From fb196e88074a8547ef93030ee385227664965106 Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@kdab.com>
Date: Thu, 10 Mar 2016 09:53:36 +0100
Subject: QMimeMagicRule: fix UB (misaligned load) in matchNumber<T>()

Found by UBSan:

  qmimemagicrule.cpp:166:53: runtime error: load of misaligned address 0x00000124bcb9 for type 'const short unsigned int', which requires 2 byte alignment
  qmimemagicrule.cpp:166:53: runtime error: load of misaligned address 0x00000124bcb9 for type 'const unsigned int', which requires 4 byte alignment

Fix by using new qUnalignedLoad<T>() instead of a
load through a type-punned pointer and misaligned
pointer.

Change-Id: I6b876f1ce7e01369fbb25a51263d1ad04be07d52
Reviewed-by: David Faure <david.faure@kdab.com>
---
 src/corelib/mimetypes/qmimemagicrule.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/corelib')

diff --git a/src/corelib/mimetypes/qmimemagicrule.cpp b/src/corelib/mimetypes/qmimemagicrule.cpp
index 6a3a429179..44834420fe 100644
--- a/src/corelib/mimetypes/qmimemagicrule.cpp
+++ b/src/corelib/mimetypes/qmimemagicrule.cpp
@@ -42,6 +42,7 @@
 #include <QtCore/QList>
 #include <QtCore/QDebug>
 #include <qendian.h>
+#include <private/qsimd_p.h> // for qUnalignedLoad
 
 QT_BEGIN_NAMESPACE
 
@@ -176,7 +177,7 @@ static bool matchNumber(const QMimeMagicRulePrivate *d, const QByteArray &data)
     const char *p = data.constData() + d->startPos;
     const char *e = data.constData() + qMin(data.size() - int(sizeof(T)), d->endPos + 1);
     for ( ; p <= e; ++p) {
-        if ((*reinterpret_cast<const T*>(p) & mask) == (value & mask))
+        if ((qUnalignedLoad<T>(p) & mask) == (value & mask))
             return true;
     }
 
-- 
cgit v1.2.3