Prevent seek_in from marking buffer data as valid after closing the…

… channel (ocaml#11965)

* Test calls to input_byte after close_in

Add a test demonstrating issue ocaml#11878

* Reset offset when closing a channel

If offset keeps its value when the channel is closed, it is possible to
`seek_in` backward which will only decrease `channel->curr` and therefore
mark some buffer bytes as valid: further calls to `input_byte` would
succeed on the closed channel

Fixes: ocaml#11878
(cherry picked from commit a606e92)

Changes

@@ -16,6 +16,12 @@ OCaml 4.14 maintenance version
 - #11332, #12702: make sure `Bool_val(v)` has type `bool` in C++
   (Xavier Leroy, report by ygrek, review by Gabriel Scherer)
 
+### Standard library:
+
+- #11878, #11965: Prevent seek_in from marking buffer data as valid after
+  closing the channel. This could lead to inputting uninitialized bytes.
+  (Samuel Hym, review by Xavier Leroy and Olivier Nicole)
+
 ### Build system:
 
 - #11590: Allow installing to a destination path containing spaces.

runtime/io.c

@@ -580,6 +580,9 @@ CAMLprim value caml_ml_close_channel(value vchannel)
      immediate caml_flush_partial or caml_refill, thus raising a Sys_error
      exception */
   channel->curr = channel->max = channel->end;
+  /* Prevent any seek backward that would mark the last bytes of the
+   * channel buffer as valid */
+  channel->offset = 0;
 
   /* If already closed, we are done */
   if (channel->fd == -1) return Val_unit;

testsuite/tests/lib-channels/close_in.ml

@@ -0,0 +1,20 @@
+(* TEST *)
+
+(* Test that inputting bytes from a closed in_channel triggers an exception *)
+
+(* The number of bytes we'll rewind after closing; a value
+   between 1 and IO_BUFFER_SIZE *)
+let nb_bytes = 3
+
+let () =
+  let ic = open_in_bin Sys.argv.(0) in
+  seek_in ic nb_bytes;
+  close_in ic;
+  seek_in ic 0;
+  assert (
+    try
+      ignore (input_byte ic);
+      false
+    with
+    | Sys_error _ -> true
+    | _           -> false)