buf, 1, BUF_SIZE-1, fd);
And these chunks of 32767 bytes are passed to rfbWriteExact in httpd.c:560
if (rfbWriteExact(&cl, buf, n) < 0)
The problem occurs when write in rfbSendExact() is not able to send the whole buffer and buf is increased by n. In this case, buf points to an unaligned address, because the nuber of bytes to send (32767) is not 4-aligned. If the chunk size would be 4-aligned (32768), this problem should be solved.
So it would be better to fill the whole buffer by fread (32768 bytes), and to append the terminating 0 (buf.c:490) only when the buffer was not filled completely (n < 32768).
The text was updated successfully, but these errors were encountered:
We're using libvncserver with WebSocket support on an ARM platform. We get an address alignment exception when httpd sends larger files (>32767 bytes) to the client. This causes a system crash.
On ARM platform, most addresses have to be 4-byte aligned - e.g. the address of the buffer buf, passed to send in sockets.c:804
n = write(sock, buf, len); //write is a macro, replacing write by send(...)
if (n > 0) {
buf += n;
len -= n;
...
}
buf is 4-aligned when rfbWriteExact() is called. The write() macro returns the number of bytes that have been sent, so buf is increased by this amount.
In httpd.c:470, a file is read to the buffer buf in chunks of 32767 bytes (BUF_SIZE is 32768):
int n = fread(buf, 1, BUF_SIZE-1, fd);
And these chunks of 32767 bytes are passed to rfbWriteExact in httpd.c:560
if (rfbWriteExact(&cl, buf, n) < 0)
The problem occurs when write in rfbSendExact() is not able to send the whole buffer and buf is increased by n. In this case, buf points to an unaligned address, because the nuber of bytes to send (32767) is not 4-aligned. If the chunk size would be 4-aligned (32768), this problem should be solved.
So it would be better to fill the whole buffer by fread (32768 bytes), and to append the terminating 0 (buf.c:490) only when the buffer was not filled completely (n < 32768).
The text was updated successfully, but these errors were encountered: