Make sure accumulators do not exceed the minor heap (partly fix #11170).

Accumulators can grow arbitrarily large, even when well-typed. So, this
commit makes sure they are allocated on the major heap when they are too
large. If so, fields need to be filled with caml_initialize, in case they
point to the minor heap.

1 files changed, 20 insertions, 0 deletions

diff --git a/dev/doc/critical-bugs b/dev/doc/critical-bugs
index 37619833ac..79c2155823 100644
--- a/dev/doc/critical-bugs
+++ b/dev/doc/critical-bugs
@@ -312,6 +312,26 @@ Conversion machines
   risk: none without using -allow-sprop (off by default in 8.10.0),
         otherwise could be exploited by mistake
 
+  component: "virtual machine" (compilation to bytecode ran by a C-interpreter)
+  summary: buffer overflow on large accumulators
+  introduced: 8.1
+  impacted released versions: 8.1-8.12.1
+  impacted coqchk versions: none (no virtual machine in coqchk)
+  fixed in: 8.13.0
+  found by: Dolan, Roux, Melquiond
+  GH issue number: ocaml/ocaml#6385, #11170
+  risk: medium, as it can happen for large irreducible applications
+
+  component: "virtual machine" (compilation to bytecode ran by a C-interpreter)
+  summary: buffer overflow on large records and closures
+  introduced: 8.1
+  impacted released versions: 8.1-now
+  impacted coqchk versions: none (no virtual machine in coqchk)
+  fixed in:
+  found by: Dolan, Roux, Melquiond
+  GH issue number: ocaml/ocaml#6385, #11170
+  risk: unlikely to be activated by chance, might happen for autogenerated code
+
 Side-effects
 
   component: side-effects