diff options
author | Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> | 2021-07-10 07:49:30 +0200 |
---|---|---|
committer | Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> | 2021-07-19 12:44:07 +0200 |
commit | ffab364791cc08fe283396046b2d38d6e3ce7e65 (patch) | |
tree | 729eca0cb93861d4335cfcd558bae093dbc2c9db | |
parent | 76ac47dc355a7f80aac152aaf212419f228048cf (diff) | |
download | neard-ffab364791cc08fe283396046b2d38d6e3ce7e65.tar.gz |
se: silence clang -Wcast-align warning
Fix clang warnings:
se/ace.c:147:15: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'struct seel_ace_apdu_rule *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
apdu_rule = (struct seel_ace_apdu_rule *)rule->apdu_rules;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
se/ace.c:790:18: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'uint32_t *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Werror,-Wcast-align]
apdu_header = *((uint32_t *) apdu);
^~~~~~~~~~~~~~~~~
se/ace.c:791:14: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'struct seel_ace_apdu_rule *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
apdu_rule = (struct seel_ace_apdu_rule *)rule->apdu_rules;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Increasing alignment should be fine for most of the platforms (maybe
except some performance penalty), although there are such which might
not handle it and raise CPU exception. I am not sure whether the code
is actually safe, but proper fixing would require bigger changes.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
-rw-r--r-- | se/ace.c | 30 |
1 files changed, 27 insertions, 3 deletions
@@ -144,7 +144,18 @@ static void dump_rule(gpointer data, gpointer user_data) uint8_t *header, *mask; size_t n_rules; - apdu_rule = (struct seel_ace_apdu_rule *)rule->apdu_rules; + /* + * (void *) to silence -Wcast-align. Code should be safe + * (assuming platform handles unaliagned access) as iterations + * go up to n_rules. + * + * TODO: Fix the problem instead of silencing with cast, so + * the code would be porable. + */ + if (rule->apdu_rules_len % sizeof(struct seel_ace_apdu_rule *)) { + DBG(" APDU: wrong alignment (Bug, code needs fixing)"); + } + apdu_rule = (struct seel_ace_apdu_rule *)(void *)rule->apdu_rules; n_rules = rule->apdu_rules_len / sizeof(struct seel_ace_apdu_rule); @@ -787,8 +798,21 @@ static bool apdu_allowed(struct seel_ace_rule *rule, n_rules = rule->apdu_rules_len / sizeof(struct seel_ace_apdu_rule); - apdu_header = *((uint32_t *) apdu); - apdu_rule = (struct seel_ace_apdu_rule *)rule->apdu_rules; + /* + * FIXME: apdu comes from message and where is checking for apdu_len? + * The (void *) is to fix -Wcast-align but the actual problem is + * whether the apdu contains enough of data. + */ + apdu_header = *((uint32_t *)(void *) apdu); + /* + * (void *) to silence -Wcast-align. Code should be safe + * (assuming platform handles unaliagned access) as iterations + * go up to n_rules. + * + * TODO: Fix the problem instead of silencing with cast, so + * the code would be porable. + */ + apdu_rule = (struct seel_ace_apdu_rule *)(void *)rule->apdu_rules; for (i = 0; i < n_rules; i++) { if ((apdu_header & apdu_rule->mask) == apdu_rule->header) |