From patchwork Fri Mar 18 15:47:25 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mark Wielaard <mark@klomp.org>
X-Patchwork-Id: 52103
Return-Path: <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id F07C13888C55
	for <patchwork@sourceware.org>; Fri, 18 Mar 2022 15:47:36 +0000 (GMT)
X-Original-To: elfutils-devel@sourceware.org
Delivered-To: elfutils-devel@sourceware.org
Received: from gnu.wildebeest.org (gnu.wildebeest.org [45.83.234.184])
 by sourceware.org (Postfix) with ESMTPS id AF8943858D3C
 for <elfutils-devel@sourceware.org>; Fri, 18 Mar 2022 15:47:30 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org AF8943858D3C
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=klomp.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=klomp.org
Received: from tarox.wildebeest.org (83-87-18-245.cable.dynamic.v4.ziggo.nl
 [83.87.18.245])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by gnu.wildebeest.org (Postfix) with ESMTPSA id 3B5E3302FB81;
 Fri, 18 Mar 2022 16:47:27 +0100 (CET)
Received: by tarox.wildebeest.org (Postfix, from userid 1000)
 id E595D413CEB2; Fri, 18 Mar 2022 16:47:26 +0100 (CET)
From: Mark Wielaard <mark@klomp.org>
To: elfutils-devel@sourceware.org
Subject: [PATCH] libdwfl: Use memcpy to assign image header field values
Date: Fri, 18 Mar 2022 16:47:25 +0100
Message-Id: <20220318154725.8858-1-mark@klomp.org>
X-Mailer: git-send-email 2.18.4
X-Spam-Status: No, score=-10.0 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: elfutils-devel@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Elfutils-devel mailing list <elfutils-devel.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/elfutils-devel/>
List-Help: <mailto:elfutils-devel-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/elfutils-devel>,
 <mailto:elfutils-devel-request@sourceware.org?subject=subscribe>
Cc: david korczynski <david@adalogics.com>, Mark Wielaard <mark@klomp.org>
Errors-To: elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Elfutils-devel"
 <elfutils-devel-bounces+patchwork=sourceware.org@sourceware.org>

The values in the kernel image header aren't properly aligned.
Use memcpy and the LE16, LE32 macros to assign and check the
values.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libdwfl/ChangeLog      |  5 +++++
 libdwfl/image-header.c | 24 ++++++++++++++++++------
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 182f4e34..9c5c8517 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2022-02-18  Mark Wielaard  <mark@klomp.org>
+
+	* image-header.c (__libdw_image_header): Assign header values for
+	magic1, magic2, version, offset, length and sects using memcpy.
+
 2022-02-18  Mark Wielaard  <mark@klomp.org>
 
 	* offline.c (process_archive_member): Close member if process_file
diff --git a/libdwfl/image-header.c b/libdwfl/image-header.c
index 25fbfd99..f906068a 100644
--- a/libdwfl/image-header.c
+++ b/libdwfl/image-header.c
@@ -1,5 +1,6 @@
 /* Linux kernel image support for libdwfl.
    Copyright (C) 2009-2011 Red Hat, Inc.
+   Copyright (C) 2022 Mark J. Wielaard <mark@klomp.org>
    This file is part of elfutils.
 
    This file is free software; you can redistribute it and/or modify
@@ -80,17 +81,28 @@ __libdw_image_header (int fd, off_t *start_offset,
 	  header = header_buffer - H_START;
 	}
 
-      if (*(uint16_t *) (header + H_MAGIC1) == LE16 (MAGIC1)
-	  && *(uint32_t *) (header + H_MAGIC2) == LE32 (MAGIC2)
-	  && LE16 (*(uint16_t *) (header + H_VERSION)) >= MIN_VERSION)
+      uint16_t magic1;
+      uint32_t magic2;
+      uint16_t version;
+      memcpy (&magic1, header + H_MAGIC1, sizeof (uint16_t));
+      memcpy (&magic2, header + H_MAGIC2, sizeof (uint32_t));
+      memcpy (&version, header + H_VERSION, sizeof (uint16_t));
+      if (magic1 == LE16 (MAGIC1) && magic2 == LE32 (MAGIC2)
+	  && LE16 (version) >= MIN_VERSION)
 	{
 	  /* The magic numbers match and the version field is sufficient.
 	     Extract the payload bounds.  */
 
-	  uint32_t offset = LE32 (*(uint32_t *) (header + H_PAYLOAD_OFFSET));
-	  uint32_t length = LE32 (*(uint32_t *) (header + H_PAYLOAD_LENGTH));
+	  uint32_t offset;
+	  uint32_t length;
+	  uint8_t sects;
+	  memcpy (&offset, header + H_PAYLOAD_OFFSET, sizeof (uint32_t));
+	  memcpy (&length, header + H_PAYLOAD_LENGTH, sizeof (uint32_t));
+	  memcpy (&sects, header + H_SETUP_SECTS, sizeof (uint8_t));
+	  offset = LE32 (offset);
+	  length = LE32 (length);
 
-	  offset += ((*(uint8_t *) (header + H_SETUP_SECTS) ?: 4) + 1) * 512;
+	  offset += ((sects ?: 4) + 1) * 512;
 
 	  if (offset > H_END && offset < mapped_size
 	      && mapped_size - offset >= length)