From 2535afa1b1b5c74b4620d607dc46f3ef6e88d548 Mon Sep 17 00:00:00 2001
From: Guillaume Melquiond
Date: Fri, 20 Nov 2020 17:59:18 +0100
Subject: Make sure accumulators do not exceed the minor heap (partly fix
 #11170).

Accumulators can grow arbitrarily large, even when well-typed. So, this
commit makes sure they are allocated on the major heap when they are too
large. If so, fields need to be filled with caml_initialize, in case they
point to the minor heap.
---
 dev/doc/critical-bugs | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'dev')

diff --git a/dev/doc/critical-bugs b/dev/doc/critical-bugs
index 37619833ac..79c2155823 100644
--- a/dev/doc/critical-bugs
+++ b/dev/doc/critical-bugs
@@ -312,6 +312,26 @@ Conversion machines
   risk: none without using -allow-sprop (off by default in 8.10.0),
         otherwise could be exploited by mistake
 
+  component: "virtual machine" (compilation to bytecode ran by a C-interpreter)
+  summary: buffer overflow on large accumulators
+  introduced: 8.1
+  impacted released versions: 8.1-8.12.1
+  impacted coqchk versions: none (no virtual machine in coqchk)
+  fixed in: 8.13.0
+  found by: Dolan, Roux, Melquiond
+  GH issue number: ocaml/ocaml#6385, #11170
+  risk: medium, as it can happen for large irreducible applications
+
+  component: "virtual machine" (compilation to bytecode ran by a C-interpreter)
+  summary: buffer overflow on large records and closures
+  introduced: 8.1
+  impacted released versions: 8.1-now
+  impacted coqchk versions: none (no virtual machine in coqchk)
+  fixed in:
+  found by: Dolan, Roux, Melquiond
+  GH issue number: ocaml/ocaml#6385, #11170
+  risk: unlikely to be activated by chance, might happen for autogenerated code
+
 Side-effects
 
   component: side-effects
-- 
cgit v1.2.3