From: Tom Yu Date: Wed, 7 Sep 2016 21:28:34 +0000 (-0400) Subject: Fix unaligned accesses in bt_split.c X-Git-Tag: krb5-1.15-beta1~50 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=537aba0dda3a1f696f10fde56348fde06d88939c;p=thirdparty%2Fkrb5.git Fix unaligned accesses in bt_split.c In the libdb2 btree back end, splitting a page at an overflow key could result in an unaligned access, causing a crash (and data corruption) on platforms with strict alignment. This probably occurs only rarely in practice. ticket: 8493 (new) target_version: 1.14-next target_version: 1.13-next tags: pullup --- diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_split.c b/src/plugins/kdb/db2/libdb2/btree/bt_split.c index 2460aa54f8..c5f151d813 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_split.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_split.c @@ -245,9 +245,12 @@ __bt_split(t, sp, key, data, flags, ilen, argskip) WR_BINTERNAL(dest, nksize ? nksize : bl->ksize, rchild->pgno, bl->flags & P_BIGKEY); memmove(dest, bl->bytes, nksize ? nksize : bl->ksize); - if (bl->flags & P_BIGKEY && - bt_preserve(t, *(db_pgno_t *)bl->bytes) == RET_ERROR) - goto err1; + if (bl->flags & P_BIGKEY) { + db_pgno_t pgno; + memcpy(&pgno, bl->bytes, sizeof(pgno)); + if (bt_preserve(t, pgno) == RET_ERROR) + goto err1; + } break; case P_RINTERNAL: /* @@ -568,9 +571,12 @@ bt_broot(t, h, l, r) * If the key is on an overflow page, mark the overflow chain * so it isn't deleted when the leaf copy of the key is deleted. */ - if (bl->flags & P_BIGKEY && - bt_preserve(t, *(db_pgno_t *)bl->bytes) == RET_ERROR) - return (RET_ERROR); + if (bl->flags & P_BIGKEY) { + db_pgno_t pgno; + memcpy(&pgno, bl->bytes, sizeof(pgno)); + if (bt_preserve(t, pgno) == RET_ERROR) + return (RET_ERROR); + } break; case P_BINTERNAL: bi = GETBINTERNAL(r, 0);