From a188f1d29f85721e07f2578e1827b99fb05ef12f Mon Sep 17 00:00:00 2001 From: Wim Taymans Date: Thu, 10 Jul 2025 16:53:39 +0200 Subject: [PATCH] pod: remove alignment checks We currently often create pods in a uint8_t buffer, which is not aligned to 8 and might cause deref and other problems. We should either align the buffer we write into or maybe make the builder add some padding before the buffer to align it. We have to be careful with that when we assume the buffer start is the beginning of the pod.. Fixes #4794 --- spa/include/spa/pod/iter.h | 5 ++--- spa/include/spa/pod/parser.h | 6 ++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/spa/include/spa/pod/iter.h b/spa/include/spa/pod/iter.h index 826ac0d86..0a93b026d 100644 --- a/spa/include/spa/pod/iter.h +++ b/spa/include/spa/pod/iter.h @@ -35,8 +35,7 @@ struct spa_pod_frame { }; #define SPA_POD_IS_VALID(pod) \ - (SPA_POD_BODY_SIZE(pod) < SPA_POD_MAX_SIZE && \ - SPA_IS_ALIGNED(pod, SPA_POD_ALIGN)) + (SPA_POD_BODY_SIZE(pod) < SPA_POD_MAX_SIZE) #define SPA_POD_CHECK_TYPE(pod,_type) \ (SPA_POD_IS_VALID(pod) && \ @@ -50,7 +49,7 @@ SPA_API_POD_ITER bool spa_pod_is_inside(const void *pod, uint32_t size, const vo size_t remaining; return spa_ptr_type_inside(pod, size, iter, struct spa_pod, &remaining) && - SPA_IS_ALIGNED(iter, SPA_POD_ALIGN) && remaining >= SPA_POD_BODY_SIZE(iter); + remaining >= SPA_POD_BODY_SIZE(iter); } SPA_API_POD_ITER void *spa_pod_next(const void *iter) diff --git a/spa/include/spa/pod/parser.h b/spa/include/spa/pod/parser.h index 9c128f26a..233304053 100644 --- a/spa/include/spa/pod/parser.h +++ b/spa/include/spa/pod/parser.h @@ -76,11 +76,9 @@ spa_pod_parser_deref(struct spa_pod_parser *parser, uint32_t offset, uint32_t si /* Use void* because creating a misaligned pointer is undefined. */ void *pod = SPA_PTROFF(parser->data, offset, void); /* - * Check that the pointer is aligned and that the size (rounded - * to the next multiple of 8) is in bounds. + * Check that the size (rounded to the next multiple of 8) is in bounds. */ - if (SPA_IS_ALIGNED(pod, SPA_POD_ALIGN) && - long_offset + SPA_ROUND_UP_N((uint64_t)SPA_POD_BODY_SIZE(pod), SPA_POD_ALIGN) <= size) + if (long_offset + SPA_ROUND_UP_N((uint64_t)SPA_POD_BODY_SIZE(pod), SPA_POD_ALIGN) <= size) return (struct spa_pod *)pod; } return NULL;