Integer overflows when unmarshaling a bigarray
Malicious or corrupted marshaled data can result in a bigarray
with impossibly large dimensions that cause overflow when computing
the in-memory size of the bigarray. Disaster ensues when the data
is read in a too small memory area. This commit checks for overflows
when computing the in-memory size of the bigarray.
This patch has been modified from upstream one to use caml_ba_multov
instead of caml_umul_overflow which is unavailable in OCaml 4.05.0.
Origin: https://github.com/ocaml/ocaml/pull/1718
Bug: https://caml.inria.fr/mantis/view.php?id=7765
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472
Bug-CVE: CVE-2018-9838
Gbp-Pq: Name 0012-Integer-overflows-when-unmarshaling-a-bigarray.patch
projects / ocaml.git / commit