|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH] xenctrl_stubs.c: fix NULL dereference
> On 13 Jul 2023, at 09:30, Edwin Török <edvin.torok@xxxxxxxxxx> wrote:
>
> From: Edwin Török <edwin.torok@xxxxxxxxx>
>
> `Tag_cons` is `0` and is meant to be used as the tag argument for
> `caml_alloc`/`caml_alloc_small`
> when constructing a non-empty list.
> The empty list is `Val_emptylist` instead (which is really just `Val_int(0)`).
>
> Assigning `0` to a list value like this is equivalent to assigning the naked
> pointer `NULL` to the field.
> Naked pointers are not valid in OCaml 5, however even in OCaml <5.x any
> attempt to iterate on the list will lead to a segfault.
>
> The list currently only has an opaque type, so no code would have reason to
> iterate on it currently,
> but we shouldn't construct invalid OCaml values that might lead to a crash
> when exploring the type.
>
> `Val_emptylist` is available since OCaml 3.01 as a constant.
>
> Fixes: e5ac68a011 ("x86/hvm: Revert per-domain APIC acceleration support")
>
> Signed-off-by: Edwin Török <edwin.torok@xxxxxxxxx>
> ---
> tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c
> b/tools/ocaml/libs/xc/xenctrl_stubs.c
> index e4d9070f2d..3703f48c74 100644
> --- a/tools/ocaml/libs/xc/xenctrl_stubs.c
> +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
> @@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t
> *info)
>
> tag = 1; /* tag x86 */
>
> - arch_obj = Tag_cons;
> + arch_obj = Val_emptylist;
>
> #endif
>
> --
> 2.41.0
>
Acked-by: Christian Lindig <christian.lindig@xxxxxxxxx>
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |