projects / ostree.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8705495)
composefs: Ensure buffer is suitably aligned for struct fsverity_digest
authorSimon McVittie <smcv@debian.org>
Thu, 14 Nov 2024 09:57:36 +0000 (09:57 +0000)
committerSimon McVittie <smcv@debian.org>
Thu, 14 Nov 2024 13:55:11 +0000 (13:55 +0000)
struct fsverity_digest starts with a __u16, so it will normally require
16-bit alignment, which is not guaranteed for a char array.

Resolves: https://github.com/ostreedev/ostree/issues/3339
Signed-off-by: Simon McVittie <smcv@debian.org>
src/libostree/ostree-repo-composefs.c patch | blob | history

diff --git a/src/libostree/ostree-repo-composefs.c b/src/libostree/ostree-repo-composefs.c
index 56d168b3d930d2581e3858dd5af3d8a245e43cb4..26fa7693a0a066f885a421ee4f9368e23dfa3730 100644 (file)
--- a/src/libostree/ostree-repo-composefs.c
+++ b/src/libostree/ostree-repo-composefs.c
@@ -327,19 +327,22 @@ checkout_one_composefs_file_at (OstreeRepo *repo, OtTristate verity, const char
            * This is the typical case when we're pulled into the target
            * system repo with verity on and are recreating the composefs
            * image during deploy. */
-          char buf[sizeof (struct fsverity_digest) + OSTREE_SHA256_DIGEST_LEN];
+          union
+            {
+              struct fsverity_digest d;
+              char buf[sizeof (struct fsverity_digest) + OSTREE_SHA256_DIGEST_LEN];
+            } result;
           guchar *known_digest = NULL;
 
           if (G_IS_UNIX_INPUT_STREAM (input))
             {
               int content_fd = g_unix_input_stream_get_fd (G_UNIX_INPUT_STREAM (input));
-              struct fsverity_digest *d = (struct fsverity_digest *)&buf;
-              d->digest_size = OSTREE_SHA256_DIGEST_LEN;
+              result.d.digest_size = OSTREE_SHA256_DIGEST_LEN;
 
-              if (ioctl (content_fd, FS_IOC_MEASURE_VERITY, d) == 0
-                  && d->digest_size == OSTREE_SHA256_DIGEST_LEN
-                  && d->digest_algorithm == FS_VERITY_HASH_ALG_SHA256)
-                known_digest = d->digest;
+              if (ioctl (content_fd, FS_IOC_MEASURE_VERITY, &result) == 0
+                  && result.d.digest_size == OSTREE_SHA256_DIGEST_LEN
+                  && result.d.digest_algorithm == FS_VERITY_HASH_ALG_SHA256)
+                known_digest = result.d.digest;
             }
 #endif
 
Unnamed repository; edit this file 'description' to name the repository.