From e4b349cf8e0fcb1d1d65d169d98e9a76cea1f0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20S=C3=A1nchez=20Parra?= Date: Wed, 7 Dec 2022 10:26:10 +0100 Subject: [PATCH] Fix unaligned memory access in OK to EOF package conversion Fix unaligned memory access in ok_to_eof_packet() when copying warnings and status flags from OK to EOF packages. --- lib/Query_Cache.cpp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/Query_Cache.cpp b/lib/Query_Cache.cpp index 0b9163af2..5a70626c9 100644 --- a/lib/Query_Cache.cpp +++ b/lib/Query_Cache.cpp @@ -567,9 +567,11 @@ unsigned char* ok_to_eof_packet(QC_entry_t* entry) { ok_packet += sizeof(mysql_hdr); // Skip the 'OK packet header', 'affected_rows' and 'last_insert_id' ok_packet += 3; - uint16_t status_flags = *reinterpret_cast(ok_packet); + uint16_t status_flags; + memcpy(&status_flags, ok_packet, sizeof(uint16_t)); ok_packet += 2; - uint16_t warnings = *reinterpret_cast(ok_packet); + uint16_t warnings; + memcpy(&warnings, ok_packet, sizeof(uint16_t)); // Find the spot in which the first EOF needs to be placed it += sizeof(mysql_hdr); @@ -599,9 +601,9 @@ unsigned char* ok_to_eof_packet(QC_entry_t* entry) { // Write 'column_eof_packet' contents *vp = 0xfe; vp++; - *reinterpret_cast(vp) = warnings; + memcpy(vp, &warnings, sizeof(uint16_t)); vp += 2; - *reinterpret_cast(vp) = status_flags; + memcpy(vp, &status_flags, sizeof(uint16_t)); vp += 2; // Find the OK packet @@ -621,9 +623,9 @@ unsigned char* ok_to_eof_packet(QC_entry_t* entry) { *vp = 0xfe; vp++; - *reinterpret_cast(vp) = warnings; + memcpy(vp, &warnings, sizeof(uint16_t)); vp += 2; - *reinterpret_cast(vp) = status_flags; + memcpy(vp, &status_flags, sizeof(uint16_t)); break; } else { // Increment the package id by one due to 'column_eof_packet'