From 13d0448fc68d4d1700d4e4024aab40ff9a7dd02e Mon Sep 17 00:00:00 2001 From: "zodiac@gmail.com" Date: Fri, 3 Sep 2010 19:17:11 +0000 Subject: [PATCH] Fix a pointer aliasing violation by explicitly breaking aliasing with a call to memcpy(). git-svn-id: https://shellinabox.googlecode.com/svn/trunk@220 0da03de8-d603-11dd-86c2-0f8696b7b6f9 --- config.h | 2 +- configure | 2 +- configure.ac | 2 +- demo/vt100.js | 2 +- libhttp/server.c | 24 +++++++++++++++++++----- shellinabox/shell_in_a_box.js | 2 +- shellinabox/vt100.js | 2 +- 7 files changed, 25 insertions(+), 11 deletions(-) diff --git a/config.h b/config.h index c9fe702..e9fc3ac 100644 --- a/config.h +++ b/config.h @@ -153,7 +153,7 @@ #define STDC_HEADERS 1 /* Most recent revision number in the version control system */ -#define VCS_REVISION "219" +#define VCS_REVISION "220" /* Version number of package */ #define VERSION "2.10" diff --git a/configure b/configure index be80a0b..801ff0a 100755 --- a/configure +++ b/configure @@ -2328,7 +2328,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -VCS_REVISION=219 +VCS_REVISION=220 cat >>confdefs.h <<_ACEOF diff --git a/configure.ac b/configure.ac index 740224b..53fa250 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.57) dnl This is the one location where the authoritative version number is stored AC_INIT(shellinabox, 2.10, markus@shellinabox.com) -VCS_REVISION=219 +VCS_REVISION=220 AC_SUBST(VCS_REVISION) AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}", [Most recent revision number in the version control system]) diff --git a/demo/vt100.js b/demo/vt100.js index a12b493..f9345b9 100644 --- a/demo/vt100.js +++ b/demo/vt100.js @@ -1974,7 +1974,7 @@ VT100.prototype.toggleCursorBlinking = function() { }; VT100.prototype.about = function() { - alert("VT100 Terminal Emulator " + "2.10 (revision 219)" + + alert("VT100 Terminal Emulator " + "2.10 (revision 220)" + "\nCopyright 2008-2010 by Markus Gutschke\n" + "For more information check http://shellinabox.com"); }; diff --git a/libhttp/server.c b/libhttp/server.c index 41dfcb0..3b11586 100644 --- a/libhttp/server.c +++ b/libhttp/server.c @@ -354,11 +354,25 @@ struct ServerConnection *serverGetConnection(struct Server *server, int fd) { if (hint && server->connections <= hint && - server->connections + server->numConnections > hint && - &server->connections[hint - server->connections] == hint && - !hint->deleted && - server->pollFds[hint - server->connections + 1].fd == fd) { - return hint; + server->connections + server->numConnections > hint) { + // The compiler would like to optimize the expression: + // &server->connections[hint - server->connections] <=> + // server->connections + hint - server->connections <=> + // hint + // This transformation is correct as far as the language specification is + // concerned, but it is unintended as we actually want to check whether + // the alignment is correct. So, instead of comparing + // &server->connections[hint - server->connections] == hint + // we first use memcpy() to break aliasing. + uintptr_t ptr1, ptr2; + memcpy(&ptr1, &hint, sizeof(ptr1)); + memcpy(&ptr2, &server->connections, sizeof(ptr2)); + int idx = (ptr1 - ptr2)/sizeof(*server->connections); + if (&server->connections[idx] == hint && + !hint->deleted && + server->pollFds[hint - server->connections + 1].fd == fd) { + return hint; + } } for (int i = 0; i < server->numConnections; i++) { if (server->pollFds[i + 1].fd == fd && !server->connections[i].deleted) { diff --git a/shellinabox/shell_in_a_box.js b/shellinabox/shell_in_a_box.js index 7d46858..523d7e0 100644 --- a/shellinabox/shell_in_a_box.js +++ b/shellinabox/shell_in_a_box.js @@ -358,7 +358,7 @@ ShellInABox.prototype.extendContextMenu = function(entries, actions) { }; ShellInABox.prototype.about = function() { - alert("Shell In A Box version " + "2.10 (revision 219)" + + alert("Shell In A Box version " + "2.10 (revision 220)" + "\nCopyright 2008-2010 by Markus Gutschke\n" + "For more information check http://shellinabox.com" + (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL ? diff --git a/shellinabox/vt100.js b/shellinabox/vt100.js index a12b493..f9345b9 100644 --- a/shellinabox/vt100.js +++ b/shellinabox/vt100.js @@ -1974,7 +1974,7 @@ VT100.prototype.toggleCursorBlinking = function() { }; VT100.prototype.about = function() { - alert("VT100 Terminal Emulator " + "2.10 (revision 219)" + + alert("VT100 Terminal Emulator " + "2.10 (revision 220)" + "\nCopyright 2008-2010 by Markus Gutschke\n" + "For more information check http://shellinabox.com"); };