From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Rob Hoes <rob.hoes@citrix.com>
Cc: ian.jackson@citrix.com, dave.scott@eu.citrix.com,
ian.campbell@citrix.com, xen-devel@lists.xen.org
Subject: Re: [PATCH v5 10/12] libxl: ocaml: fix memory corruption when converting string and key/values lists
Date: Tue, 26 Nov 2013 18:01:51 +0000 [thread overview]
Message-ID: <5294E20F.7050500@citrix.com> (raw)
In-Reply-To: <1385488371-28875-11-git-send-email-rob.hoes@citrix.com>
On 26/11/13 17:52, Rob Hoes wrote:
> Found by Coverty. CIDs: 1128562 1128563 1128564 1128565.
>
> Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
It is worth further stating that this is due to incorrect indirections,
just like b0be2b126ea75a83a3778b4e1710d248f92cf528
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
FWIW, the libxl_string_list tyepdef makes it far too easy to do this.
It might be worth trying to turn it into an opaque type to reduce these
kinds of errors.
> ---
> tools/ocaml/libs/xl/xenlight_stubs.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/tools/ocaml/libs/xl/xenlight_stubs.c b/tools/ocaml/libs/xl/xenlight_stubs.c
> index 7012045..a2d47f9 100644
> --- a/tools/ocaml/libs/xl/xenlight_stubs.c
> +++ b/tools/ocaml/libs/xl/xenlight_stubs.c
> @@ -159,8 +159,8 @@ static value Val_key_value_list(libxl_key_value_list *c_val)
>
> list = Val_emptylist;
> for (i = libxl_string_list_length((libxl_string_list *) c_val) - 1; i >= 0; i -= 2) {
> - val = caml_copy_string((char *) c_val[i]);
> - key = caml_copy_string((char *) c_val[i - 1]);
> + val = caml_copy_string((*c_val)[i]);
> + key = caml_copy_string((*c_val)[i - 1]);
> kv = caml_alloc_tuple(2);
> Store_field(kv, 0, key);
> Store_field(kv, 1, val);
> @@ -201,7 +201,7 @@ static value Val_string_list(libxl_string_list *c_val)
>
> list = Val_emptylist;
> for (i = libxl_string_list_length(c_val) - 1; i >= 0; i--) {
> - string = caml_copy_string((char *) c_val[i]);
> + string = caml_copy_string((*c_val)[i]);
> cons = caml_alloc(2, 0);
> Store_field(cons, 0, string); // head
> Store_field(cons, 1, list); // tail
next prev parent reply other threads:[~2013-11-26 18:01 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-26 17:52 [PATCH v5 00/12] libxl: ocaml: improve the bindings Rob Hoes
2013-11-26 17:52 ` [PATCH v5 01/12] libxl: ocaml: add simple test case for xentoollog Rob Hoes
2013-11-26 17:52 ` [PATCH v5 02/12] libxl: ocaml: implement some simple tests Rob Hoes
2013-11-26 17:52 ` [PATCH v5 03/12] libxl: ocaml: event management Rob Hoes
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:53 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-28 16:50 ` Ian Jackson
2013-11-29 8:40 ` Ian Campbell
2013-11-29 9:29 ` Rob Hoes
2013-11-26 17:52 ` [PATCH v5 04/12] libxl: ocaml: allow device operations to be called asynchronously Rob Hoes
2013-11-26 17:52 ` [PATCH v5 05/12] libxl: ocaml: add disk and cdrom helper functions Rob Hoes
2013-11-26 17:52 ` [PATCH v5 06/12] libxl: ocaml: add VM lifecycle operations Rob Hoes
2013-11-26 17:52 ` [PATCH v5 07/12] libxl: ocaml: add console reader functions Rob Hoes
2013-11-26 17:52 ` [PATCH v5 08/12] libxl: ocaml: drop the ocaml heap lock before calling into libxl Rob Hoes
2013-11-26 18:27 ` David Scott
2013-11-26 23:14 ` Rob Hoes
2013-11-26 17:52 ` [PATCH v5 09/12] libxl: ocaml: add some missing CAML macros Rob Hoes
2013-11-26 18:29 ` David Scott
2013-11-27 11:47 ` Ian Campbell
2013-11-27 11:53 ` Ian Campbell
2013-11-26 17:52 ` [PATCH v5 10/12] libxl: ocaml: fix memory corruption when converting string and key/values lists Rob Hoes
2013-11-26 18:01 ` Andrew Cooper [this message]
2013-11-27 12:05 ` Ian Campbell
2013-11-26 17:52 ` [PATCH v5 11/12] libxl: ocaml: remove dead code in xentoollog bindings Rob Hoes
2013-11-26 18:02 ` Andrew Cooper
2013-11-27 12:09 ` Ian Campbell
2013-11-26 17:52 ` [PATCH v5 12/12] libxl: ocaml: git/hgignore generated files Rob Hoes
2013-11-27 12:10 ` Ian Campbell
2013-11-27 11:28 ` [PATCH v5 00/12] libxl: ocaml: improve the bindings Ian Campbell
2013-11-27 11:39 ` Rob Hoes
2013-11-27 14:29 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5294E20F.7050500@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=dave.scott@eu.citrix.com \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@citrix.com \
--cc=rob.hoes@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).