Package: xulrunner
Version: 1.9~rc1
Severity: normal
User: [EMAIL PROTECTED]
Usertags: patch
There is an unaligned word access bug in
toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp line 2024
where a char pointer is cast to an int pointer and accessed. On arm
and armel by default this silently gives junk values. On other
architectures it will cause a bus faults.
Fortunately the fix is trivial and local, though there are probably
more mozilla- o C++-like ways to reimplement this before sending it
upstream.
---
xulrunner-1.9~rc1.orig/toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp
2008-05-07 21:33:45.000000000 +0100
+++
xulrunner-1.9~rc1/toolkit/components/url-classifier/src/nsUrlClassifierDBService.cpp
2008-06-01 13:24:06.000000000 +0100
@@ -2020,8 +2020,20 @@
return NS_ERROR_FAILURE;
}
const nsCSubstring& str = Substring(chunk, start, 4);
+#if 0
+ // You can't just cast a char* to an int* and access through it
const PRUint32 *p = reinterpret_cast<const
PRUint32*>(str.BeginReading());
entry->mAddChunkId = PR_ntohl(*p);
+#else
+ // the old-school way...
+ union {
+ PRUint32 i;
+ char c[4];
+ } u;
+
+ memcpy(u.c, reinterpret_cast<const void *>(str.BeginReading()), 4);
+ entry->mAddChunkId = PR_ntohl(u.i);
+#endif
if (entry->mAddChunkId == 0) {
NS_WARNING("Received invalid chunk number.");
return NS_ERROR_FAILURE;
