From 1df143d1a156e112e9d9ae174bb89a173fe105fe Mon Sep 17 00:00:00 2001
From: dscho <dscho>
Date: Mon, 17 Sep 2007 15:21:29 +0000
Subject: Avoid misaligned access on 64-bit machines

We used to assume that a char[256] is properly aligned to be cast to
an rfbServerInitMsg, but that was not the case.  So use a union instead.

Noticed by Flavio Leitner.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 libvncserver/rfbserver.c | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

(limited to 'libvncserver/rfbserver.c')

diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 2cdc71d..b7507bd 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -699,8 +699,10 @@ static void
 rfbProcessClientInitMessage(rfbClientPtr cl)
 {
     rfbClientInitMsg ci;
-    char buf[256];
-    rfbServerInitMsg *si = (rfbServerInitMsg *)buf;
+    union {
+        char buf[256];
+        rfbServerInitMsg si;
+    } u;
     int len, n;
     rfbClientIteratorPtr iterator;
     rfbClientPtr otherCl;
@@ -715,20 +717,20 @@ rfbProcessClientInitMessage(rfbClientPtr cl)
         return;
     }
 
-    memset(buf,0,sizeof(buf));
+    memset(u.buf,0,sizeof(u.buf));
 
-    si->framebufferWidth = Swap16IfLE(cl->screen->width);
-    si->framebufferHeight = Swap16IfLE(cl->screen->height);
-    si->format = cl->screen->serverFormat;
-    si->format.redMax = Swap16IfLE(si->format.redMax);
-    si->format.greenMax = Swap16IfLE(si->format.greenMax);
-    si->format.blueMax = Swap16IfLE(si->format.blueMax);
+    u.si.framebufferWidth = Swap16IfLE(cl->screen->width);
+    u.si.framebufferHeight = Swap16IfLE(cl->screen->height);
+    u.si.format = cl->screen->serverFormat;
+    u.si.format.redMax = Swap16IfLE(u.si.format.redMax);
+    u.si.format.greenMax = Swap16IfLE(u.si.format.greenMax);
+    u.si.format.blueMax = Swap16IfLE(u.si.format.blueMax);
 
-    strncpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127);
-    len = strlen(buf + sz_rfbServerInitMsg);
-    si->nameLength = Swap32IfLE(len);
+    strncpy(u.buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127);
+    len = strlen(u.buf + sz_rfbServerInitMsg);
+    u.si.nameLength = Swap32IfLE(len);
 
-    if (rfbWriteExact(cl, buf, sz_rfbServerInitMsg + len) < 0) {
+    if (rfbWriteExact(cl, u.buf, sz_rfbServerInitMsg + len) < 0) {
         rfbLogPerror("rfbProcessClientInitMessage: write");
         rfbCloseClient(cl);
         return;
-- 
cgit v1.2.1