From 9540016f6d9e56bc02cc98218c930e00efd3f67c Mon Sep 17 00:00:00 2001 From: Arseny Kapoulkine Date: Thu, 15 Mar 2018 23:08:18 -0700 Subject: ubsan: Fix type mismatch for xml_extra_buffer in compact mode We were using allocate_memory to allocate struct xml_extra_buffer that contains pointers; with compact mode, this allocation can be misaligned by 4b with 8b pointers; fix this by manually realigning the pointer. --- src/pugixml.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/pugixml.cpp b/src/pugixml.cpp index 94dca48..f4c1af1 100644 --- a/src/pugixml.cpp +++ b/src/pugixml.cpp @@ -6076,11 +6076,17 @@ namespace pugi // get extra buffer element (we'll store the document fragment buffer there so that we can deallocate it later) impl::xml_memory_page* page = 0; - impl::xml_extra_buffer* extra = static_cast(doc->allocate_memory(sizeof(impl::xml_extra_buffer), page)); + impl::xml_extra_buffer* extra = static_cast(doc->allocate_memory(sizeof(impl::xml_extra_buffer) + sizeof(void*), page)); (void)page; if (!extra) return impl::make_parse_result(status_out_of_memory); + #ifdef PUGIXML_COMPACT + // align the memory block to a pointer boundary; this is required for compact mode where memory allocations are only 4b aligned + // note that this requires up to sizeof(void*)-1 additional memory, which the allocation above takes into account + extra = reinterpret_cast((reinterpret_cast(extra) + (sizeof(void*) - 1)) & ~(sizeof(void*) - 1)); + #endif + // add extra buffer to the list extra->buffer = 0; extra->next = doc->extra_buffers; -- cgit v1.2.3