From 04b49bb89fe6482a351a06ed08a9e9db5e934faf Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Tue, 9 May 2023 15:05:39 +0200 Subject: [PATCH] rtpengine: fix unaligned memory access Make sure the pointers we return from our continuous memory buffer is always 64-bit aligned as it's used not only for strings, but also for structs/objects, and such unaligned memory access is undefined on some archs and flagged as such by ASAN. From https://github.com/sipwise/rtpengine/commit/ade8100d3b10308f1ff63f8cb06fdf292618edca fixes #3444 (cherry-picked from commit 43ac6b27d7ca7bc522f362c25ebb3c22ab918280) --- src/modules/rtpengine/bencode.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/modules/rtpengine/bencode.c b/src/modules/rtpengine/bencode.c index 7a4b2ed0da2..cca17326242 100644 --- a/src/modules/rtpengine/bencode.c +++ b/src/modules/rtpengine/bencode.c @@ -12,6 +12,8 @@ #define BENCODE_HASH_BUCKETS 31 /* prime numbers work best */ +#define BENCODE_ALLOC_ALIGN 8 + struct __bencode_buffer_piece { char *tail; unsigned int left; @@ -76,7 +78,7 @@ static struct __bencode_buffer_piece *__bencode_piece_new(unsigned int size) { if (size < BENCODE_MIN_BUFFER_PIECE_LEN) size = BENCODE_MIN_BUFFER_PIECE_LEN; - ret = BENCODE_MALLOC(sizeof(*ret) + size); + ret = BENCODE_MALLOC(sizeof(*ret) + size + BENCODE_ALLOC_ALIGN); if (!ret) return NULL; @@ -99,6 +101,7 @@ int bencode_buffer_init(bencode_buffer_t *buf) { static void *__bencode_alloc(bencode_buffer_t *buf, unsigned int size) { struct __bencode_buffer_piece *piece; void *ret; + unsigned int align_size = ((size + BENCODE_ALLOC_ALIGN - 1) / BENCODE_ALLOC_ALIGN) * BENCODE_ALLOC_ALIGN; if (!buf) return NULL; @@ -121,9 +124,12 @@ static void *__bencode_alloc(bencode_buffer_t *buf, unsigned int size) { assert(size <= piece->left); alloc: - piece->left -= size; + if (piece->left >= align_size) + piece->left -= align_size; + else + piece->left = 0; ret = piece->tail; - piece->tail += size; + piece->tail += align_size; return ret; }