File capnproto-CVE-2022-46149.patch of Package capnproto.27043

diff -Nura capnproto-c++-0.9.1/src/capnp/layout.c++ capnproto-c++-0.9.1_new/src/capnp/layout.c++
--- capnproto-c++-0.9.1/src/capnp/layout.c++	2021-08-09 01:08:05.000000000 +0800
+++ capnproto-c++-0.9.1_new/src/capnp/layout.c++	2022-12-05 21:11:50.242472429 +0800
@@ -2333,10 +2333,6 @@
             break;
 
           case ElementSize::POINTER:
-            // We expected a list of pointers but got a list of structs.  Assuming the first field
-            // in the struct is the pointer we were looking for, we want to munge the pointer to
-            // point at the first element's pointer section.
-            ptr += tag->structRef.dataSize.get();
             KJ_REQUIRE(tag->structRef.ptrCount.get() > ZERO * POINTERS,
                        "Expected a pointer list, but got a list of data-only structs.") {
               goto useDefault;
diff -Nura capnproto-c++-0.9.1/src/capnp/layout.h capnproto-c++-0.9.1_new/src/capnp/layout.h
--- capnproto-c++-0.9.1/src/capnp/layout.h	2020-04-23 01:50:38.000000000 +0800
+++ capnproto-c++-0.9.1_new/src/capnp/layout.h	2022-12-05 21:16:53.324727537 +0800
@@ -1227,8 +1227,12 @@
 }
 
 inline PointerReader ListReader::getPointerElement(ElementCount index) const {
+  // If the list elements have data sections we need to skip those. Note that for pointers to be
+  // present at all (which already must be true if we get here), then `structDataSize` must be a
+  // whole number of words, so we don't have to worry about unaligned reads here.
+  auto offset = structDataSize / BITS_PER_BYTE;
   return PointerReader(segment, capTable, reinterpret_cast<const WirePointer*>(
-      ptr + upgradeBound<uint64_t>(index) * step / BITS_PER_BYTE), nestingLimit);
+      ptr + offset + upgradeBound<uint64_t>(index) * step / BITS_PER_BYTE), nestingLimit);
 }
 
 // -------------------------------------------------------------------