LibGfx: Copy into a u32 in LZWDecoder::next_code() instead of casting

This results in unaligned reads sometimes, depending on the layout of the underlying buffer. Caught by UBSAN.
author: Andrew Kaster <andrewdkaster@gmail.com> 2021-05-24 08:23:35 -0600
committer: Andreas Kling <kling@serenityos.org> 2021-05-27 15:18:03 +0200
commit: 480802805fc11e079c6f3f65c2e9886136d05f86 (patch)
tree: 38dfea230e365691bf20e0a01deda62b21602560 /Userland/Libraries/LibGfx/GIFLoader.cpp
parent: 74da0f24f0c99d2cb1646234e841bd42a7fb8c99 (diff)
download: serenity-480802805fc11e079c6f3f65c2e9886136d05f86.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/Userland/Libraries/LibGfx/GIFLoader.cpp b/Userland/Libraries/LibGfx/GIFLoader.cpp
index d8b60c0dbb..16fca946d6 100644
--- a/Userland/Libraries/LibGfx/GIFLoader.cpp
+++ b/Userland/Libraries/LibGfx/GIFLoader.cpp
@@ -187,8 +187,9 @@ public:
             const u32* addr = (const u32*)&padded_last_bytes;
             m_current_code = (*addr & mask) >> current_bit_offset;
         } else {
-            const u32* addr = (const u32*)&m_lzw_bytes.at(current_byte_index);
-            m_current_code = (*addr & mask) >> current_bit_offset;
+            u32 tmp_word;
+            memcpy(&tmp_word, &m_lzw_bytes.at(current_byte_index), sizeof(u32));
+            m_current_code = (tmp_word & mask) >> current_bit_offset;
         }
 
         if (m_current_code > m_code_table.size()) {
author	Andrew Kaster <andrewdkaster@gmail.com>	2021-05-24 08:23:35 -0600
committer	Andreas Kling <kling@serenityos.org>	2021-05-27 15:18:03 +0200
commit	480802805fc11e079c6f3f65c2e9886136d05f86 (patch)
tree	38dfea230e365691bf20e0a01deda62b21602560 /Userland/Libraries/LibGfx/GIFLoader.cpp
parent	74da0f24f0c99d2cb1646234e841bd42a7fb8c99 (diff)
download	serenity-480802805fc11e079c6f3f65c2e9886136d05f86.zip