From add3be20869b5aa5b633333c062d9f82f625bfd2 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Tue, 3 Nov 2020 16:59:36 +0000
Subject: [PATCH] gscanner: Avoid undefined behaviour copying between union
 members
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It’s technically undefined behaviour in C to copy between two
potentially-overlapping regions of memory (just like it is when calling
`memcpy()`). This can easily happen with union members; and the ones in
`GScanner` in particular.

Fix that by copying through an intermediate variable.

Coverity CID: #1427317, 1427340

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
---
 glib/gscanner.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/glib/gscanner.c b/glib/gscanner.c
index b77514afe..c858abf9e 100644
--- a/glib/gscanner.c
+++ b/glib/gscanner.c
@@ -1696,12 +1696,19 @@ g_scanner_get_token_i (GScanner	*scanner,
       scanner->config->int_2_float)
     {
       *token_p = G_TOKEN_FLOAT;
+
+      /* Have to assign through a temporary variable to avoid undefined behaviour
+       * by copying between potentially-overlapping union members. */
       if (scanner->config->store_int64)
         {
-          value_p->v_float = value_p->v_int64;
+          gint64 temp = value_p->v_int64;
+          value_p->v_float = temp;
         }
       else
-	value_p->v_float = value_p->v_int;
+        {
+          gint temp = value_p->v_int;
+          value_p->v_float = temp;
+        }
     }
   
   errno = 0;