From 23ff0ed3a5205afd2067514b25aed3aa5c51f4cc Mon Sep 17 00:00:00 2001
From: Adrian Szyndela <adrian.s@samsung.com>
Date: Wed, 23 May 2018 12:49:48 +0200
Subject: [PATCH] GVariant: fix alignment of elements in array

This patch fixes two related bugs:
1. off-by-one in checking size and alignment of the next element
   in_dbus_reader_get_signature_fixed_size()
2. alignment requirements were not considered at all while iterating
   over array of variable size elements in array_reader_next().

Change-Id: Ic24be50e978532da4695a2a35731302011e20871
---
 dbus/dbus-marshal-gvariant.c  | 2 +-
 dbus/dbus-marshal-recursive.c | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/dbus/dbus-marshal-gvariant.c b/dbus/dbus-marshal-gvariant.c
index 2adee4d..d270dd3 100644
--- a/dbus/dbus-marshal-gvariant.c
+++ b/dbus/dbus-marshal-gvariant.c
@@ -945,7 +945,7 @@ _dbus_reader_get_signature_fixed_size (const DBusString *signature, int *pos, in
           res = update_size (res, res_recursive, &current_alignment, alignment_recursive);
 
           /* and update position */
-          *pos = recursive_pos - 1;
+          *pos = recursive_pos;
         }
         break;
 	  case DBUS_TYPE_INVALID:
diff --git a/dbus/dbus-marshal-recursive.c b/dbus/dbus-marshal-recursive.c
index af027ed..4e89927 100644
--- a/dbus/dbus-marshal-recursive.c
+++ b/dbus/dbus-marshal-recursive.c
@@ -684,8 +684,10 @@ array_reader_next (DBusTypeReader *reader,
       int size = _dbus_reader_get_type_fixed_size (reader, &alignment);
       if (0 == size)
         {
-          /* variable size - use offsets*/
-          reader->value_pos = _dbus_reader_get_offset_of_end_of_variable (reader);
+          /* variable size - use offsets - BUT consider also alignment,
+             because elements in the array might have alignment requirements.
+           */
+          reader->value_pos = _DBUS_ALIGN_VALUE(_dbus_reader_get_offset_of_end_of_variable (reader), alignment);
           reader->variable_index++;
           reader->finished = (reader->variable_index >= reader->n_offsets);
         }
-- 
2.7.4