[Xcb] [PATCH libxcb] Fix alignment issues in FD passing code

Matthieu Herrb matthieu at herrb.eu
Mon Nov 11 22:15:43 PST 2013


On Mon, Nov 11, 2013 at 11:11:56PM +0100, Mark Kettenis wrote:
> From: Mark Kettenis <kettenis at openbsd.org>
> 
> A char array on the stack is not guaranteed to have more than byte alignment.
> This means that casting it to a 'struct cmsghdr' and accessing its members
> may result in unaligned access.  This will generate SIGBUS on struct
> alignment architectures like OpenBSD/sparc64.  The canonical solution is to
> use a union to force proper alignment.
> 
> Signed-off-by: Mark Kettenis <kettenis at openbsd.org>

Reviewed-by: Matthieu Herrb <matthieu at herrb.eu>

> ---
>  src/xcb_conn.c | 7 +++++--
>  src/xcb_in.c   | 7 +++++--
>  2 files changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/src/xcb_conn.c b/src/xcb_conn.c
> index 50e7fb6..46390e1 100644
> --- a/src/xcb_conn.c
> +++ b/src/xcb_conn.c
> @@ -216,13 +216,16 @@ static int write_vec(xcb_connection_t *c, struct iovec **vector, int *count)
>  
>  #if HAVE_SENDMSG
>      if (c->out.out_fd.nfd) {
> -        char cmsgbuf[CMSG_SPACE(sizeof(int) * XCB_MAX_PASS_FD)];
> +        union {
> +            struct cmsghdr cmsghdr;
> +            char buf[CMSG_SPACE(XCB_MAX_PASS_FD * sizeof(int))];
> +        } cmsgbuf;
>          struct msghdr msg = {
>              .msg_name = NULL,
>              .msg_namelen = 0,
>              .msg_iov = *vector,
>              .msg_iovlen = n,
> -            .msg_control = cmsgbuf,
> +            .msg_control = cmsgbuf.buf,
>              .msg_controllen = CMSG_LEN(c->out.out_fd.nfd * sizeof (int)),
>          };
>          int i;
> diff --git a/src/xcb_in.c b/src/xcb_in.c
> index 8c3a58c..fd6c2ef 100644
> --- a/src/xcb_in.c
> +++ b/src/xcb_in.c
> @@ -888,13 +888,16 @@ int _xcb_in_read(xcb_connection_t *c)
>          .iov_base = c->in.queue + c->in.queue_len,
>          .iov_len = sizeof(c->in.queue) - c->in.queue_len,
>      };
> -    char cmsgbuf[CMSG_SPACE(sizeof(int) * XCB_MAX_PASS_FD)];
> +    union {
> +        struct cmsghdr cmsghdr;
> +        char buf[CMSG_SPACE(XCB_MAX_PASS_FD * sizeof(int))];
> +    } cmsgbuf;
>      struct msghdr msg = {
>          .msg_name = NULL,
>          .msg_namelen = 0,
>          .msg_iov = &iov,
>          .msg_iovlen = 1,
> -        .msg_control = cmsgbuf,
> +        .msg_control = cmsgbuf.buf,
>          .msg_controllen = CMSG_SPACE(sizeof(int) * (XCB_MAX_PASS_FD - c->in.in_fd.nfd)),
>      };
>      n = recvmsg(c->fd, &msg, 0);
> -- 
> 1.8.4.2
> 
> _______________________________________________
> Xcb mailing list
> Xcb at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/xcb

-- 
Matthieu Herrb


More information about the Xcb mailing list