Fixes misaligned pointer by reading from the buffer instead of loading the memory separately (#8649)

2026-06-01 19:58:15 +00:00 · 2025-07-29 23:26:30 +02:00
parent 575d616e60
commit 518bf42df8
2 changed files with 18 additions and 2 deletions
--- a/swift/Sources/FlatBuffers/FlatBufferBuilder.swift
+++ b/swift/Sources/FlatBuffers/FlatBufferBuilder.swift
@@ -303,12 +303,12 @@ public struct FlatBufferBuilder {
    var isAlreadyAdded: Int?

    let vt2 = _bb.memory.advanced(by: _bb.writerIndex)
-    let len2 = vt2.load(fromByteOffset: 0, as: Int16.self)
+    let len2 = vt2.bindMemory(to: Int16.self, capacity: 1).pointee

    for index in stride(from: 0, to: _vtables.count, by: 1) {
      let position = _bb.capacity &- Int(_vtables[index])
      let vt1 = _bb.memory.advanced(by: position)
-      let len1 = _bb.read(def: Int16.self, position: position)
+      let len1 = vt1.bindMemory(to: Int16.self, capacity: 1).pointee
      if len2 != len1 || 0 != memcmp(vt1, vt2, Int(len2)) { continue }

      isAlreadyAdded = Int(_vtables[index])
--- a/tests/swift/Tests/Flatbuffers/FlatBuffersTests.swift
+++ b/tests/swift/Tests/Flatbuffers/FlatBuffersTests.swift
@@ -120,6 +120,22 @@ final class FlatBuffersTests: XCTestCase {
    XCTAssertEqual(scalarTable.justEnum, .one)
    XCTAssertNil(scalarTable.maybeEnum)
  }
+
+  func testAlignmentCrash() {
+      var builder = FlatBufferBuilder(initialSize: 256)
+
+      // Create two identical tables to trigger vtable deduplication
+      let str1 = builder.create(string: "test")
+      let start1 = builder.startTable(with: 1)
+      builder.add(offset: str1, at: 0)
+      _ = builder.endTable(at: start1)
+
+      // Second table triggers vtable comparison where crash occurs
+      let str2 = builder.create(string: "crash")
+      let start2 = builder.startTable(with: 1)
+      builder.add(offset: str2, at: 0)
+      _ = builder.endTable(at: start2) // ← Crashes here on ARM64
+  }
 }

 class Country {