From 99e45548934923f0d2c1d52ae1239ffe4ef17a06 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= Date: Thu, 13 Jul 2023 09:30:01 +0100 Subject: [PATCH] ocaml/libs/xc: Fix NULL dereference with physinfo_arch_caps() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit `Tag_cons` is `0` and is meant to be used as the tag argument for `caml_alloc`/`caml_alloc_small` when constructing a non-empty list. The empty list is `Val_emptylist` instead, which is really just `Val_int(0)`. Assigning `0` to a list value like this is equivalent to assigning the naked pointer `NULL` to the field. Naked pointers are not valid in OCaml 5, however even in OCaml <5.x any attempt to iterate on the list will lead to a segfault. The list currently only has an opaque type, so no code would have reason to iterate on it currently, but we shouldn't construct invalid OCaml values that might lead to a crash when exploring the type. `Val_emptylist` is available since OCaml 3.01 as a constant. Fixes: e5ac68a0110c ("x86/hvm: Revert per-domain APIC acceleration support") Signed-off-by: Edwin Török Acked-by: Christian Lindig --- tools/ocaml/libs/xc/xenctrl_stubs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c index e4d9070f2d..3703f48c74 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -832,7 +832,7 @@ CAMLprim value physinfo_arch_caps(const xc_physinfo_t *info) tag = 1; /* tag x86 */ - arch_obj = Tag_cons; + arch_obj = Val_emptylist; #endif -- 2.39.5