From b2c74a942aab42f39620725ca7dc855fb8e20038 Mon Sep 17 00:00:00 2001
From: Jeff Muizelaar <jrmuizel@gmail.com>
Date: Fri, 12 Jul 2019 13:36:17 +0000
Subject: [PATCH] Bug 1565566. blob: Improve convert_from_bytes. r=Gankro

This minimizes regret by requiring T: Copy and switches
to read_unaligned() because the pointer can be unaligned.

Differential Revision: https://phabricator.services.mozilla.com/D37861

--HG--
extra : moz-landing-system : lando
---
 gfx/webrender_bindings/src/moz2d_renderer.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gfx/webrender_bindings/src/moz2d_renderer.rs b/gfx/webrender_bindings/src/moz2d_renderer.rs
index d858a3954845..6f0aa92a794b 100644
--- a/gfx/webrender_bindings/src/moz2d_renderer.rs
+++ b/gfx/webrender_bindings/src/moz2d_renderer.rs
@@ -77,11 +77,10 @@ pub struct Moz2dBlobImageHandler {
 
 /// Transmute some bytes into a value.
 ///
-/// Wow this is dangerous if non-POD values are read!
 /// FIXME: kill this with fire and/or do a super robust security audit
-unsafe fn convert_from_bytes<T>(slice: &[u8]) -> T {
+unsafe fn convert_from_bytes<T: Copy>(slice: &[u8]) -> T {
     assert!(mem::size_of::<T>() <= slice.len());
-    ptr::read(slice.as_ptr() as *const T)
+    ptr::read_unaligned(slice.as_ptr() as *const T)
 }
 
 /// Transmute a value into some bytes.
@@ -113,7 +112,7 @@ impl<'a> BufReader<'a> {
     ///
     /// To limit the scope of this unsafety, please don't call this directly.
     /// Make a helper method for each whitelisted type.
-    unsafe fn read<T>(&mut self) -> T {
+    unsafe fn read<T: Copy>(&mut self) -> T {
         let ret = convert_from_bytes(&self.buf[self.pos..]);
         self.pos += mem::size_of::<T>();
         ret
@@ -419,6 +418,7 @@ fn merge_blob_images(old_buf: &[u8], new_buf: &[u8], dirty_rect: Box2d) -> Vec<u
 
 /// A font used by a blob image.
 #[repr(C)]
+#[derive(Copy, Clone)]
 struct BlobFont {
     /// The font key.
     font_instance_key: FontInstanceKey,