ocaml/libs/xc: Fix NULL dereference with physinfo_arch_caps()

`Tag_cons` is `0` and is meant to be used as the tag argument for
`caml_alloc`/`caml_alloc_small` when constructing a non-empty list.

The empty list is `Val_emptylist` instead, which is really just `Val_int(0)`.

Assigning `0` to a list value like this is equivalent to assigning the naked
pointer `NULL` to the field.  Naked pointers are not valid in OCaml 5, however
even in OCaml <5.x any attempt to iterate on the list will lead to a segfault.

The list currently only has an opaque type, so no code would have reason to
iterate on it currently, but we shouldn't construct invalid OCaml values that
might lead to a crash when exploring the type.

`Val_emptylist` is available since OCaml 3.01 as a constant.

Fixes: e5ac68a0110c ("x86/hvm: Revert per-domain APIC acceleration support")
Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Acked-by: Christian Lindig <christian.lindig@cloud.com>

diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c
index e4d9070f2d007260371290b000d60b23d0146966..3703f48c74d1d43aa14ae47f97fe65242bf1a496 100644 (file)
--- a/tools/ocaml/libs/xc/xenctrl_stubs.c
+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c
@@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info)
 
        tag = 1; /* tag x86 */
 
-       arch_obj = Tag_cons;
+       arch_obj = Val_emptylist;
 
 #endif