Fix unaligned memory access in ZeroMQ input

author: Matthias P. Braendli <matthias.braendli@mpb.li> 2020-04-06 09:09:14 +0200
committer: Matthias P. Braendli <matthias.braendli@mpb.li> 2020-04-06 09:09:14 +0200
commit: 5e8f2ac0601eadda48018bb7aab35e76c7b85652 (patch)
tree: ee345bc260c2b8d37f67b3225f1b1b176563941b
parent: 6606cb7f6c39096c8259dd1e2356a76baaa0b008 (diff)
download: dabmod-5e8f2ac0601eadda48018bb7aab35e76c7b85652.tar.gz
dabmod-5e8f2ac0601eadda48018bb7aab35e76c7b85652.tar.bz2
dabmod-5e8f2ac0601eadda48018bb7aab35e76c7b85652.zip
1 files changed, 11 insertions, 15 deletions
diff --git a/src/InputZeroMQReader.cpp b/src/InputZeroMQReader.cpp
index 1ebc1ca..995e4b0 100644
--- a/src/InputZeroMQReader.cpp
+++ b/src/InputZeroMQReader.cpp
@@ -52,17 +52,12 @@ constexpr int ZMQ_TIMEOUT_MS = 100;
  * we do not risk breaking ETI vs. transmission frame
  * phase.
  *
- * The frames are concatenated in buf, and
- * their sizes is given in the buflen array.
- *
- * Most of the time, the buf will not be completely
- * filled
+ * The header is followed by the four ETI frames.
  */
-struct zmq_dab_message_t
+struct zmq_msg_header_t
 {
     uint32_t version;
     uint16_t buflen[NUM_FRAMES_PER_ZMQ_MESSAGE];
-    uint8_t  buf[NUM_FRAMES_PER_ZMQ_MESSAGE*6144];
 };
 
 #define ZMQ_DAB_MESSAGE_T_HEADERSIZE \
@@ -210,28 +205,29 @@ void InputZeroMQReader::RecvProcess()
                     throw runtime_error("ZeroMQ packet too small for header");
                 }
                 else {
-                    const zmq_dab_message_t* dab_msg = (zmq_dab_message_t*)incoming.data();
+                    zmq_msg_header_t dab_msg;
+                    memcpy(&dab_msg, incoming.data(), sizeof(zmq_msg_header_t));
 
-                    if (dab_msg->version != 1) {
+                    if (dab_msg.version != 1) {
                         etiLog.level(error) <<
                             "ZeroMQ wrong packet version " <<
-                            dab_msg->version;
+                            dab_msg.version;
                     }
 
-                    int offset = sizeof(dab_msg->version) +
-                        NUM_FRAMES_PER_ZMQ_MESSAGE * sizeof(*dab_msg->buflen);
+                    int offset = sizeof(dab_msg.version) +
+                        NUM_FRAMES_PER_ZMQ_MESSAGE * sizeof(*dab_msg.buflen);
 
                     for (int i = 0; i < NUM_FRAMES_PER_ZMQ_MESSAGE; i++) {
-                        if (dab_msg->buflen[i] > 6144) {
+                        if (dab_msg.buflen[i] > 6144) {
                             stringstream ss;
                             ss << "ZeroMQ buffer " << i <<
-                                " has invalid buflen " << dab_msg->buflen[i];
+                                " has invalid buflen " << dab_msg.buflen[i];
                             throw runtime_error(ss.str());
                         }
                         else {
                             vector<uint8_t> buf(6144, 0x55);
 
-                            const int framesize = dab_msg->buflen[i];
+                            const int framesize = dab_msg.buflen[i];
 
                             if ((ssize_t)incoming.size() < offset + framesize) {
                                 throw runtime_error("ZeroMQ packet too small");
author	Matthias P. Braendli <matthias.braendli@mpb.li>	2020-04-06 09:09:14 +0200
committer	Matthias P. Braendli <matthias.braendli@mpb.li>	2020-04-06 09:09:14 +0200
commit	5e8f2ac0601eadda48018bb7aab35e76c7b85652 (patch)
tree	ee345bc260c2b8d37f67b3225f1b1b176563941b
parent	6606cb7f6c39096c8259dd1e2356a76baaa0b008 (diff)
download	dabmod-5e8f2ac0601eadda48018bb7aab35e76c7b85652.tar.gz dabmod-5e8f2ac0601eadda48018bb7aab35e76c7b85652.tar.bz2 dabmod-5e8f2ac0601eadda48018bb7aab35e76c7b85652.zip