0
0
mirror of https://github.com/zeux/pugixml.git synced 2025-01-15 02:17:56 +08:00

ubsan: Fix type mismatch for xml_extra_buffer in compact mode

We were using allocate_memory to allocate struct xml_extra_buffer that
contains pointers; with compact mode, this allocation can be misaligned
by 4b with 8b pointers; fix this by manually realigning the pointer.
This commit is contained in:
Arseny Kapoulkine 2018-03-15 23:08:18 -07:00
parent 15fdb838c7
commit 9540016f6d

View File

@ -6076,11 +6076,17 @@ namespace pugi
// get extra buffer element (we'll store the document fragment buffer there so that we can deallocate it later) // get extra buffer element (we'll store the document fragment buffer there so that we can deallocate it later)
impl::xml_memory_page* page = 0; impl::xml_memory_page* page = 0;
impl::xml_extra_buffer* extra = static_cast<impl::xml_extra_buffer*>(doc->allocate_memory(sizeof(impl::xml_extra_buffer), page)); impl::xml_extra_buffer* extra = static_cast<impl::xml_extra_buffer*>(doc->allocate_memory(sizeof(impl::xml_extra_buffer) + sizeof(void*), page));
(void)page; (void)page;
if (!extra) return impl::make_parse_result(status_out_of_memory); if (!extra) return impl::make_parse_result(status_out_of_memory);
#ifdef PUGIXML_COMPACT
// align the memory block to a pointer boundary; this is required for compact mode where memory allocations are only 4b aligned
// note that this requires up to sizeof(void*)-1 additional memory, which the allocation above takes into account
extra = reinterpret_cast<impl::xml_extra_buffer*>((reinterpret_cast<uintptr_t>(extra) + (sizeof(void*) - 1)) & ~(sizeof(void*) - 1));
#endif
// add extra buffer to the list // add extra buffer to the list
extra->buffer = 0; extra->buffer = 0;
extra->next = doc->extra_buffers; extra->next = doc->extra_buffers;