[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] xenctrl_stubs.c: fix NULL dereference
- To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Edwin Török <edvin.torok@xxxxxxxxxx>
- Date: Thu, 13 Jul 2023 09:30:01 +0100
- Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
- Cc: Edwin Török <edwin.torok@xxxxxxxxx>, "Christian Lindig" <christian.lindig@xxxxxxxxxx>, David Scott <dave@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
- Delivery-date: Thu, 13 Jul 2023 08:30:38 +0000
- Ironport-data: A9a23:lSaW2axEw9BaG/jMFLB6t+dIxirEfRIJ4+MujC+fZmUNrF6WrkVRn zYeWjyAPa3bamD1LogjaI3n9h4EuMSBm4QwSAdrpCAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTrafYEidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw/zF8EoHUMja4mtC5QRhPKsT5TcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KUNk6 sVfOTQ8VymOleKvm+ifROtzr9t2eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyMlKZOUYn1lQ/UfrSmM+limf+dXtEr0iSpoI84nTJzRw327/oWDbQUoXTGJQJwRnB+ woq+UzVHTwBDuWm1QCO80/zvMGXj3n1d9krQejQGvlC3wTImz175ActfUu2p7y1h1CzX/pbK lcI4Ww+oK4q7kupQ9LhGRqirxasshcCVvJKHuY96QXLzbDbiy6GAkAUQzgHb8Yp3PLaXhRzi AXPxYmwQ2Uy7vvMEyn1GqqoQS2aGwIKFCgTYR49dAYX48C4+qU9jA3mUYM2eEKqteEZCQ0c0 hjT8nhv3uVI0pJSv0mo1QuZ2mzx//AlWiZwv1yKBTz9s2uVcab/P+SVBU7nAeGsxWpzZn2Ip zA6lseX94ji5rndxXXWEI3h8FxEjstp0QEwYnY1RfHNDxz3pxaekXl4uVmS3ntBPMceYiPOa 0TOow5X75I7FCL0Pf4uM9zhVJxyk/WI+THZuhf8N4omX3SMXFXfoHEGibC4gggBb3TAYYlgY MzGIK5A/F4RCLh9zSreegvu+eZD+8zK/kuKHcqT503+gdKjiIu9Fe9t3K2mMrpos8tpYWz9r 75iCid9404BCbKuO3WPrNZ7wJJjBSFTOK0aYvd/LoarSjeK0kl9YxMN6dvNo7BYopk=
- Ironport-hdrordr: A9a23:xWuqn6gXqGKvqHfo6FGd7NB9nnBQXioji2hC6mlwRA09TyX5ra 2TdZUgpHvJYVMqMk3I9uruBEDtex3hHP1OkOws1NWZLWrbUQKTRekP0WKF+Vzd8kXFndK1vp 0QEZSWZueRMbEAt7ec3OG5eexQvOVu8sqT9JjjJ6EGd3AVV0lihT0JezpyCidNNW977QJSLu vn2iJAzQDQAEg/X4CAKVQuefPMnNHPnIKOW296O/Z2gDP+9Q9B8dTBYmOl4is=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
From: Edwin Török <edwin.torok@xxxxxxxxx>
`Tag_cons` is `0` and is meant to be used as the tag argument for
`caml_alloc`/`caml_alloc_small`
when constructing a non-empty list.
The empty list is `Val_emptylist` instead (which is really just `Val_int(0)`).
Assigning `0` to a list value like this is equivalent to assigning the naked
pointer `NULL` to the field.
Naked pointers are not valid in OCaml 5, however even in OCaml <5.x any attempt
to iterate on the list will lead to a segfault.
The list currently only has an opaque type, so no code would have reason to
iterate on it currently,
but we shouldn't construct invalid OCaml values that might lead to a crash when
exploring the type.
`Val_emptylist` is available since OCaml 3.01 as a constant.
Fixes: e5ac68a011 ("x86/hvm: Revert per-domain APIC acceleration support")
Signed-off-by: Edwin Török <edwin.torok@xxxxxxxxx>
---
tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c
b/tools/ocaml/libs/xc/xenctrl_stubs.c
index e4d9070f2d..3703f48c74 100644
--- a/tools/ocaml/libs/xc/xenctrl_stubs.c
+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
@@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info)
tag = 1; /* tag x86 */
- arch_obj = Tag_cons;
+ arch_obj = Val_emptylist;
#endif
--
2.41.0
|
