From c7059dc61cb47f4a09555f2a55db7853ae03f954 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
Date: Thu, 13 Feb 2025 18:48:47 +0100
Subject: [PATCH] goodixmoc: Use FpiByteReader to safely read the device CRC

This is was leading to a potential error due to misaligned memory:

../libfprint/drivers/goodixmoc/goodix.c:167:20: runtime error: load of
misaligned address 0x00001165c989 for type 'uint32_t', which requires 4 byte
alignment
0x00001165c989: note: pointer points here
 00 00 00  00 0a ac b3 09 00 00 00  00 00 00 55 53 42 00 00  00 00 00 56 42 53 00 00  00 00 00 30 30
              ^
    #0 0x7ff3ba98d190 in fp_cmd_receive_cb ../libfprint/drivers/goodixmoc/goodix.c:167
    #1 0x7ff3baa3b235 in transfer_finish_cb ../libfprint/fpi-usb-transfer.c:352
    #2 0x7ff3c18ca862 in g_task_return_now ../../glib/gio/gtask.c:1363
    #3 0x7ff3c18ca89c in complete_in_idle_cb ../../glib/gio/gtask.c:1377
    #4 0x7ff3c228470b in g_main_dispatch ../../glib/glib/gmain.c:3373
    #5 0x7ff3c22868de in g_main_context_dispatch_unlocked ../../glib/glib/gmain.c:4224
    #6 0x7ff3c22868de in g_main_context_iterate_unlocked ../../glib/glib/gmain.c:4289
    #7 0x7ff3c2286fef in g_main_context_iteration ../../glib/glib/gmain.c:4354
    #8 0x7ff3ba8d2fe5 in fp_device_open_sync ../libfprint/fp-device.c:1874
---
 libfprint/drivers/goodixmoc/goodix.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/libfprint/drivers/goodixmoc/goodix.c b/libfprint/drivers/goodixmoc/goodix.c
index 0cf8457c..1b8aa733 100644
--- a/libfprint/drivers/goodixmoc/goodix.c
+++ b/libfprint/drivers/goodixmoc/goodix.c
@@ -22,6 +22,7 @@
 #define FP_COMPONENT "goodixmoc"
 
 #include "drivers_api.h"
+#include "fpi-byte-reader.h"
 
 #include "goodix_proto.h"
 #include "goodix.h"
@@ -128,11 +129,13 @@ fp_cmd_receive_cb (FpiUsbTransfer *transfer,
                    GError         *error)
 {
   FpiDeviceGoodixMoc *self = FPI_DEVICE_GOODIXMOC (device);
+  FpiByteReader reader = {0};
   CommandData *data = user_data;
   int ret = -1, ssm_state = 0;
   gxfp_cmd_response_t cmd_reponse = {0, };
   pack_header header;
   guint32 crc32_calc = 0;
+  guint32 crc32 = 0;
   guint16 cmd = 0;
 
   if (error)
@@ -163,8 +166,19 @@ fp_cmd_receive_cb (FpiUsbTransfer *transfer,
       return;
     }
 
+  reader.data = transfer->buffer;
+  reader.size = transfer->actual_length;
+  if (!fpi_byte_reader_set_pos (&reader, PACKAGE_HEADER_SIZE + header.len))
+    {
+      fpi_ssm_mark_failed (transfer->ssm,
+                           fpi_device_error_new_msg (FP_DEVICE_ERROR_PROTO,
+                                                     "Package crc read failed"));
+    }
+
   gx_proto_crc32_calc (transfer->buffer, PACKAGE_HEADER_SIZE + header.len, (uint8_t *) &crc32_calc);
-  if(crc32_calc != GUINT32_FROM_LE (*(uint32_t *) (transfer->buffer + PACKAGE_HEADER_SIZE + header.len)))
+
+  if (!fpi_byte_reader_get_uint32_le (&reader, &crc32) ||
+      crc32_calc != crc32)
     {
       fpi_ssm_mark_failed (transfer->ssm,
                            fpi_device_error_new_msg (FP_DEVICE_ERROR_PROTO,