projects / ocaml.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a8224ab) | patch
Integer overflows when unmarshaling a bigarray
authorStephane Glondu <steph@glondu.net>
Fri, 25 Jan 2019 13:34:23 +0000 (14:34 +0100)
committerStéphane Glondu <glondu@debian.org>
Fri, 25 Jan 2019 13:59:28 +0000 (14:59 +0100)
commit4e2242b28975797a3517d5720a8022775388f4b8
treec3718c2e6ab8edb9c2753dad81cd4b2ad1ac3f8btree | snapshot
parenta8224ab94a62492a0d79f0c096a35c7cf9b3a6a0commit | diff
Integer overflows when unmarshaling a bigarray

Malicious or corrupted marshaled data can result in a bigarray
with impossibly large dimensions that cause overflow when computing
the in-memory size of the bigarray.  Disaster ensues when the data
is read in a too small memory area.  This commit checks for overflows
when computing the in-memory size of the bigarray.

This patch has been modified from upstream one to use caml_ba_multov
instead of caml_umul_overflow which is unavailable in OCaml 4.05.0.

Origin: https://github.com/ocaml/ocaml/pull/1718
Bug: https://caml.inria.fr/mantis/view.php?id=7765
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895472
Bug-CVE: CVE-2018-9838

Gbp-Pq: Name 0012-Integer-overflows-when-unmarshaling-a-bigarray.patch
otherlibs/bigarray/bigarray_stubs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.