Fix potential unaligned access to region trailer in rpmdump

Compared to header.c, rpmdump is obviously taking all manner of shortcuts. The address sanitizer helpfully points out why the former has the "mysterious" memcpy() on the trailer data.
pmatilai · Feb 19, 2024 · 05e8a3f · 05e8a3f
1 parent 8be31d2
commit 05e8a3f
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/tools/rpmdump.c b/tools/rpmdump.c
@@ -5,6 +5,7 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <unistd.h>
+#include <string.h>
 #include <arpa/inet.h>
 #include <rpm/rpmtag.h>
 
@@ -156,14 +157,15 @@ static int readhdr(int fd, int sighdr, const char *msg)
 
     entry = (struct entryInfo *) (blob + 2);
     uint32_t tag = htonl(entry->tag);
-    struct entryInfo *trailer = NULL;
+    struct entryInfo _trailer, *trailer = &_trailer;
     int32_t toffset = 0;
     uint8_t *regionEnd = NULL;
     uint32_t ril = 0, rdl = 0;
 
+    memset(trailer, 0, sizeof(*trailer));
     if (tag == 62 || tag == 63) {
-	trailer = (struct entryInfo *)
-				    (dataStart + htonl(entry->offset));
+	/* The trailer isn't guaranteed to be aligned, copy required */
+	memcpy(trailer, dataStart + htonl(entry->offset), sizeof(*trailer));
 	toffset = -htonl(trailer->offset);
 	regionEnd = dataStart + toffset + 16;
 	rdl = regionEnd - dataStart;