|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] ocaml/libs/xc: Fix NULL dereference with physinfo_arch_caps()
commit 99e45548934923f0d2c1d52ae1239ffe4ef17a06
Author: Edwin Török <edwin.torok@xxxxxxxxx>
AuthorDate: Thu Jul 13 09:30:01 2023 +0100
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Thu Jul 13 11:06:07 2023 +0100
ocaml/libs/xc: Fix NULL dereference with physinfo_arch_caps()
`Tag_cons` is `0` and is meant to be used as the tag argument for
`caml_alloc`/`caml_alloc_small` when constructing a non-empty list.
The empty list is `Val_emptylist` instead, which is really just
`Val_int(0)`.
Assigning `0` to a list value like this is equivalent to assigning the naked
pointer `NULL` to the field. Naked pointers are not valid in OCaml 5,
however
even in OCaml <5.x any attempt to iterate on the list will lead to a
segfault.
The list currently only has an opaque type, so no code would have reason to
iterate on it currently, but we shouldn't construct invalid OCaml values
that
might lead to a crash when exploring the type.
`Val_emptylist` is available since OCaml 3.01 as a constant.
Fixes: e5ac68a0110c ("x86/hvm: Revert per-domain APIC acceleration support")
Signed-off-by: Edwin Török <edwin.torok@xxxxxxxxx>
Acked-by: Christian Lindig <christian.lindig@xxxxxxxxx>
---
tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c
b/tools/ocaml/libs/xc/xenctrl_stubs.c
index e4d9070f2d..3703f48c74 100644
--- a/tools/ocaml/libs/xc/xenctrl_stubs.c
+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
@@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info)
tag = 1; /* tag x86 */
- arch_obj = Tag_cons;
+ arch_obj = Val_emptylist;
#endif
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |