From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Rob Hoes <rob.hoes@citrix.com>
Cc: ian.jackson@citrix.com, dave.scott@eu.citrix.com,
ian.campbell@citrix.com, xen-devel@lists.xen.org
Subject: Re: [PATCH v5 10/12] libxl: ocaml: fix memory corruption when converting string and key/values lists
Date: Tue, 26 Nov 2013 18:01:51 +0000 [thread overview]
Message-ID: <5294E20F.7050500@citrix.com> (raw)
In-Reply-To: <1385488371-28875-11-git-send-email-rob.hoes@citrix.com>
On 26/11/13 17:52, Rob Hoes wrote:
> Found by Coverty. CIDs: 1128562 1128563 1128564 1128565.
>
> Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
It is worth further stating that this is due to incorrect indirections,
just like b0be2b126ea75a83a3778b4e1710d248f92cf528
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
FWIW, the libxl_string_list tyepdef makes it far too easy to do this.
It might be worth trying to turn it into an opaque type to reduce these
kinds of errors.
> ---
> tools/ocaml/libs/xl/xenlight_stubs.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/tools/ocaml/libs/xl/xenlight_stubs.c b/tools/ocaml/libs/xl/xenlight_stubs.c
> index 7012045..a2d47f9 100644
> --- a/tools/ocaml/libs/xl/xenlight_stubs.c
> +++ b/tools/ocaml/libs/xl/xenlight_stubs.c
> @@ -159,8 +159,8 @@ static value Val_key_value_list(libxl_key_value_list *c_val)
>
> list = Val_emptylist;
> for (i = libxl_string_list_length((libxl_string_list *) c_val) - 1; i >= 0; i -= 2) {
> - val = caml_copy_string((char *) c_val[i]);
> - key = caml_copy_string((char *) c_val[i - 1]);
> + val = caml_copy_string((*c_val)[i]);
> + key = caml_copy_string((*c_val)[i - 1]);
> kv = caml_alloc_tuple(2);
> Store_field(kv, 0, key);
> Store_field(kv, 1, val);
> @@ -201,7 +201,7 @@ static value Val_string_list(libxl_string_list *c_val)
>
> list = Val_emptylist;
> for (i = libxl_string_list_length(c_val) - 1; i >= 0; i--) {
> - string = caml_copy_string((char *) c_val[i]);
> + string = caml_copy_string((*c_val)[i]);
> cons = caml_alloc(2, 0);
> Store_field(cons, 0, string); // head
> Store_field(cons, 1, list); // tail
next prev parent reply other threads:[~2013-11-26 18:01 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-26 17:52 [PATCH v5 00/12] libxl: ocaml: improve the bindings Rob Hoes
2013-11-26 17:52 ` [PATCH v5 01/12] libxl: ocaml: add simple test case for xentoollog Rob Hoes
2013-11-26 17:52 ` [PATCH v5 02/12] libxl: ocaml: implement some simple tests Rob Hoes
2013-11-26 17:52 ` [PATCH v5 03/12] libxl: ocaml: event management Rob Hoes
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:53 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-29 8:40 ` Ian Campbell
2013-11-29 9:29 ` Rob Hoes
2013-11-26 17:52 ` [PATCH v5 04/12] libxl: ocaml: allow device operations to be called asynchronously Rob Hoes
2013-11-26 17:52 ` [PATCH v5 05/12] libxl: ocaml: add disk and cdrom helper functions Rob Hoes
2013-11-26 17:52 ` [PATCH v5 06/12] libxl: ocaml: add VM lifecycle operations Rob Hoes
2013-11-26 17:52 ` [PATCH v5 07/12] libxl: ocaml: add console reader functions Rob Hoes
2013-11-26 17:52 ` [PATCH v5 08/12] libxl: ocaml: drop the ocaml heap lock before calling into libxl Rob Hoes
2013-11-26 18:27 ` David Scott
2013-11-26 23:14 ` Rob Hoes
2013-11-26 17:52 ` [PATCH v5 09/12] libxl: ocaml: add some missing CAML macros Rob Hoes
2013-11-26 18:29 ` David Scott
2013-11-27 11:47 ` Ian Campbell
2013-11-27 11:53 ` Ian Campbell
2013-11-26 17:52 ` [PATCH v5 10/12] libxl: ocaml: fix memory corruption when converting string and key/values lists Rob Hoes
2013-11-26 18:01 ` Andrew Cooper [this message]
2013-11-27 12:05 ` Ian Campbell
2013-11-26 17:52 ` [PATCH v5 11/12] libxl: ocaml: remove dead code in xentoollog bindings Rob Hoes
2013-11-26 18:02 ` Andrew Cooper
2013-11-27 12:09 ` Ian Campbell
2013-11-26 17:52 ` [PATCH v5 12/12] libxl: ocaml: git/hgignore generated files Rob Hoes
2013-11-27 12:10 ` Ian Campbell
2013-11-27 11:28 ` [PATCH v5 00/12] libxl: ocaml: improve the bindings Ian Campbell
2013-11-27 11:39 ` Rob Hoes
2013-11-27 14:29 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5294E20F.7050500@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=dave.scott@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@citrix.com \
--cc=rob.hoes@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.