Opened 9 years ago

Closed 9 years ago

#3953 closed defect (fixed)

Fixing unaligned data access in oscam

Reported by: Gumball3000 Owned by:
Priority: critical Component: General
Severity: high Keywords:
Cc: Sensitive: no

Description

Platforms like ARM have the rule:
"word accesses must be aligned to a multiple of their size"
(see: https://wiki.debian.org/ArmEabiFixes#wor...e_of_their_size)

This basically means: never cast a char/uint8_t pointer to a bigger pointer like uint16_t, uint32_t, uint64_t. The same applies for casting a uint16_t pointer to a uint32_t pointer and so on.

Currently there are several lines in oscam which break this rule, and thus, make oscam crash if a bad aligned pointer is passed and the "/proc/cpu/alignment" is set to its default value of 0.

The attached patches fix all cases of unaligned data access in oscam that I was able to find with searching for "*)" and "* )" in all files.

Attachments (8)

dvbapi.patch (3.6 KB ) - added by Gumball3000 9 years ago.
md5.c.patch (2.2 KB ) - added by Gumball3000 9 years ago.
module-cccam.c.patch (802 bytes ) - added by Gumball3000 9 years ago.
oscam-cache.c.patch (441 bytes ) - added by Gumball3000 9 years ago.
oscam-string.c.patch (448 bytes ) - added by Gumball3000 9 years ago.
oscam-conf.c.patch (1.4 KB ) - added by Gumball3000 9 years ago.
reader-videoguard.patch (3.3 KB ) - added by Gumball3000 9 years ago.
1_module-cccam.c.patch (439 bytes ) - added by Gumball3000 9 years ago.

Download all attachments as: .zip

Change History (11)

by Gumball3000, 9 years ago

Attachment: dvbapi.patch added

by Gumball3000, 9 years ago

Attachment: md5.c.patch added

by Gumball3000, 9 years ago

Attachment: module-cccam.c.patch added

by Gumball3000, 9 years ago

Attachment: oscam-cache.c.patch added

by Gumball3000, 9 years ago

Attachment: oscam-string.c.patch added

by Gumball3000, 9 years ago

Attachment: oscam-conf.c.patch added

by Gumball3000, 9 years ago

Attachment: reader-videoguard.patch added

comment:1 by Gumball3000, 9 years ago

Sorry, there is a small typo in a dvbapi line (a 4 should be a 2)

Replace
memcpy(&client_proto_ptr, &mbuf[4], 4);
With
memcpy(&client_proto_ptr, &mbuf[4], 2);

Also, be careful with r9940, these changes will make it crash.
Was this to avoid a warning?

Last edited 9 years ago by Gumball3000 (previous) (diff)

comment:2 by Gumball3000, 9 years ago

comment:3 by Gumball3000, 9 years ago

Resolution: fixed
Status: newclosed

Everything is now on trunk, and should be fine.

Thanks goes to Gorgone for adding it so fast :)

by Gumball3000, 9 years ago

Attachment: 1_module-cccam.c.patch added
Note: See TracTickets for help on using tickets.