From: "Edwin Török" <edvin.torok@citrix.com>
To: <xen-devel@lists.xenproject.org>
Cc: "Edwin Török" <edwin.torok@cloud.com>,
"Christian Lindig" <christian.lindig@citrix.com>,
"David Scott" <dave@recoil.org>, "Wei Liu" <wl@xen.org>,
"Anthony PERARD" <anthony.perard@citrix.com>
Subject: [PATCH] xenctrl_stubs.c: fix NULL dereference
Date: Thu, 13 Jul 2023 09:30:01 +0100 [thread overview]
Message-ID: <3b6374c44ae7e4afce427a9ea852d8d1ebbb42b3.1689236671.git.edwin.torok@cloud.com> (raw)
From: Edwin Török <edwin.torok@cloud.com>
`Tag_cons` is `0` and is meant to be used as the tag argument for `caml_alloc`/`caml_alloc_small`
when constructing a non-empty list.
The empty list is `Val_emptylist` instead (which is really just `Val_int(0)`).
Assigning `0` to a list value like this is equivalent to assigning the naked pointer `NULL` to the field.
Naked pointers are not valid in OCaml 5, however even in OCaml <5.x any attempt to iterate on the list will lead to a segfault.
The list currently only has an opaque type, so no code would have reason to iterate on it currently,
but we shouldn't construct invalid OCaml values that might lead to a crash when exploring the type.
`Val_emptylist` is available since OCaml 3.01 as a constant.
Fixes: e5ac68a011 ("x86/hvm: Revert per-domain APIC acceleration support")
Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c
index e4d9070f2d..3703f48c74 100644
--- a/tools/ocaml/libs/xc/xenctrl_stubs.c
+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
@@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info)
tag = 1; /* tag x86 */
- arch_obj = Tag_cons;
+ arch_obj = Val_emptylist;
#endif
--
2.41.0
next reply other threads:[~2023-07-13 8:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-13 8:30 Edwin Török [this message]
2023-07-13 8:43 ` [PATCH] xenctrl_stubs.c: fix NULL dereference Christian Lindig
2023-08-03 10:15 ` Jan Beulich
2023-08-03 12:51 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b6374c44ae7e4afce427a9ea852d8d1ebbb42b3.1689236671.git.edwin.torok@cloud.com \
--to=edvin.torok@citrix.com \
--cc=anthony.perard@citrix.com \
--cc=christian.lindig@citrix.com \
--cc=dave@recoil.org \
--cc=edwin.torok@cloud.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.