[MIPS] Fix webkit deserialization alignment problem

Reading double from the pickle uses pointer cast to double pointer, which
can be unaligned, and it crashes on on ldc1 instruction on MIPS arch.
Writing to the pickle uses memcpy(), so there is no alignment problem, and
this change does the same for reading.

Original patch by Paul Lind.

BUG= https://code.google.com/p/chromium/issues/detail?id=130022
TEST=make chrome


Review URL: https://chromiumcodereview.appspot.com/13460003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@192000 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 4 deletions

diff --git a/webkit/glue/glue_serialize.cc b/webkit/glue/glue_serialize.cc
index cfe9330..f20d848 100644
--- a/webkit/glue/glue_serialize.cc
+++ b/webkit/glue/glue_serialize.cc
@@ -132,11 +132,13 @@ inline void WriteReal(double data, SerializeObject* obj) {
 inline double ReadReal(const SerializeObject* obj) {
   const void* tmp = NULL;
   int length = 0;
+  double value = 0.0;
   ReadData(obj, &tmp, &length);
-  if (tmp && length > 0 && length >= static_cast<int>(sizeof(0.0)))
-    return *static_cast<const double*>(tmp);
-  else
-    return 0.0;
+  if (tmp && length >= static_cast<int>(sizeof(double))) {
+    // Use memcpy, as tmp may not be correctly aligned.
+    memcpy(&value, tmp, sizeof(double));
+  }
+  return value;
 }
 
 inline void WriteBoolean(bool data, SerializeObject* obj) {